11-05-2007 02:27 AM - edited 02-21-2020 01:46 AM
Hi Netpros,
we have an ASA running OS version 7.2.3.
All of a sudden it starts dropping packets with spoofing messages which should be allowed (and worked yesterday).
106016 Deny IP spoof from (212.X.Y.Z) to 80.A.B.C on interface outside
No changes were made beforehand and after the box was rebooted all was working again.
Anybody here seen this problem?
Thanks and best regards,
Jürgen
11-12-2007 07:16 AM
This can potentially be used to do a spoofing attack against the ASA5505. This behavior has been observed in version 7.2.2 and 7.2.3 of the ASA firmware. You would have to gather packet captures on the inside and outside interfaces as well as of the asp drop.
11-12-2007 07:33 AM
I don't really understand - is this a bug or a feature ?-)
no, serious - does this mean that the asa drops packets because it thinks it is under attack?
Or do you mean its a bug which can be used as DOS against the asa?
If its a feature - is it possible to turn it off?
If its a bug - is there a bug ID?
so the best would be to use 7.0.7 again? I know its the only GD...
regards,
juergen
btw. what would I see if I do some troubleshooting like look at the asp drop table and capture some packets?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide