cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12813
Views
21
Helpful
10
Replies

ASA Land Attack and NAT config

brasbehlph1
Level 1
Level 1

I have been getting some Land Attack errors in my ASA logs recently so I captured some traffic to analyze.

ASA-2-106017: Deny IP due to Land Attack from 1.1.1.1 to 1.1.1.1

During a Land Attack, the capture shows an inside address trying to send traffic to the nat address and this may be some program trying to use nat traversal.

192.168.0.100:52000 > 1.1.1.1:28000: udp 28

I was also able to reproduce a Land Attack by pinging 1.1.1.1 from the inside address of 192.168.0.100.

Can I just configure an ACL that prevents 192.168.0.0/24 from connected to the nat address of 1.1.1.1?

Or is my nat configuration wrong?

Current nat configuration.

version 8.2.4

nat-control

global (outside) 1 1.1.1.1 netmask 255.255.255.0

nat (inside) 1 192.168.0.0 255.255.255.0