cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

812
Views
5
Helpful
1
Replies
mburguk1000
Beginner

Deny IP due to Land Attack from IP address to IP address

We have been getting these errors from our firewall which is a ASA 5515 running version 9.1.2 software and the appliance which address is refeerenced is a Ironport. When the call was rasied with Cisco Tac they have sent a article that is relevant to a ASA 

Please see below 

https://supportforums.cisco.com/document/54791/asapixfwsm-deny-ip-due-land-attack-messages

<162>%ASA--106017: Deny IP due to Land Attack from IP address  to IP address 

Any one else experienced these issues 

1 REPLY 1
Rishabh Seth
Rising star

ASA would classify traffic as LAND attack traffic if it sees source IP and destination IP same in the IP header. 

Do you see the error for legitimate traffic or is it actual LAND attack traffic?

Also check if you have some misconfigured nat statement that might translate the traffic and result in same source IP and destination IP.

Thanks,

RS 

Content for Community-Ad