Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
318
Views
0
Helpful
2
Replies

Deny IP due to Land Attack

00u18jg7x27DHjRMh5d7
Level 1
Level 1

‎01-23-2024 10:05 AM

I randomly keep getting the following on my Firepower console "Deny IP due to Land Attack from <outside port IP> to <outside port IP>

I have read a few threads about this and using the information I have not found the source or cause. This just started about a week ago and the system has been running for 6 months so I have been able to rule out Hair Pin from VPN causing it. 

I have not seen any traffic matching using Cap asp type asp-drop all, or other captures. 

Hoping someone has seen this and knows a resolution, I'm sure the traffic is benign but would like to get it out of the logs. 

0 Helpful
2 Replies 2

MHM Cisco World
VIP
VIP

‎01-23-2024 10:08 AM

Hairpin of vpn anyconnect 

You use nat (out to out) ?

MHM

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎01-23-2024 05:22 PM

What FTD code running on it ?

How is your FTD in place - Most of the time you see if anything point to default route or route loops to FTD ? or may be spoofed packets ?

Can you post complete log ?

is the IP part of your FTD outside IP ?

is this impacting your environment ?

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card