10-07-2010 07:01 AM - edited 03-10-2019 05:08 AM
Hi to All,
how can I configure a pix Version 8.0(4) to NOT block the LAND ATTACK ?
pix# sh log | i 17.12.18.24
Oct 07 2010 15:47:31: %PIX-2-106017: Deny IP due to Land Attack from 17.12.18.24 to 17.12.18.24
Oct 07 2010 15:47:31: %PIX-6-302014: Teardown TCP connection 1264706965 for outside:17.12.18.24/80 to inside:10.12.40.114/59790 duration 0:00:00 bytes 0 looping-address
I've already disable the signature 1102
pix# sh run | i audit
ip audit signature 1102 disable
pix#
but the drop continue ....
pix# sh log | i 17.12.18.24
Oct 07 2010 15:50:22: %PIX-2-106017: Deny IP due to Land Attack from 17.12.18.24 to 17.12.18.24
Oct 07 2010 15:50:22: %PIX-6-302014: Teardown TCP connection 1264706965 for outside:17.12.18.24/80 to inside:10.12.40.114/59891 duration 0:00:00 bytes 0 looping-address
Thanks
Roberto Taccon
10-07-2010 10:41 AM
Roberto,
Can you please attach a show tech and sniffer trace of this traffic? Is it only this one host reporting problem (source or destination).
Those can be cuased by misconfig ... or bugs ...
Marcin
10-07-2010 12:44 PM
Roberto,
The Land attack drops unfortunately cannot be blocked. The are in the basic L3 checks the firewall does and you can stop them.
But I don't see a reason why you would want to allow these packets.
PK
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide