Serv-U FTP server causing "Deny IP due to Land Attack" on ASA
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2010 10:09 AM - edited 03-11-2019 10:42 AM
We have a Serv-U FTP server in our DMZ. When it is running, we are flooded with the messages
Deny IP due to Land Attack from 192.168.1.2 to 192.168.1.2.
Does anyone know what setup in the FTP server can be causing this?
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-07-2010 10:22 AM
This message says that the FW has seen packets sourced and destined to the same ip address (191.168.1.2).
Is the server the 192.168.1.2? You need to check if there are these kinds of packets in your network. You can do a packet capture on the ASA to prove it.
If you see these packets then there is something wrong, maybe some natting device, or some setting on the server.
You can also capture packets on the server itself using Wireshark to see if he is responsible for these packets.
I hope it helps to track this down.
PK
