cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1804
Views
0
Helpful
8
Replies

uTorrent - Cisco ASA5505 - Land Attack - but I want use uTorrent

astral-71
Level 1
Level 1

Please tell me how can I remove this messages:

2 Jun 25 2010 17:19:39 106017 interface-ABC  interface-ABC  Deny IP due to Land Attack from interface-ABC to interface-ABC

I want use uTorrent without hunderds security messages.

8 Replies 8

edadios
Cisco Employee
Cisco Employee

If you are certain utorrent is causing this, and you want to use it but don't like to see the log messages anymore, then the option for you is to disable the syslog messages for this, or change it's logging level, and set logging to lower level.

To disable

"no  logging message 106017"


Please note that doing this will also mean, you will not see this messages either if there is a real land attack in progress.

Another option will be to set this message to a higher level alert, than 2.
And if your loggin level is only set for lower number than what you set 106017 for, then you will not see it also, unless you set the logging level higher.

To change level

"logging message 106017 7" << will set this 106017 messages to only be sent if you enable the logging to level debug (7).

"logging monitor 3 " << this will only show logs set for 0,1,2,3. so if we set the 106017 as 7, you will not see it, until you set for level debug "logging monitor 7"

Please note that doing this will also mean that this  messages will only be seen, if you set the loggin level to the number you set 106017 for, even for a "real" land attack in progress.

Regards,

thank you for your advice. I have disabled this logging. But another message has appeared in connection to uTorrent:

4 Jun 26 2010 07:04:19 733100     [ Scanning] drop rate-1 exceeded. Current burst rate is 14 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7316

Please,can you explain it and how to disable.

Or write me if there is possibility to bypass these security problems only for one computer in our nettwork witch has access to uTorrent.

Robert,

New messages are related to threat-detection feature.

"show run threat"

Will show you what's configured. This feature can be completly disabled or again you can prevent those messages to pop up.

Marcin

If I understand well uTorrent is generating a lot of Land Attack(I dont know why) but it is true. Example:

2 Jun 25 2010 17:19:39 106017 interface-ABC  interface-ABC  Deny IP due to Land Attack from interface-ABC to interface-ABC

If I disable this by command

no  logging message 106017

then such messages are not displayed. Also uTorrent performance is increased. But cisco ASA will generate folowing cumulative message:

4 Jun 26 2010 07:04:19 733100     [ Scanning] drop rate-1 exceeded. Current burst rate is 14 per second, max configured rate is 10; Current average rate is 12 per second, max configured rate is 5; Cumulative total count is 7316

My question is how to disable allso this cumulative detection for one computer where is uTorrent application.

Robert,

By disabling messages you're not altering the behavior of ASA in regards to actually dropping those packets. Those packets are still being dropped even though ASA does not mention LAND attack.

As described above the new message is caused by threat-detection - you can disable the messages from popping up  or disable/alter threat-detection settings.

Marcin

ok, I am not advanced CISCO user.

Then plaese help me what can I do if I want to use uTorrent like milions other users.

If it is necessary to disable Land Attack detection then please, write me how to do it.

then please, how can I disable Land Attack detection ?

Robert,

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4768976

Have a look at the description - packets like this SHOULD be dropped and not forwarded out.

Regarding threat-detection:

http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_threat.html

Either tweak it or disable scannig threat.

Marcin

Review Cisco Networking for a $25 gift card