Deny IP due to Land Attack
Posted on 2009-05-14
I've been seeing this in my syslog from my Cisco ASA 5520.
%ASA-2-106017: Deny IP due to Land Attack from 216.x.x.10 to 216.x.x.10.
This is our outside global IP address. Why is my ASA reporting and blocking this. We just installed a new Cisco ACE load balancer, and it seems that these have been increasing in the last week since we installed it.
Is there anything I can do to allow all this traffic through? Because I was looking at one of the service policy's on my ACE for load balancing HTTP traffic and i see alot of dropped connections, and I'm not sure if the ASA is causing the drops.
L7 loadbalance policy: HTTP_Class
VIP ICMP Reply : ENABLED
VIP State: INSERVICE
Persistence Rebalance: ENABLED
curr conns : 496 , hit count : 422286
dropped conns : 1235
client pkt count : 6513058 , client byte count: 1164321881
server pkt count : 9363507 , server byte count: 10079163107
conn-rate-limit : 0 , drop-count : 0
bandwidth-rate-limit : 0 , drop-count : 0