Solved

cisco asa 5505 deny it's own ip due to land attack

Posted on 2010-11-29
12
3,333 Views
Last Modified: 2012-08-14
I couldn't connect Mysql server today. And after checking my firewall: Cisco ASA 5505, I found the following log:

"Deny IP due to Land Attack from 72.166.258.188 to 72.166.258.188"

And the ip is the outside ip of the Firewall.

Anyone can help with that?

Thanks.
0
Comment
Question by:rxzang
  • 8
  • 4
12 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 34240264
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml

---------------------------------------------------------------------------------------------------------------------------------------------------------------
%PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to
    IP_address

Explanation

The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.

Recommended Action: If this message persists, an attack might be in progress. The packet does not provide enough information to determine where the attack originates.
0
 

Author Comment

by:rxzang
ID: 34242622
But the problem is, I cannot connect mysql with the Firewall's outside IP.

I got the following in logs:

No translation group found for tcp src inside:10.0.0.1/51700 dst outside:72.166.258.188/3306
Deny IP due to Land Attack from 72.166.258.188 to 72.166.258.188
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 500 total points
ID: 34243176
Are you trying to connect to the sql server from behind the ASA on the 10 network using its public IP?
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:rxzang
ID: 34243398
Exactly. Actually, I have another server with the same configuration. It can connect mysql through its public IP. But this one cannot.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 34243478
Are you accessing it via its IP or its fully qualified domain name?
0
 

Author Comment

by:rxzang
ID: 34243605
IP.
0
 

Author Comment

by:rxzang
ID: 34243639
I can connect mysql with sqlyog. But I cannot connect with php connect function in a web page in this IP.
0
 

Author Comment

by:rxzang
ID: 34243653
And also, I can connect mysql with php connect function in a web page in other IP.
0
 

Author Comment

by:rxzang
ID: 34243753
I have another server with the same configuration, it works. And I found there is some difference:

On this server: Firewall IP: 173.201.176.21 Public IP: 72.166.258.188

On the other server: FIrewall IP: 184.164.158.230 Public IP: 184.164.158.228

The working server has IPs in the same range.

0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 34248513
On which interfaces on what devices do the firewall and public IPs reside?
0
 

Accepted Solution

by:
rxzang earned 0 total points
ID: 34253828
I got it solved. I should use localhost instead of firewall's public IP to connect mysql. But I don't know why the other server works.
0
 

Author Closing Comment

by:rxzang
ID: 34281208
solved
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question