?
Solved

cisco asa 5505 deny it's own ip due to land attack

Posted on 2010-11-29
12
Medium Priority
?
3,368 Views
Last Modified: 2012-08-14
I couldn't connect Mysql server today. And after checking my firewall: Cisco ASA 5505, I found the following log:

"Deny IP due to Land Attack from 72.166.258.188 to 72.166.258.188"

And the ip is the outside ip of the Firewall.

Anyone can help with that?

Thanks.
0
Comment
Question by:rxzang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
12 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 34240264
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml

---------------------------------------------------------------------------------------------------------------------------------------------------------------
%PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to
    IP_address

Explanation

The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.

Recommended Action: If this message persists, an attack might be in progress. The packet does not provide enough information to determine where the attack originates.
0
 

Author Comment

by:rxzang
ID: 34242622
But the problem is, I cannot connect mysql with the Firewall's outside IP.

I got the following in logs:

No translation group found for tcp src inside:10.0.0.1/51700 dst outside:72.166.258.188/3306
Deny IP due to Land Attack from 72.166.258.188 to 72.166.258.188
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 2000 total points
ID: 34243176
Are you trying to connect to the sql server from behind the ASA on the 10 network using its public IP?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:rxzang
ID: 34243398
Exactly. Actually, I have another server with the same configuration. It can connect mysql through its public IP. But this one cannot.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 34243478
Are you accessing it via its IP or its fully qualified domain name?
0
 

Author Comment

by:rxzang
ID: 34243605
IP.
0
 

Author Comment

by:rxzang
ID: 34243639
I can connect mysql with sqlyog. But I cannot connect with php connect function in a web page in this IP.
0
 

Author Comment

by:rxzang
ID: 34243653
And also, I can connect mysql with php connect function in a web page in other IP.
0
 

Author Comment

by:rxzang
ID: 34243753
I have another server with the same configuration, it works. And I found there is some difference:

On this server: Firewall IP: 173.201.176.21 Public IP: 72.166.258.188

On the other server: FIrewall IP: 184.164.158.230 Public IP: 184.164.158.228

The working server has IPs in the same range.

0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 34248513
On which interfaces on what devices do the firewall and public IPs reside?
0
 

Accepted Solution

by:
rxzang earned 0 total points
ID: 34253828
I got it solved. I should use localhost instead of firewall's public IP to connect mysql. But I don't know why the other server works.
0
 

Author Closing Comment

by:rxzang
ID: 34281208
solved
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question