• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3412
  • Last Modified:

cisco asa 5505 deny it's own ip due to land attack

I couldn't connect Mysql server today. And after checking my firewall: Cisco ASA 5505, I found the following log:

"Deny IP due to Land Attack from 72.166.258.188 to 72.166.258.188"

And the ip is the outside ip of the Firewall.

Anyone can help with that?

Thanks.
0
rxzang
Asked:
rxzang
  • 8
  • 4
2 Solutions
 
Jan SpringerCommented:
http://www.cisco.com/en/US/products/ps6120/products_tech_note09186a00809763ea.shtml

---------------------------------------------------------------------------------------------------------------------------------------------------------------
%PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to
    IP_address

Explanation

The security appliance received a packet with the IP source address equal to the IP destination, and the destination port equal to the source port. This message indicates a spoofed packet that is designed to attack systems. This attack is referred to as a Land Attack.

Recommended Action: If this message persists, an attack might be in progress. The packet does not provide enough information to determine where the attack originates.
0
 
rxzangAuthor Commented:
But the problem is, I cannot connect mysql with the Firewall's outside IP.

I got the following in logs:

No translation group found for tcp src inside:10.0.0.1/51700 dst outside:72.166.258.188/3306
Deny IP due to Land Attack from 72.166.258.188 to 72.166.258.188
0
 
Jan SpringerCommented:
Are you trying to connect to the sql server from behind the ASA on the 10 network using its public IP?
0
Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

 
rxzangAuthor Commented:
Exactly. Actually, I have another server with the same configuration. It can connect mysql through its public IP. But this one cannot.
0
 
Jan SpringerCommented:
Are you accessing it via its IP or its fully qualified domain name?
0
 
rxzangAuthor Commented:
IP.
0
 
rxzangAuthor Commented:
I can connect mysql with sqlyog. But I cannot connect with php connect function in a web page in this IP.
0
 
rxzangAuthor Commented:
And also, I can connect mysql with php connect function in a web page in other IP.
0
 
rxzangAuthor Commented:
I have another server with the same configuration, it works. And I found there is some difference:

On this server: Firewall IP: 173.201.176.21 Public IP: 72.166.258.188

On the other server: FIrewall IP: 184.164.158.230 Public IP: 184.164.158.228

The working server has IPs in the same range.

0
 
Jan SpringerCommented:
On which interfaces on what devices do the firewall and public IPs reside?
0
 
rxzangAuthor Commented:
I got it solved. I should use localhost instead of firewall's public IP to connect mysql. But I don't know why the other server works.
0
 
rxzangAuthor Commented:
solved
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

  • 8
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now