Cisco ASA5510 - LAND ATTACK
Posted on 2013-05-14
I want to know if there is anything else I should be doing to mitigate against a Denial of Service Attack that I am currently experiencing. I have a customer whose network was very slow. I got into the ASA5510 and saw it was being hammered. Over 50,000 connections to some of my static NAT's. I was losing 2 out of every 4 pings to the ASA because it was so overloaded. I set a per connection client limit on the addresses being targeting on my network, which seems to have mitigated the problem, but now I'm constantly seeing messages that that per-client connection has been exceeded, as well as a message stating "Deny IP due to Land Attack from x.x.x.136 to x.x.x.136." Source and destination are the same. I called my ISP, but I got an email stating that it may take them awhile to investigate due to the amount of abuse emails they receive. Is there anything else I can do to stop the attack?