Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Cisco ASA5510 - LAND ATTACK

Posted on 2013-05-14
6
Medium Priority
?
1,445 Views
Last Modified: 2013-05-20
I want to know if there is anything else I should be doing to mitigate against a Denial of Service Attack that I am currently experiencing.  I have a customer whose network was very slow.  I got into the ASA5510 and saw it was being hammered.  Over 50,000 connections to some of my static NAT's.  I was losing 2 out of every 4 pings to the ASA because it was so overloaded.  I set a per connection client limit on the addresses being targeting on my network, which seems to have  mitigated the problem, but now I'm constantly seeing messages that that per-client connection has been exceeded, as well as a message stating "Deny IP due to Land Attack from x.x.x.136 to x.x.x.136."  Source and destination are the same.  I called my ISP, but I got an email stating that it may take them awhile to investigate due to the amount of abuse emails they receive.  Is there anything else I can do to stop the attack?
0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 11

Accepted Solution

by:
rharland2009 earned 668 total points
ID: 39166376
https://supportforums.cisco.com/docs/DOC-14318

This is a decent rundown of why you may be seeing these.
Is the IP address mentioned in the Land Attack one of yours, or one you're not familiar with?
0
 
LVL 4

Author Comment

by:denver218
ID: 39166395
It's one of my Addresses in my public IP block
0
 
LVL 11

Assisted Solution

by:naderz
naderz earned 668 total points
ID: 39167047
Do you have IPS enabled? If so, try disabling that and test. You may be experiencing false positives.
0
Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

 
LVL 28

Assisted Solution

by:asavener
asavener earned 664 total points
ID: 39169741
If you access any of your internal/published resources via their public IP addresses, then the LAND attack notifications are likely due to that.
0
 
LVL 4

Author Comment

by:denver218
ID: 39182291
Thanks for all your comments.  It was DoS attack, the ASA was doing its job blocking all the traffic, but I had to report it to the ISP so they could put an ACL on their side to stop the traffic.  It was coming in at such high rates, that I had to get the ISP involved.  The ISP saw it right away and was able to take care of it.  Thanks.
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 39182295
Thanks.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Powerful tools can do wonders, but only in the right hands.  Nowhere is this more obvious than with the cloud.
In this article, WatchGuard's Director of Security Strategy and Research Teri Radichel, takes a look at insider threats, the risk they can pose to your organization, and the best ways to defend against them.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question