2

I am continouly getting errors log Deny IP due to Land Attack from IP to IP.

Both source and destination IP address are same.

Can any one please guide me what could be the issue and how I can fix this?

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • 1
    StackOverflow is for programming related questions. You might want to ask this over on ServerFault or SuperUser... –  Feb 02 '10 at 23:19
  • What PIX OS are you using ? Answers are right but this may also be an false alert if your are running PIX one of the first v7 version – radius Feb 03 '10 at 06:49

2 Answers2

5

The Land Attack spoofs the source and destination IP to be the same basically causing the machine to continuously reply to itself causing a DOS. It's a pretty old attack and most OS's are now patched to not be vulnerable to this.

In this case I think your PIX is doing what it's supposed to and dropping the traffic. I don't think you have anything to worry about.

3dinfluence
  • 12,409
  • 2
  • 27
  • 41
0

I'm not entirely sure there is something to "fix" in this case. There are a number of baseline security protections that are enabled in PIXOS, Land Attack protection being one of them.

One possibility you could do is check the MAC table in the PIX for the offending and attempt to track it down for remediation. However, I would not necessarily trust the results to be completely accurate.

Scott Pack
  • 14,717
  • 10
  • 51
  • 83