%ASA-2-106017 Deny IP due to Land Attack errors

Posted on by

I recently had excessive Land Attack errors in the logs of an ASA. The land attack was from the public (PAT) IP address of the ASA back to itself.

%PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to IP_address

After a bit of troubleshooting using Splunk I found UDP deny errors between two hosts at the exact same second(s) when the Land Attack errors appeared. The UDP session in question was from an internal guest WiFi IP to an Apple server. It appears that this issue is quite common and talked about much online which lead me to this article regarding AppleTalk, i Messaging etc..

https://discussions.apple.com/thread/3995672

After reading the article, the solution to stop these errors was to add an access list to stop UDP traffic from the private guest IP range to the PAT public IP of the ASA.

access-list guest_out line 1 deny “guestnetwork and subnet” hosts “PAT public IP”.

A check of the logs shows no more land errors since the access list was applied – problem solved!

 

Leave a Reply

Your email address will not be published. Required fields are marked *