Deny IP due to Land Attack

Here is the discussion about the Land attack and its related troubleshooting info.

What is Land attack?
A land attack is a remote denial-of-service (DOS) attack caused by sending a packet to a machine with the source host/port the same as the destination host/port.

How do you troubleshoot ?

Error Message %PIX|ASA-2-106017: Deny IP due to Land Attack from IP_address to

Explanation The security appliance received a packet with the IP source address equal
to the IP destination, and the destination port equal to the source port. This message
indicates a spoofed packet that is designed to attack systems. This attack is referred to
as a Land Attack.

Recommended Action If this message persists, an attack may be in progress. The packet
does not provide enough information to determine where the attack originates.

Step 1: You need to find out the packet flow
Step 2: In order to fetch the packet flow, please capture the pcap in all the interfaces (it will give lot of information including mac address)
Step 3: If you have a firewall deployed between the source and destinations, they its already blocked. However it will display in the logs as blocked often
Step 4: If you see the Public IP, it may get statically natted somewhere. so please try removing the static entry and observe the logs (this is workaround)
Step 5: You can execute the shun command in the firewall (if cisco) to tell the device to discard the packet from processing.


We are done..!!

Let’s meet in another topic


Comments are closed.

Blog at

Up ↑

%d bloggers like this: