I don't recall ever hearing of a Land Attack before, but one of the chief characteristics is that it spoofs the source as the same as the destination. Unless your ASA really is hammering itself with packets, that's why the source and destination are the same.
http://en.wikipedia.org/wiki/LAND_attack Are you having performance, DOS issues because of this? From: David W. McSpadden [mailto:[email protected]] Sent: Friday, October 02, 2009 2:36 PM To: NT System Admin Issues Subject: Re: Land Attack Yes. ASA says Deny ip due to Land Attack from xx1.xx1.xx1.xx1 to xx1.xx1.xx1.xx1 From: Richard Stovall <mailto:[email protected]> Sent: Friday, October 02, 2009 2:31 PM To: NT System Admin Issues <mailto:[email protected]> Subject: RE: Land Attack Being detected by your perimeter firewall? From: David W. McSpadden [mailto:[email protected]] Sent: Friday, October 02, 2009 2:27 PM To: NT System Admin Issues Subject: Land Attack I have been getting a Land Attack from myself??? This started as soon as I set up my SPF record for email??? Any ideas??? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
