Deny IP due to Land Attack from publicip to publicip

I have a web app that plays mp3's from one account on the server (website) on another account on the server, when this is attempted, I get
Deny IP due to Land Attack from {publicip} to {publicip}
I know and understand the error, I found it on the support pages, I understand that its becuase the source and destination are the same, but can anyone tell me how to allow this particular thing? Is this just a access rule? how do you set that up?

Any Suggestions?
Here is what I'm trying to do.
I have an mp3 player that looks in a specific directory for files, it then plays those files and the playlist, it autodiscovers what is in the folder.
There are four websites on this server, one of them is the main, and the other three have the players, the person that uploads the mp3's doesn't want to upload them four times, so they upload them to one website, then the other three websites use a php file to read the folder from the other accounts.
Right now the player works, and the playlist shows up, but the mp3's do not play.
The firewall gives me the land attack in the syslog, but I'm not exactly sure how to allow this to happen. I do have openbas_dir open on these accounts in the server, so I'm not sure why it wouldn't work after the firewall was installed.
Just looking for options, if you have any.

Similar Messages

  • Pix how to NOT block the LAND ATTACK

    Hi to All,
    how can I configure a pix Version 8.0(4) to NOT block the LAND ATTACK ?
    pix# sh log | i 17.12.18.24
    Oct 07 2010 15:47:31: %PIX-2-106017: Deny IP due to Land Attack from 17.12.18.24 to 17.12.18.24
    Oct 07 2010 15:47:31: %PIX-6-302014: Teardown TCP connection 1264706965 for outside:17.12.18.24/80 to inside:10.12.40.114/59790 duration 0:00:00 bytes 0 looping-address
    I've already disable the signature 1102
    http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=1102&signatureSubId=0&softwareVersion=6.0&releaseVersion=S473
    pix# sh run | i audit
    ip audit signature 1102 disable
    pix#
    but the drop continue ....
    pix# sh log | i 17.12.18.24
    Oct 07 2010 15:50:22: %PIX-2-106017: Deny IP due to Land Attack from 17.12.18.24 to 17.12.18.24
    Oct 07 2010 15:50:22: %PIX-6-302014: Teardown TCP connection 1264706965 for outside:17.12.18.24/80 to inside:10.12.40.114/59891 duration 0:00:00 bytes 0 looping-address
    Thanks
    Roberto Taccon

    Roberto,
    Can you please attach a show tech and sniffer trace of this traffic? Is it only this one host reporting problem (source or destination).
    Those can be cuased by misconfig ... or bugs ...
    http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsd99542
    Marcin

  • Cisco pix 525 land attack

    Goodmorning,
    I have a message on my pix 525 someone is spoofing on a server from my dmz. How can i prevent spoofing attacks? It goes something like that : Deny IP due to Land Attack from 10.10.8.1 to 10.10.8.1

    The thing is that i have exhaustion of resources. How can i stop that?

  • Allow Land attack

    Hi,
    I have a Cisco ASA 5510 and couple of webservers behind it. For some specific applications, those webservers call the website hosted on the same box.
    The appliance sees that as a Land Attack and gives the following error:
    Deny IP due to Land Attack from a.b.c.d to a.b.c.d
    Is there any way I can disable this? I tried disabling Anti-spoofing in ASDM but no luck.
    Your inputs greatly appreciated.
    Thx in advance.
    -Janakan

    Hi,
    Thanks for the reply. Well, yea I'm receiving Land Attack because the application I run on my webserver calls it's own URL.(There is a work around by changing the URL with localhost or giving private IP). However, it would take sometime to make the code change. So, for timebeing I'd like to disable land attack and would liek to allow the traffic from a packet whose source/destination IP and port numbers are same.
    -Janakan

  • Land Attack Alerts- ASA 5510

    Hello,
    We are getting below logs in our Syslog, pls suggest how could i stop this.
    "%ASA-2-106017: Deny IP due to Land Attack from 161.233.167.65 to 161.233.167.65 "

    Probably due to a configuration issue rather than network attacks, see e.g.
    https://supportforums.cisco.com/docs/DOC-14318
    for some suggestions about what to investigate.
    -- Jim Leinweber, WI State Lab of Hygiene

  • Land attack problem

    Hello,
    I have this problem:
    Deny IP due to Land Attack from 208.109.243.225 to 208.109.243.225
    When I try to execute with nodejs this script:
    var http = require("http");
    var cronJob = require("cron").CronJob;
    var request = require("request");
    var mysql = require("mysql");
    request.get("http://www.asteveloci.com", function(error, response, body) {
     console.log(error);
     console.log(response);
     console.log(body);
    If i do the script with the website "www.facebook.com" for example, all works properly.
    here's some screenshot:
    http://attualitynews.it/2014-06-03_225703.png
    http://attualitynews.it/2014-06-03_225733.png
    Please help..

    Please see http://customer.xfinity.com/help-and-support/internet/power-cycling-your-modem. Also, try plugging a corded phone directly into the modem or gateway. If that works, the problem is in your home phones or wiring. If it doesn't, something's wrong with your Comcast service.
    If you can't get it working contact them at the phone number on your bill or 1-800-Comcast, or chat with them at https://www.comcastsupport.com/chatentry/. If they can't fix the problem remotely insist that they send a tech out to identify the cause and correct it.
    If the tech finds bad coax, splitters, amplifiers, or connections in your home (even if Comcast originally supplied them) you'll probably have to pay for the visit unless you have their Service Protection Plan (http://www.xfinity.com/spp/, about $5/mo). If the trouble is due to a faulty Comcast phone modem or anything outside your home, you shouldn't be charged.
    Comcast does not usually respond to problems with phone service here in the forums.

  • Lightweight APs drop out after Land Attack

    Hi
    We have a WLAN consisting of a WLC 4402 and 11 lightweight APs. For security/compliance reasons we have a Cisco PIX firewall that sits between the WLC (outside) and the APs (inside). The APs are allowed to form LWAPP tunnels through the firewall (inside access-list) to the WLC and the WLAN works as expected.
    The firewall then limits traffic from the WLAN (outside access list) to certain the internal systems.
    I have noticed that every so often the firewall logs show continuous "Land attack from 0.0.0.0 0.0.0.0" messages then all APs are disconnected (all lights flash).
    Just wondering if anybody else has seen this or has had a similar setup
    TIA
    Gary

    Hi Sandeep
    Forgeot to mention that the firewall is in transparent mode so there isn't any NATing or routing going on. The article doesn't cover the fact that the IP source and destination IP addresses are 0.0.0.0
    Regards
    Gary

  • "connection denied due to dictionary attack" when I try to send out mail

    Hi--
    I got this message "connection denied due to dictionary attack" when I tried to send out mail today. It was the first time I ever saw anything like this. I thought it was a problem with the mail server from my website, but no one else had the problem. After about 12 hours, it suddenly stopped...
    Was I being hacked? Was someone trying to send out email/spam through A)my home machine or B) my website? And if so, how can I protect myself from it?

    Well you second post was the correct question because I was going to say you got a second hand macbook pro, didn't change anything, and expected mail to work with your ISP.  The mail settings were thus those of the previous owner.  So you are correct to ask what your ISP's settings should be.
    Unfortunately I can't answer that.  You have to get that from your ISP.  They proably have a web page for it.
    You need to know:
    Incoming mail server (pop)
    Incoming mail server login name
    Incoming mail server password
    POP port
    Does is require SSL?
    Authentication for using POP server (probably password)
    Outgoing mail server (SMTP)
    Outgoing mail server login name (probably same as incoming)
    Outgoing mail server password (probably same sas incoming)
    SMTP port
    Does is require SSL?

  • Boot Error: Intel (r) AT Supported system lock due to: platform attack detected: user password

    I have HP ENVY Model 4-1110ET.showing Intel (r) AT Supported system lock due to: platform attack detected. Time left...... Please select one of the following for platform recoery: 1 - User Password 2 - Server Token Password. I forgot my password please help me I am unable to boot my Laptop.

    Hi there 
    Welcome to the HP Support Forums! It is a great place to find the help you need, both from other users, HP experts and other support personnel. I understand that your system is locked due to the anti-theft protection. Please see the following to get the help you need. Telephone Support for the Intel® Anti-Theft Service Provided by McAfee

  • Error - The request could not be performed due to an error from the I/O device

    Hello, 
    I have a Hyper-V server with a few virtual machines. 
    The host runs Windows Server 2012 R2 with Hyper-V. 
    VMs are Windows Server 2012R2 Generation 2 and Windows Server 2003 Generation 1. 
    All VMs running on VHDX on local host disks, no raid, no storage. Most VMs run on dedicated disks. 
    I am having the following error when I demand large amount of I/O on VMs:. "The request could not be performed due to an error from the I/O device" 
    This error happens when I run robocopy which requires large amount of writing, or on a SQL 2014 VM which also requires many reads and writes. 
    Whenever this error occurs, the replicas of the VMs require resynchronization and the MSSQL service stops. 
    Analyzing the events of the Host, I find the following warning multiple times: "The IO operation at logical block address 0x31fd01 for Disc 4 (PDO name: \ Device \ 0000005d) was retried." Disc 4 is where SQL runs. 
    Is there any special configuration that must be done to avoid these errors? 
    Thank you! 
    Rafael

    Hi Eng.Rafael Grecco,
    >>Analyzing the events of the Host, I find the following warning multiple times: "The IO operation at logical block address 0x31fd01 for Disc 4 (PDO name: \ Device \ 0000005d) was retried." Disc 4 is where SQL runs. 
    >>Chkdsk /r didn't return any error.
    It seems that it is not a hyper-v issue .
    I would suggest you to keep the driver up-to-date for your hyper-v host .
    In addition , here is a similar thread :
    http://answers.microsoft.com/en-us/windows/forum/windows_8-hardware/the-io-operation-at-logical-block-address-for-disk/23c32152-c2a6-4c6d-b229-95dc1470231a
    Best Regards
    Elton Ji
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • LAND Attack

    Hi Folks,
    I try to launch a LAND Attack against my firewall ASA 5520. Everything will work fine. But why, I think it shoud not work.
    I use a little tool where I can user a spoofed address, with a cluster shell and attack the firewall interface with the source of 127.0.0.1 ore the ip address of the interface as the source and destination. Then I get a cpu load of 89% with only two host. With IP tables I can use kernel processes to prevent this. But I don´t find anything for ASA

    Hi Bro
    LAND ATTACK is old news. I’m not surprise if your Cisco ASA is able to handle LAND ATTACKS well, which is a good news. The Cisco ASA receives a packet with the IP source address 127.0.0.1.
    There’s a another case on this, for your kind reference https://supportforums.cisco.com/thread/226294

  • How do you add a due date 2 days from today in a workflow

    So I'm creating a workflow that creates a task in a task list after I've added a new item to my clients list. So for example by adding a new client to the client list, a task will be set to 'Complete all contact details'. All I want to do is set a predetermined
    due date, so instead of picking the current date or a specific date I want the workflow to work out the due date 2 days from today. How can I do this? Please note that I want to be able to change the predetermined due date in the same work flow, so for another
    task I'd like it to be 4 days or a week from today.
    Thanks in advance! :)

    Hi Sarah,
    Thanks for posting your issue, 
    Go to your Tasks List and go into the List Settings. Click on the Due Dat column and tick the Calculated radio button. In the formula, put [Today]+2 and click OK. Go back to the list and select New and you'll see the Due Date is 2 days in the future.
    If you need to do this within the workflow, you'd use an Add Time to Date action, setting it up to add 2 days to the Current Item created by field. Then, you'd use an Update item action to update the Due Date field to the date variable the Add Time to Date
    action output.
    Also, browse below mentioned URL for more details.
    http://dlairman.wordpress.com/2010/10/14/limiting-sharepoint-workflow-due-dates-to-business-days/
    http://www.documentmanagementworkflowinfo.com/sample-sharepoint-workflows/4-ways-set-date-value-sharepoint-designer-workflow.htm
    I hope this is helpful to you, mark it as Helpful.
    If this works, Please mark it as Answered.
    Regards,
    Dharmendra Singh (MCPD-EA | MCTS)
    Blog : http://sharepoint-community.net/profile/DharmendraSingh

  • In Muse how do I keep a landing page from indexing so it's unsearchable by Google?

    In Muse how do I keep a landing page from indexing so it's unsearchable by Google?

    Hi,
    Go to page properties-> under head section, add this,
    <META NAME="ROBOTS" CONTENT="NOINDEX">
    See the detailed guideline by Google here,
    Block search indexing with meta tags - Webmaster Tools Help
    Do let me know if you have any question.

  • Due to virus attack i had to format my windows laptop...now when i installed new itunes software i had to sync my ipod touch again but it says that if do the same then the data on my ipod touch will be erased....how should i protect my ipod touch data?

    due to the virus attack i had to format my windows laptop...now when i installed new itunes software i had to sync my ipod touch again but it says that if i do it then the data present on my ipod touch will be erased as it is syncd to some older library... how should i protect my ipod touch data?

    With all you media (apps, music) in the iTunes library connect the iPod to the computer and make a backup. Do that by right clicking on the iPod under Devices in iTunes and select Back Up. Then restore the iPod from that backup.
    Note the the iPod backup that iTunes makes does not included synced media like apps and music.

  • Duplicate SYN attacks from Outside to Outside

    Hi Everyone,
    We have an FTP server that sits in our DMZ.  This Server has a DMZ interface and an external interface.  When trying to access the server from the internet on its external address i am getting alot of Duplicate SYN attacks.  They seem to be coming all from the same source and port to the same destination and port.
    As part of the testing i first took out any references to the FTP server in my Access rules on the ASA.  I then tried to FTP to the server from an outside internet connection and as expected get the following in the log:
    4
    Mar 01 2013
    10:23:18
    194.80.130.xx
    46867
    78.24.112.XX
    21
    Deny tcp src outside:194.80.130.XX/46867 dst outside:78.24.112.XX/21 by access-group "outside_access_in" [0x0, 0x0]
    I then highlighted this entry and created an access rule for it (but changed the source port to any rather than a specific one).  When i then try and FTP to the server i get lots of SYN attacks which says the following:
    4
    Mar 01 2013
    10:27:29
    194.80.130.XX
    46973
    78.24.112.XX
    21
    Duplicate TCP SYN from outside:194.80.130.XX/46973 to outside:78.24.112.XX/21 with different initial sequence number
    I am not sure why I am getting duplicate SYN attacks.  I have similar servers in the DMZ that do the same thing and they seem to be working fine.  I am pretty sure this is not actually a DOS attack.  I also have spoken to the team who manage the server and they have confirmed that the external IP is setup correctly on the server (its not that the external IP does not exist and just loops).
    There is also NAT'ing setup on the ASA that NATs the dmz IP to the external IP and vice versa.
    I have also noticed that whenever i create a new rule on the outside interface on my ASA it automatically adds the same descripton from another rule on the outside interface.  What does this mean?  Why could it be copying a description from anothe rule?
    Your advice would be much appreciated.

    Output from packet-tracer to outside address 78.24.112.xx 
    It seems as though the NAT to the DMZ address is just not working.  I have set a NAT rule up "before network object NAT" rule and also set a simple object NAT, but still getting the error.
    Phase: 1
    Type: ACCESS-LIST
    Subtype: log
    Result: ALLOW
    Config:
    access-group outside_access_in in interface outside
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any object csdpr1ft-ext
    object-group service DM_INLINE_SERVICE_7
    service-object tcp destination eq ssh
    service-object ip
    service-object tcp destination eq ftp
    Additional Information:
    Phase: 2
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 3
    Type: INSPECT
    Subtype: inspect-ftp
    Result: ALLOW
    Config:
    class-map inspection_default
    match default-inspection-traffic
    policy-map global_policy
    class inspection_default
      inspect ftp
    service-policy global_policy global
    Additional Information:
    Phase: 4
    Type: FOVER
    Subtype: standby-update
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 5
    Type: VPN
    Subtype: ipsec-tunnel-flow
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 6
    Type: IP-OPTIONS
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    Phase: 7
    Type: FLOW-CREATION
    Subtype:
    Result: ALLOW
    Config:
    Additional Information:
    New flow created with id 26135657, packet dispatched to next module
    Result:
    input-interface: outside
    input-status: up
    input-line-status: up
    Action: allow

Maybe you are looking for

  • Will the settings imbedded in Adobe Acrobat Pro 9.0 come with installing Adobe Acrobat Pro 11.0

    Will the settings imbedded in Adobe Acrobat Pro 9.0 come with installing Adobe Acrobat Pro 11.0

  • CCM 2.0 Move column on list results

    Hi When in shop launch the catalogue (same window). Search and get a list of results The end column is ACTION with the shopping cart .gif for add to cart. Does anyone know how to move the column from the right hand side of the screen to the left. for

  • How to create clickable (drill down) Graphs

    Hi Experts, I have a requirement in which i want to create clickable(drill down) graph/pie chart. I saw SAP standard program "GRAPHICS_IGS_CE_TEST". It works fine for graph display but it doesn't provide any drill down option, Although it has some ev

  • HU Number determination

    Hi, In my program every time I need to create idoc and I need to create handling unit number. I am calling standard idoc so inside of idoc only the function module ‘HU_PACKING_CREATE’ is there to create the handling unit number. For this I need to gi

  • How to add another Ethernet support in WINCE 7??

    Hello Friends, We are using AM335x BSP with WINCE 7 and on our board, we have two 10/100 Ethernet port as Ethernet Port0 & Ethernet Port1. By default Port0 is working fine. But Port1 is not working. I have done all pin muxing related to Port1. Do, I