Information AboutLand |
|
How it works The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP Address and an open port as both source and destination. The reason a land attack works is because it causes the machine to reply to itself continuously. Definition " A "LAND" attack involves IP packets where the source and destination address are set to address the same device. " Example (first land attack). It involved sending a spoofed ICMP message to the chargen (character generator) port on a UNIX system. The Character generator would spit out a packet back to the echo port. The echo port would send data back to the chargen and so on, until the resources of the machine were consumed. Other land attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly. (Note, port number changed from 98 to 88 ref. http://www.iana.org/assignments/port-numbers ... TCP 88 is Kerberos) Vulnerable systems Below is a list of vulnerable operating systems (discovered by testing on various machines):
How to avoid being attacked Most Firewalls should intercept the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole. External links |