Land

HOW IT WORKS

The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP Address and an open port as both source and destination.

The reason a LAND attack works is because it causes the machine to reply to itself continuously.

Definition: "A ''LAND'' attack involves IP packets where the source and destination address are set to address the same device."

Other land attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly.

VULNERABLE SYSTEMS

Below is a list of vulnerable operating systems (discovered by testing on various machines):

AIX 3.0

AmigaOS AmiTCP 4.2 (Kickstart 3.0)

BeOS Preview release 2 PowerMac

BSDi 2.0 and 2.1

Digital VMS

FreeBSD 2.2.5-RELEASE and 3.0 (Fixed after required updates)

HP External JetDirect Print Servers

IBM AS/400 OS7400 3.7

Irix 5.2 and 5.3

Mac OS MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0

NetApp NFS server 4.1d and 4.3

NetBSD 1.1 to 1.3 (Fixed after required updates)

NeXTSTEP 3.0 and 3.1

Novell 4.11

OpenVMS 7.1 with UCX 4.1-7

QNX 4.24

Rhapsody Developer Release

SCO OpenServer 5.0.2 SMP, 5.0.4

SCO Unixware 2.1.1 and 2.1.2

SunOS 4.1.3 and 4.1.4

Windows 95, NT and XP SP2

HOW TO AVOID BEING ATTACKED

Most Firewalls should intercept the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole.

EXTERNAL LINKS

Insecure.Org's original post about the attack

Article about XP's vulnerability

	APPAREL
	BABY
	BEAUTY
	BOOKS
	CAR TOYS
	CELL PHONES
	DVD'S
	ELECTRONICS
	GOURMET FOOD
	GROCERIES
	HEALTH & PERSONAL
	HOME & GARDEN
	JEWELRY
	MUSIC
	MUSIC INSTRUMENTS
	OFFICE PRODUCTS
	SOFTWARE
	SPORTING GOODS
	TOOLS & HARDWARE
	TOYS
	VIDEO GAMES
	SHOPPING HOME

	MORE SHOPPING...

	CATEGORIES ABOUT LAND

	denial-of-service attacks

Information About

Land