A LAND attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. In the context of Network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining In Information technology, a packet is a formatted unit of Data carried by a Packet mode Computer network. The security flaw was actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2. An operating system (commonly abbreviated OS and O/S) is the software component of a Computer system that is responsible for the management and coordination Windows Server 2003 (also referred to as Win2K3 is a server Operating system produced by Microsoft. Windows XP is a family of 32-bit and 64-bit Operating systems produced by Microsoft for use on Personal computers including home and
Contents |
How it works
The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination. The Transmission Control Protocol (TCP is one of the core protocols of the Internet Protocol Suite. The Transmission Control Protocol (TCP is one of the core protocols of the Internet Protocol Suite. An Internet Protocol ( IP) address is a numerical identification ( Logical address) that is assigned to devices participating in a Computer network
The reason a LAND attack works is because it causes the machine to reply to itself continuously.
Definition: "A LAND attack involves IP packets where the source and destination address are set to address the same device. "
Other land attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly.
Vulnerable systems
Below is a list of vulnerable operating systems (discovered by testing on various machines):
- AIX 3. 0
- AmigaOS AmiTCP 4. AmigaOS is the default native Operating system of the Amiga personal computer 2 (Kickstart 3. 0)
- BeOS Preview release 2 PowerMac
- BSDi 2. BeOS is an Operating system for Personal computers which began development by Be Inc BSD/OS (originally called BSD/386 and sometimes known as BSDi) was a proprietary version of the BSD Unix Operating system developed by Berkeley 0 and 2. 1
- Digital VMS
- FreeBSD 2. FreeBSD is a Unix-like free Operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD branch through 2. 5-RELEASE and 3. 0 (Fixed after required updates)
- HP External JetDirect Print Servers
- IBM AS/400 OS7400 3. International Business Machines Corporation abbreviated IBM and nicknamed "Big Blue", is a multinational Computer Technology 7
- Irix 5. IRIX is a computer Operating system developed by Silicon Graphics Inc 2 and 5. 3
- Mac OS MacTCP, 7. Mac OS is the trademarked name for a series of Graphical user interface -based Operating systems developed by Apple Inc 6. 1 OpenTransport 1. 1. 2 and 8. 0
- NetApp NFS server 4. NetApp Inc ( formerly Network Appliance Inc, is a proprietary Computer storage and Data management company headquartered in Sunnyvale California 1d and 4. 3
- NetBSD 1. NetBSD is a freely redistributable Open source version of the Unix -derivative Berkeley Software Distribution (BSD Computer Operating 1 to 1. 3 (Fixed after required updates)
- NeXTSTEP 3. Nextstep was the original object-oriented, multitasking Operating system that NeXT Computer developed to run on its range of proprietary computers 0 and 3. 1
- Novell 4. Novell Inc ( is a global Software Corporation based in the United States specializing in enterprise operating systems such as SUSE 11
- OpenVMS 7. Open Virtual Memory System ( OpenVMS) initially known just as Virtual Memory System ( VMS) is the name of a High-end Computer server 1 with UCX 4. 1-7
- QNX 4. QNX (pronounced either Q-N-X or Q-nix is a commercial Unix-like Real-time operating system, aimed primarily at the Embedded systems market 24
- Rhapsody Developer Release
- SCO OpenServer 5. Rhapsody is the code name given to Apple Computer 's next-generation Operating system during the period of its development between Apple's purchase of NeXT The SCO Group Inc ( TSG, informally SCO;) is a software company formerly called Caldera Systems and Caldera International. 0. 2 SMP, 5. 0. 4
- SCO Unixware 2. The SCO Group Inc ( TSG, informally SCO;) is a software company formerly called Caldera Systems and Caldera International. 1. 1 and 2. 1. 2
- SunOS 4. SunOS is a version of the Unix Operating system developed by Sun Microsystems for their Workstation and server Computer 1. 3 and 4. 1. 4
- Windows 95, NT and XP SP2, Vista (pre-release)
How to avoid being attacked
Most firewalls should intercept the poison packet thus protecting the host from this attack. Microsoft Windows is a series of Software Operating systems and Graphical user interfaces produced by Microsoft. A firewall is an integrated collection of security measures designed to prevent unauthorized electronic access to a networked computer system Some operating systems released updates fixing this security hole. In addition, routers should be configured with both ingress and egress filters to block traffic where the source IP address is the same as the destination because they should block any source address within the same address space as the destination.
External links
- Insecure.Org's original post about the attack
- Article about XP's vulnerability
- Different devices and OS's vulnerability
Dapyx Software network: MP3 Explorer | Ebook Manager | Zenithic