AllExperts > Encyclopedia 
Search      
Find out about volunteering to AllExperts

LAND: Encyclopedia BETA


Free Encyclopedia
 Home · Index · Browse A-Z  · Questions and Answers ·
Encyclopedia

Contents

Browse A-Z
ABCDEFGHIJKLMNOPQRSTUVWXYZNum


License
Disclaimer

 
 
 
 
Free Online Courses
12 Weeks to Weight Loss
Take Charge of Stress
Learn How to Bake
Budgeting 101
Deeper Faith
DIY Fashion Makeover

       MORE E-COURSES
 
   

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  Misc

LAND

A LAND attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

How it works

The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination.

The reason a land attack works is because it causes the machine to reply to itself continuously.

Definition " A "LAND" attack involves IP packets where the source and destination address are set to address the same device. "

Example (first land attack). It involved sending a spoofed ICMP message to the chargen (character generator) port on a UNIX system. The Character generator would spit out a packet back to the echo port. The echo port would send data back to the chargen and so on, until the resources of the machine were consumed.

Other land attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly. (Note, port number changed from 98 to 88 ref. http://www.iana.org/assignments/port-numbers ... TCP 88 is Kerberos)

Vulnerable systems

Below is a list of vulnerable operating systems (discovered by testing on various machines):
* AIX 3.0
* AmigaOS AmiTCP 4.2 (Kickstart 3.0)
* BeOS Preview release 2 PowerMac
* BSDi 2.0 and 2.1
* Digital VMS
* FreeBSD 2.2.5-RELEASE and 3.0 (Fixed after required updates)
* HP External JetDirect Print Servers
* IBM AS/400 OS7400 3.7
* Irix 5.2 and 5.3
* Mac OS MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0
* NetApp NFS server 4.1d and 4.3
* NetBSD 1.1 to 1.3 (Fixed after required updates)
* NeXTSTEP 3.0 and 3.1
* Novell 4.11
* OpenVMS 7.1 with UCX 4.1-7
* QNX 4.24
* Rhapsody Developer Release
* SCO OpenServer 5.0.2 SMP, 5.0.4
* SCO Unixware 2.1.1 and 2.1.2
* SunOS 4.1.3 and 4.1.4
* Windows 95, NT and XP SP2

How to avoid being attacked

Most firewalls should intercept the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole.

External links

*Original post about the attack
*Article about XP's vulnerability



Email this page
About Us | Advertise on This Site | User Agreement | Privacy Policy | Kids' Privacy Policy | Help
About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.
This is the "GNU Free Documentation License" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.