LAND
Encyclopedia
A LAND attack is a DoS
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...

 (Denial of Service) attack that consists of sending a special poison spoofed
Spoofing attack
In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...

 packet to a computer, causing it to lock up. The security flaw was actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...

s such as Windows Server 2003
Windows Server 2003
Windows Server 2003 is a server operating system produced by Microsoft, introduced on 24 April 2003. An updated version, Windows Server 2003 R2, was released to manufacturing on 6 December 2005...

 and Windows XP
Windows XP
Windows XP is an operating system produced by Microsoft for use on personal computers, including home and business desktops, laptops and media centers. First released to computer manufacturers on August 24, 2001, it is the second most popular version of Windows, based on installed user base...

 SP2.

How it works

The attack involves sending a spoofed TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...

 SYN packet (connection initiation) with the target host's IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...

 to an open port as both source and destination.

The reason a LAND attack works is because it causes the machine to reply to itself continuously.

Definition: "A LAND attack involves IP packets where the source and destination address are set to address the same device."

Other land attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly.

Vulnerable systems

Below is a list of vulnerable operating systems (discovered by testing on various machines):
  • AIX
    AIX operating system
    AIX AIX AIX (Advanced Interactive eXecutive, pronounced "a i ex" is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms...

     3.0
  • AmigaOS
    AmigaOS
    AmigaOS is the default native operating system of the Amiga personal computer. It was developed first by Commodore International, and initially introduced in 1985 with the Amiga 1000...

     AmiTCP 4.2 (Kickstart 3.0)
  • BeOS
    BeOS
    BeOS is an operating system for personal computers which began development by Be Inc. in 1991. It was first written to run on BeBox hardware. BeOS was optimized for digital media work and was written to take advantage of modern hardware facilities such as symmetric multiprocessing by utilizing...

      Preview release 2 PowerMac
  • BSDi
    BSD/OS
    BSD/OS was a proprietary version of the BSD operating system developed by Berkeley Software Design, Inc. ....

     2.0 and 2.1
  • Digital VMS
    OpenVMS
    OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...

  • FreeBSD
    FreeBSD
    FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...

     2.2.5-RELEASE and 3.0 (Fixed after required updates)
  • HP External JetDirect Print Servers
  • IBM
    IBM
    International Business Machines Corporation or IBM is an American multinational technology and consulting corporation headquartered in Armonk, New York, United States. IBM manufactures and sells computer hardware and software, and it offers infrastructure, hosting and consulting services in areas...

     AS/400 OS7400 3.7
  • Irix
    IRIX
    IRIX is a computer operating system developed by Silicon Graphics, Inc. to run natively on their 32- and 64-bit MIPS architecture workstations and servers. It was based on UNIX System V with BSD extensions. IRIX was the first operating system to include the XFS file system.The last major version...

     5.2 and 5.3
  • Mac OS
    Mac OS
    Mac OS is a series of graphical user interface-based operating systems developed by Apple Inc. for their Macintosh line of computer systems. The Macintosh user experience is credited with popularizing the graphical user interface...

     MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0
  • NetApp NFS server 4.1d and 4.3
  • NetBSD
    NetBSD
    NetBSD is a freely available open source version of the Berkeley Software Distribution Unix operating system. It was the second open source BSD descendant to be formally released, after 386BSD, and continues to be actively developed. The NetBSD project is primarily focused on high quality design,...

     1.1 to 1.3 (Fixed after required updates)
  • NeXTSTEP
    NEXTSTEP
    NeXTSTEP was the object-oriented, multitasking operating system developed by NeXT Computer to run on its range of proprietary workstation computers, such as the NeXTcube...

     3.0 and 3.1
  • Novell
    Novell
    Novell, Inc. is a multinational software and services company. It is a wholly owned subsidiary of The Attachmate Group. It specializes in network operating systems, such as Novell NetWare; systems management solutions, such as Novell ZENworks; and collaboration solutions, such as Novell Groupwise...

     4.11
  • OpenVMS
    OpenVMS
    OpenVMS , previously known as VAX-11/VMS, VAX/VMS or VMS, is a computer server operating system that runs on VAX, Alpha and Itanium-based families of computers. Contrary to what its name suggests, OpenVMS is not open source software; however, the source listings are available for purchase...

     7.1 with UCX 4.1-7
  • QNX
    QNX
    QNX is a commercial Unix-like real-time operating system, aimed primarily at the embedded systems market. The product was originally developed by Canadian company, QNX Software Systems, which was later acquired by Canadian BlackBerry-producer Research In Motion.-Description:As a microkernel-based...

     4.24
  • Rhapsody Developer Release
  • SCO
    SCO Group
    TSG Group, Inc. is a software company formerly called The SCO Group, Caldera Systems, and Caldera International. After acquiring the Santa Cruz Operation's Server Software and Services divisions, as well as UnixWare and OpenServer technologies, the company changed its focus to UNIX...

     OpenServer 5.0.2 SMP, 5.0.4
  • SCO
    SCO Group
    TSG Group, Inc. is a software company formerly called The SCO Group, Caldera Systems, and Caldera International. After acquiring the Santa Cruz Operation's Server Software and Services divisions, as well as UnixWare and OpenServer technologies, the company changed its focus to UNIX...

     Unixware 2.1.1 and 2.1.2
  • SunOS
    SunOS
    SunOS is a version of the Unix operating system developed by Sun Microsystems for their workstation and server computer systems. The SunOS name is usually only used to refer to versions 1.0 to 4.1.4 of SunOS...

     4.1.3 and 4.1.4
  • Windows
    Microsoft Windows
    Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...

     95, NT and XP SP2,

How to avoid being attacked

Most firewalls should intercept the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole. In addition, routers should be configured with both ingress
Ingress filtering
In computer networking, ingress filtering is a technique used to make sure that incoming packets are actually from the networks that they claim to be from.- Problem :...

 and egress
Egress filtering
In computer networking, egress filtering is the practice of monitoring and potentially restricting the flow of information outbound from one network to another. Typically it is information from a private TCP/IP computer network to the Internet that is controlled.TCP/IP packets that are being sent...

filters to block traffic where the source IP address is the same as the destination because they should block any source address within the same address space as the destination.

External links

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK