A LAND attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2. A denial-of-service attack (also, DoS attack) is an attack on a computer system or network that causes a loss of service to users, typically the loss of network connectivity and services by consuming the bandwidth of the victim network or overloading the computational resources of the victim system. ... To meet Wikipedias quality standards, this article or section may require cleanup. ... A packet is the fundamental unit of information carriage in all modern computer networks that use packet switching. ... Early computers lacked operating systems. ... The successor to Windows 2000 Server, Microsofts Windows Server 2003 (codename Whistler Server, also known as Windows NT 5. ... Windows XP is a major revision of the Microsoft Windows operating system created for use on desktop and business computer systems. ...

How it works

The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination. The Transmission Control Protocol (TCP) is one of the core protocols of the Internet protocol suite. ... SYN (synchronize) is a type of packet used by the Transmission Control Protocol (TCP) when initiating a new connection to synchronize the sequence numbers on two connecting computers. ... An IP address (Internet Protocol address) is a unique number that devices use in order to identify and communicate with each other on a network utilizing the Internet Protocol standard. ...

The reason a land attack works is because it causes the machine to reply to itself continuously.

Definition " A "LAND" attack involves IP packets where the source and destination address are set to address the same device. "

Example (first land attack). It involved sending a spoofed ICMP message to the chargen (character generator) port on a UNIX system. The Character generator would spit out a packet back to the echo port. The echo port would send data back to the chargen and so on, until the resources of the machine were consumed.

Other land attacks have since been found in services like SNMP and Windows 98/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly.

Vulnerable systems

Below is a list of vulnerable operating systems (discovered by testing on various machines):

• AIX 3.0
• AmigaOS AmiTCP 4.2 (Kickstart 3.0)
• BeOS Preview release 2 PowerMac
• BSDi 2.0 and 2.1
• Digital VMS
• FreeBSD 2.2.5-RELEASE and 3.0 (Fixed after required updates)
• HP External JetDirect Print Servers
• IBM AS/400 OS7400 3.7
• Irix 5.2 and 5.3
• Mac OS MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0
• NetApp NFS server 4.1d and 4.3
• NetBSD 1.1 to 1.3 (Fixed after required updates)
• NeXTSTEP 3.0 and 3.1
• Novell 4.11
• OpenVMS 7.1 with UCX 4.1-7
• QNX 4.24
• Rhapsody Developer Release
• SCO OpenServer 5.0.2 SMP, 5.0.4
• SCO Unixware 2.1.1 and 2.1.2
• SunOS 4.1.3 and 4.1.4
• Windows 95, NT and XP SP2

Advanced Interactive eXecutive (AIX) is the brand name of IBMs proprietary UNIX operating system. ... AmigaOS is the default native operating system of the Amiga and AmigaOne personal computers. ... BeOS is an operating system for personal computers which began development by Be Incorporated in 1991. ... BSD/OS (also known as BSDi and BSD/386) was a commercial version of the Berkeley Software Distribution operating system that had been developed by the University of California, Berkeleys Computer Science Research Group in the 1970s and 1980s. ... FreeBSD is a Unix-like free software operating system descended from AT&T UNIX via the Berkeley Software Distribution (BSD) branch through 386BSD and 4. ... ... International Business Machines Corporation (IBM, or colloquially, Big Blue) NYSE: IBM (incorporated June 15, 1911, in operation since 1888) is headquartered in Armonk, NY, USA. The company manufactures and sells computer hardware, software, infrastructure services and consulting services. ... IRIX is the System V-based Unix Operating System with BSD extensions developed by Silicon Graphics (SGI) to run natively on their 32 and 64-bit MIPS architecture workstations and servers. ... Mac OS, which stands for Macintosh Operating System, is a range of graphical user interface-based operating systems developed by Apple Computer for their Macintosh computers. ... Network Appliance, Inc. ... NetBSD was the second freely redistributable, open source version of the BSD Unix-like computer operating systems to produce a formal release (after 386BSD) and continues to be actively developed. ... NeXTSTEP Desktop NEXTSTEP is the original object-oriented, multitasking operating system that NeXT Computer, Inc. ... Novell, Inc. ... OpenVMS (Open Virtual Memory System or just VMS) is the name of a high-end computer server operating system that runs on the VAX and Alpha family of computers developed by Digital Equipment Corporation of Maynard, Massachusetts (now owned by Hewlett-Packard), and more recently on Hewlett-Packard systems built... QNX (pronounced either Q-N-X or Q-nix) is a commercial POSIX-compliant Unix-like real-time operating system, aimed primarily at the embedded systems market. ... a desktop showing a QuickTime movie and a drawing application Rhapsody was the code name given to Apple Computers next-generation operating system during the period of its development between Apples purchase of NeXT in late 1996 and the announcement of Mac OS X in 1998. ... The SCO Group, Inc. ... The SCO Group, Inc. ... SunOS was the version of the UNIX operating system developed by Sun Microsystems for their workstations and server systems until the early 1990s. ... Microsoft Windows is a series of operating environments and operating systems created by Microsoft for use on personal computers and servers. ...

How to avoid being attacked

Most firewalls should intercept the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole. In computing, a firewall is a piece of hardware and/or software which functions in a networked environment to prevent some communications forbidden by the security policy, analogous to the function of firewalls in building construction. ...

External links

• Original post about the attack
• Article about XP's vulnerability