请输入您要查询的百科知识:

 

词条 LAND
释义

  1. Mechanism

  2. Vulnerable systems

  3. Prevention

  4. See also

  5. References

  6. External links

{{Other uses|Land (disambiguation)}}

A LAND (Local Area Network Denial) attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

Mechanism

The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address to an open port as both source and destination. This causes the machine to reply to itself continuously. It is, however, distinct from the TCP SYN Flood vulnerability.

Other LAND attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services). Such systems had design flaws that would allow the device to accept request on the wire appearing to be from themselves, causing repeated replies.

Vulnerable systems

Below is a list of vulnerable operating systems:[1]

  • AIX 3.0
  • AmigaOS AmiTCP 4.2 (Kickstart 3.0)
  • BeOS Preview release 2 PowerMac
  • BSDi 2.0 and 2.1
  • Digital VMS
  • FreeBSD 2.2.5-RELEASE and 3.0 (Fixed after required updates)
  • HP External JetDirect Print Servers
  • IBM AS/400 OS7400 3.7
  • Irix 5.2 and 5.3
  • Mac OS MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0
  • NetApp NFS server 4.1d and 4.3
  • NetBSD 1.1 to 1.3 (Fixed after required updates)
  • NeXTSTEP 3.0 and 3.1
  • Novell 4.11
  • OpenVMS 7.1 with UCX 4.1-7
  • QNX 4.24
  • Rhapsody Developer Release
  • SCO OpenServer 5.0.2 SMP, 5.0.4
  • SCO Unixware 2.1.1 and 2.1.2
  • SunOS 4.1.3 and 4.1.4
  • Windows 95, NT and XP SP2,

Prevention

Most firewalls should intercept and discard the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole. In addition, routers should be configured with both ingress and egress filters to block all traffic destined for a destination in the source's address space, which would include packets where the source and destination IP addresses are the same.

See also

  • Slowloris (computer security)
  • High Orbit Ion Cannon
  • Low Orbit Ion Cannon
  • ReDoS
  • Denial-of-service attack

References

1. ^http://insecure.org/sploits/land.ip.DOS.html

External links

  • Insecure.Org's original post about the attack
  • Article about XP's vulnerability

2 : Denial-of-service attacks|Types of cyberattacks

随便看

 

开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。

 

Copyright © 2023 OENC.NET All Rights Reserved
京ICP备2021023879号 更新时间:2024/9/28 5:30:29