GEN:SID | 1:269 |
Message | DOS Land attack |
Summary | A denial of service attack known as Land has been launched. Some TCP/IP stacks crash or hang when sent a spoofed TCP SYN packet with the same source and destination host and the same source and destination port.
|
Impact | Denial of service against a target host.
|
Detailed Information | The Land denial of service attack attempts to crash or disable a target host by sending a spoofed TCP SYN packet with an identical source and destination IP and identical source and destination port. Some target hosts will crash others will be temporarily disabled.
|
Affected Systems | Windows 95 Windows NT Any unpatched version SCO CMW+ 3.0 SCO Open Desktop/Open Server 3.0 SCO Open Server 5.0 SCO UnixWare 2.1.0 Gauntlet 3.2/HP-UX 10.10 and Gauntlet 4.1/HP-UX 10.20
|
Attack Scenarios | A malicious user crafts a packet to cause a Denial of Service against a target host.
|
Ease of Attack | Simple to craft such a packet using any number of packet crafting tools such as nmap and hping.
|
Corrective Action | Malicious outside attacks can be prevented by configuring your packet-filtering device to block packets from entering your network that have source IP's from your network address space.
|
Additional References | CVE: CAN-1999-0016
CERT: CA-1997-28
|
Rule References | bugtraq: 2666
cve: 1999-0016
|