GEN:SID 1:269
Message DOS Land attack
Summary A denial of service attack known as Land has been launched. Some TCP/IP
stacks crash or hang when sent a spoofed TCP SYN packet with the same
source and destination host and the same source and destination port.  
Impact Denial of service against a target host.
Detailed Information The Land denial of service attack attempts to crash or disable a target
host by sending a spoofed TCP SYN packet with an identical source and
destination IP and identical source and destination port.  Some target
hosts will crash others will be temporarily disabled.  
Affected Systems Windows 95
    Windows NT Any unpatched version
    SCO CMW+ 3.0
    SCO Open Desktop/Open Server 3.0
    SCO Open Server 5.0
    SCO UnixWare 2.1.0
    Gauntlet 3.2/HP-UX 10.10 and Gauntlet 4.1/HP-UX 10.20
Attack Scenarios A malicious user crafts a packet to cause a Denial of Service against a
target host.
Ease of Attack Simple to craft such a packet using any number of packet crafting tools
such as nmap and hping.

Corrective Action Malicious outside attacks can be prevented by configuring your
packet-filtering device to block packets from entering your network that
have source IP's from your network address space.
Additional References CVE:
CAN-1999-0016

CERT:
CA-1997-28
Rule References bugtraq: 2666
cve: 1999-0016