[13951] in North American Network Operators' Group
Re: Land Protection for Cisco
daemon@ATHENA.MIT.EDU (Jim Shankland)
Fri Nov 21 17:54:09 1997
Date: Fri, 21 Nov 1997 14:47:04 -0800 (PST)
From: Jim Shankland <jas@flyingfox.com>
To: ken@drummerweb.com, root@gannett.com
Cc: nanog@merit.edu
Paul D. Robertson <root@gannett.com> writes:
> Has anyone tried [the "land" attack] sourced and destined for
> different interfaces on the same box? My test gear is all tied
> up right now, and I'd rather not test on a production box.
It is highly unlikely that this would work. The essence of the attack
is creating a TCP connection in which (src-ip, src-port) is equal
to (dst-ip, dst-port), so that the box's responses on that TCP circuit
reappear as input from the "peer". This won't happen if
src-ip != dst-ip, even if both ip's are associated with the same box.
Jim Shankland
Flying Fox Computer Systems, Inc.
