[5687] in bugtraq
Re: "LAND" Attack Update
daemon@ATHENA.MIT.EDU (Don Lewis)
Mon Nov 24 23:35:01 1997
Date: Fri, 21 Nov 1997 17:24:48 -0800
Reply-To: Don Lewis <Don.Lewis@TSC.TDK.COM>
From: Don Lewis <Don.Lewis@TSC.TDK.COM>
X-To: Aleph One <aleph1@dfw.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Aleph One <aleph1@dfw.net> "Re: "LAND" Attack Update" (Nov 21,
1:22pm)
On Nov 21, 1:22pm, Aleph One wrote:
} Subject: Re: "LAND" Attack Update
} We keep getting conflicting reports for FreeBSD and OpenBSD. The are
} enough reports and indications that those operating systems are indeed
} vulnerable but the vulnerabilitiy may not show up in all configurations
} depending on the enviroment, the intensity of cosmic rays, the phase of
} the moon, and if the testing person is left or right handed.
In the case of FreeBSD, there was a change made to its tcp_input()
implementation in October 1996 which probably has the side effect of
protecting against this attack. This change was removed in early October
1997 because it caused problems if spoofed SYN's with the source addresses
of legitimate hosts (other than the victim) were sent to it.
It looks to me like FreeBSD 2.2.2 should not be vulnerable unless it has
an updated version of tcp_input.c. I believe FreeBSD 2.2.5 is vulnerable.
A single attack packet may or may not cause the problem to occur, depending
on the TCP sequence numbers.
