[91368] in Cypherpunks

home help back first fref pref prev next nref lref last post

Land Attack on Routers/Servers

daemon@ATHENA.MIT.EDU (John Young)
Thu Dec 4 09:14:30 1997

Date: Thu, 04 Dec 1997 08:25:52 -0500
To: cypherpunks@toad.com
From: John Young <jya@pipeline.com>
Reply-To: John Young <jya@pipeline.com>

 Hackers Out for IP Blood with New Land Attack 

 The Internet underworld last week unsheathed a new weapon 
 capable of knocking out IP-based routers and servers, sending 
 vendors scrambling to find ways to safeguard their gear. 

 Land Attack, officially known as land.c program code, was posted 
 on the Net by someone called "Meltman" and used last week in 
 attacks on Cisco Systems, Inc. routers and Unix and Windows 
 NT servers. Some of the targeted machines were slowed to a 
 crawl, while others had to be rebooted. 

 Land Attack represents a new twist on the dreaded "TCP SYN 
 flooding" denial-of-service attack. 

 But unlike TCP SYN flooding, Land Attack sends out just one 
 sinister SYN packet in which the sending devices IP address has 
 been swapped out for the IP address of the destination machine. 
 When the destination machine tries to acknowledge receipt of the 
 transmission, it ends up using its own address, which means it
 sends the message back to itself, resulting in a potentially fatal
 loopback condition. "If someone could find a way to use this 
 Land Attack program to spread this across the Internet, it could 
 cause major service disruptions," said Chris Klaus, chief
 technology officer at Internet Security Systems, Inc.

----------

More at: http://jya.com/land-attack.txt


home help back first fref pref prev next nref lref last post