Bugtraq mailing list archives
Windows Server 2003 and XP SP2 LAND attack vulnerability
From: Dejan Levaja <dejan () levaja com>
Date: 5 Mar 2005 18:17:14 -0000
Hello, everyone. Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack. LAND attack: Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition. Tools used: IP Sorcery for creating malicious packet, Ethereal for sniffing it and tcpreplay for replaying. Results: Sending single LAND packet to file server causes Windows explorer freezing on all workstations currently connected to the server. CPU on server goes 100%. Network monitor on the victim server sometimes can not even sniff malicious packet. Using tcpreplay to script this attack results in total collapse of the network. Vulnerable operating systems: Windows 2003 XP SP2 other OS not tested (I have other things to do currently like checking firewalls on my networks ;) ) Solution: Use Windows Firewall on workstations, use some firewall capable of detecting LAND attacks in front of your servers. Ethic: Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community. Dejan Levaja System Engineer Bulevar JNA 251 11000 Belgrade Serbia and Montenegro cell: +381.64.36.00.468 email: dejan () levaja com
Current thread:
- Windows Server 2003 and XP SP2 LAND attack vulnerability Dejan Levaja (Mar 05)
- <Possible follow-ups>
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability paul14075 (Mar 08)
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Grndahl (Mar 08)
- Re: Windows Server 2003 and XP SP2 LAND attack vulnerability caldcv (Mar 08)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Detection Services - IS Security (Mar 10)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Miguel Angel Rodríguez Jódar (Mar 12)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Evans, Arian (Mar 10)
- RE: Windows Server 2003 and XP SP2 LAND attack vulnerability Daniel Cross (Mar 12)