Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
GEN:SID | 1:269 |
Message | DOS Land attack |
Summary | A denial of service attack known as Land has been launched. Some TCP/IP stacks crash or hang when sent a spoofed TCP SYN packet with the same source and destination host and the same source and destination port. |
Impact | Denial of service against a target host. |
Detailed Information | The Land denial of service attack attempts to crash or disable a target host by sending a spoofed TCP SYN packet with an identical source and destination IP and identical source and destination port. Some target hosts will crash others will be temporarily disabled. |
Affected Systems | Windows 95 Windows NT Any unpatched version SCO CMW+ 3.0 SCO Open Desktop/Open Server 3.0 SCO Open Server 5.0 SCO UnixWare 2.1.0 Gauntlet 3.2/HP-UX 10.10 and Gauntlet 4.1/HP-UX 10.20 |
Attack Scenarios | A malicious user crafts a packet to cause a Denial of Service against a target host. |
Ease of Attack | Simple to craft such a packet using any number of packet crafting tools such as nmap and hping. |
Corrective Action | Malicious outside attacks can be prevented by configuring your packet-filtering device to block packets from entering your network that have source IP's from your network address space. |
Additional References | CVE: CAN-1999-0016 CERT: CA-1997-28 |
Rule References | bugtraq: 2666 cve: 1999-0016 |
--
DID:565332
--
http://www.aanval.com/