Windows vulnerable to LAND attack

Bill Brenner

Several security organizations are reporting that Windows XP with SP2 and Windows 2003 are vulnerable to a LAND attack, in which affected computers suffer a denial of service. But experts said defending networks against it isn't very difficult.

"Defending against a LAND attack isn't all that hard," the Bethesda, Md.-based SANS Internet Storm Center (ISC) said in a

    Requires Free Membership to View

Web site message Monday. "Proper ingress filtering should prevent spoofed traffic from entering your network in the first place. Any personal firewall will block the attack, and turning off unneeded services will reduce the number of ports that will expose you to the attack."

Danish security firm Secunia said the security hole, discovered by researcher Dejan Levaja, is caused by improperly handled Internet Protocol (IP) packets "with the same destination and source IP and the SYN flag set. This causes a system to consume all available [central processing unit] CPU resources for a certain period of time."

UNIRAS, the British government's Computer Emergency Response Team (CERT), said in another advisory that the problem may not be limited to Microsoft products:

"UNIRAS has identified a multi-vendor problem that if exploited could result in a denial-of-service issue," the advisory said. "The full scope of the problem is still being investigated but the basic issue is that a number of [Transmission Control Protocol/Internet Protocol] TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts."

Related information

What is a LAND attack?

Details on XP SP2 installation

UNIRAS said it "replicated" the problem against systems running Windows XP SP2 and Server 2003 that were not running the host-based firewall software.

The ISC said so far, its analysis has found that:

  • Windows XP appears to be vulnerable only if SP2 is installed;
  • Windows 2003 is vulnerable;
  • On systems with multiple CPUs, only one CPU will be "maxed out." These systems remain responsive (but will be slower); and
  • Hyperthreading systems (newer Pentium IVs) behave like dual CPU systems in that the total load reaches 50%.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: