Windows vulnerable to LAND attack

By Bill Brenner, News Writer 08 Mar 2005 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Several security organizations are reporting that Windows XP with SP2 and Windows 2003 are vulnerable to a LAND attack, in which affected computers suffer a denial of service. But experts said defending networks against it isn't very difficult.

"Defending against a LAND attack isn't all that hard," the Bethesda, Md.-based SANS Internet Storm Center (ISC) said in a Web site message Monday. "Proper ingress filtering should prevent spoofed traffic from entering your network in the first place. Any personal firewall will block the attack, and turning off unneeded services will reduce the number of ports that will expose you to the attack."

Danish security firm Secunia said the security hole, discovered by researcher Dejan Levaja, is caused by improperly handled Internet Protocol (IP) packets "with the same destination and source IP and the SYN flag set. This causes a system to consume all available [central processing unit] CPU resources for a certain period of time."

UNIRAS, the British government's Computer Emergency Response Team (CERT), said in another advisory that the problem may not be limited to Microsoft products:

"UNIRAS has identified a multi-vendor problem that if exploited could result in a denial-of-service issue," the advisory said. "The full scope of the problem is still being investigated but the basic issue is that a number of [Transmission Control Protocol/Internet Protocol] TCP/IP stacks are vulnerable to a "loopback" condition initiated by sending a TCP SYN packet with the source address and port spoofed to equal the destination source and port. When a packet of this sort is received, an infinite loop is initiated and the affected system halts."

Related information What is a LAND attack? Details on XP SP2 installation

UNIRAS said it "replicated" the problem against systems running Windows XP SP2 and Server 2003 that were not running the host-based firewall software.

The ISC said so far, its analysis has found that:

• Windows XP appears to be vulnerable only if SP2 is installed;
• Windows 2003 is vulnerable;
• On systems with multiple CPUs, only one CPU will be "maxed out." These systems remain responsive (but will be slower); and
• Hyperthreading systems (newer Pentium IVs) behave like dual CPU systems in that the total load reaches 50%.

Tags: Denial of Service (DoS) Attack Prevention,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Denial of Service (DoS) Attack Prevention VeriSign extends DDoS attack protection service Conficker authors prepping for next stage, researcher says Latest DDoS attacks extremely unsophisticated, experts say DDoS attacks hit U.S., South Korean government websites How to prevent a denial-of-service (DoS) attack I'll be watching you: Wireless IPS How to prevent DDoS attacks on websites How to prevent network denial-of-service attacks What are 'phlashing' attacks? Could someone place a rootkit on an internal network through a router? Denial of Service (DoS) Attack Prevention Research Windows Security: Alerts, Updates and Best Practices Exploit code targets Internet Explorer zero-day display flaw Windows 7 DoS flaw allows hackers to freeze Microsoft's newest OS Microsoft patches serious Windows kernel flaws Microsoft to address flaws in Windows, Office for Mac Microsoft fixes security update that breaks Internet Explorer What is the best database patch management process? Microsoft addresses critical SMBv2 flaw, fixes record number of flaws Microsoft to address SMB zero-day, IIS FTP Service vulnerabilities Microsoft releases temporary fix for SMB2 zero-day vulnerability Microsoft issues SMB vulnerability advisory, patch pending

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary Electrohippies Collective  (SearchSecurity.com) packet monkey  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary