BugTraq
Windows Server 2003 and XP SP2 LAND attack vulnerability Mar 05 2005 06:17PM
Dejan Levaja (dejan levaja com) (1 replies)
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Mar 07 2005 09:55PM
Jon O. (jono networkcommand com) (4 replies)
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Mar 11 2005 09:37AM
exon (exon home se)
Jon O. wrote:
> All:
>
> I would like to hear from someone who can reproduce this. If you can, please send
> details with OS, patches installed, pcaps, etc. not a report of what tools you used
> to create the packet, sniff and replay the results. I've tested this and either my
> machines are magically protected from this attack, or it is invalid (despite what
> the press might say). I'd like some outside corroboration of this attack.
>

It appears it doesn't work if windows' builtin firewall is turned on,
even if the attack is sent to an unfiltered and open port. The tcp and
IP checksums must also be correct, which a lot of older land-attack
programs failed to produce (I couldn't reproduce on my system with any I
found online).

I've also noticed that targeted systems seems to respond to ping during
the attack, but are completely incapable of doing anything that requires
CPU resources to be spent in userland (typing text is impossible, moving
the mouse works fine). Continuous attacks that cross some hardcoded
packet boundary can even cause the targeted system to rustle back in to
play early.

To test it, you'd need to log in and watch the task manager freeze up
(set update interval to high to make it more obvious).

Attached is imland.c (improved multiple land), which was designed to
rapidly and possibly continuously test a wide range of servers. It
should compile cleanly on most unixen. I've thrown in some usage output
as well. Please use it responsibly.

/exon

[ reply ]
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Mar 08 2005 01:05PM
killer_loop (at) mail (dot) com [email concealed] (lammat grpower ath cx)
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Mar 08 2005 11:01AM
Miroslav Kubik (kubik_miroslav seznam cz)
Re: Windows Server 2003 and XP SP2 LAND attack vulnerability Mar 08 2005 05:42AM
Patrick Chipman (pchipman memphis edu)


 

Privacy Statement
Copyright 2010, SecurityFocus