A LAND (local area network denial) attack is a denial-of-service attack that sends a spoofed TCP SYN packet to a target computer with the target's own IP address set as both the source and destination. This causes the machine to reply to itself in a continuous loop, locking it up. It was first discovered in 1997.
When was the LAND denial-of-service attack first discovered?
The LAND attack was first discovered in 1997 by someone using an alias. The vulnerability later resurfaced in operating systems including Windows Server 2003 and Windows XP SP2, showing the flaw was not permanently eliminated after the initial discovery.
Which operating systems are vulnerable to the LAND attack?
Vulnerable systems include Windows 95, Windows NT, Windows XP SP2, FreeBSD 2.2.5-RELEASE and 3.0, NetBSD 1.1 to 1.3, Mac OS 7.6.1 and 8.0, SunOS 4.1.3 and 4.1.4, AIX 3.0, Irix 5.2 and 5.3, IBM AS/400 OS/400 3.7, and many others. HP external JetDirect print servers and NetApp NFS server versions 4.1d and 4.3 were also affected.
How does the LAND attack differ from a TCP SYN Flood?
The LAND attack uses a single spoofed packet with the target's own IP as both source and destination, causing the machine to loop replies to itself. A TCP SYN Flood works by overwhelming a target with a large volume of connection requests from many sources. The LAND attack exploits a logical flaw rather than traffic volume.
How can you protect against a LAND attack?
Most firewalls can intercept and discard the poison packet before it reaches the host, preventing the attack. Some operating systems also released patches that fixed the underlying vulnerability, including FreeBSD and NetBSD, which addressed the flaw after required updates were applied.
Did the LAND attack affect protocols other than TCP?
Yes. Similar LAND-style vulnerabilities were found in SNMP and Windows port 88, which handles Kerberos and global services. Those systems shared the same design flaw: they would accept a request appearing to originate from their own address and then send repeated replies.