Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 2003 and XP SP2 Vulnerable To LAND Attack

Posted by Hemos on from the one-if-by-sea-two-if-by-LAND dept.

An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

2 of 534 comments (clear)

  1. Re:Only win ? by redJag · · Score: 5, Informative

    There is a big list before the provided source code.

  2. What is the LAND attack? by fizbin · · Score: 5, Informative
    Quoting from http://www.insecure.org/sploits/land.ip.DOS.html:
    i recently discovered a bug which freezes win95 boxes. here's how
    it works: send a spoofed packet with the SYN flag set from a host, on an open
    port (such as 113 or 139), setting as source the SAME host and port
    (ie: 10.0.0.1:139 to 10.0.0.1:139). this will cause the win95 machine to lock
    up.
    So it's a way to either remotely lock up or reboot a target machine. I would assume (not having, you know, tried it or anything) that this includes most windows-based webservers.