Slashdot Mirror
Windows 2003 and XP SP2 Vulnerable To LAND Attack
An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.
"Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on."
Machines that are not protected are vulnerable. Well, that isn't really news is it? Sounds pretty silly to me.
Anyway, given all the warnings about Internet security in the last five years, the majority of users will already have downloaded and installed firewall programs such as ZoneAlarm.
Of course, some windows machines need to have open ports, like, say, if they're offering *services*. So really, your mundane desktop need not be affected. It's the production server you should be quite terrified about.
WARNING: there is a trojan on your
This incident is just another example which demonstrates the importance (or more accurately, the lack thereof) that Microsoft's corporate culture places on security. Hasn't anyone at Microsoft ever heard about regression testing?
Microsoft has consistantly demonstrated that, regardless of what their press releases say, security is NOT one of their priorities. People need to start waking up and realizing this before they entrust their critical infrastructure to Microsoft products.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Nobody deserves to get their Boxen hacked, even if they don't always use the best available defenses.
That is like saying the rape victim is at fault "'cause she looked so sexy"
I know the land attack is old, but still, linking to a .c ? Why not link to the description of the attack and let that be enough. I was not aware /. was a scriptkiddie toolz warehouse. As stated by the article, there are still probably a bunch of machines this will affect, and putting a link directly to LAND.c on the main page probably isnt such a good idea. Whats next, root kits?
/. don't know how to use a search engine?
Honestly. Why don't you just stick your head in the ground every time there's a problem. If you don't see it, it can't be real.
C'mon. How much more difficult is it to go to google, type in "land.c" and get the source yourself?
Do you honestly think people visiting
Besides, any good system administrator has to assume that every user out there has access to the latest, greatest, and most sophisticated tools to get into their systems.
And this is an 8 year-old exploit to boot.
OH NOES! He linked to the h4x0r f13lz! Whut k4nz W3 DOOZ?! C4llz 0wtz t3h wh4mbul4nc3!!!11!!
It shouldn't matter a single bit what gets linked to. The information is out there, anyone who wants to find it will. You can't try and suppress it. And to say that linking to it makes it easier... what did I just say about search engines? Oh gee, I've been saved a whole 5 seconds from going to google and finding it myself. Maybe all windows machiens will be patched within that time?
I'm not a programmer, so looking through a C file isn't likely to give me any useful information, unless it's in comments at the beginning of the code. What's more, I imagine even programmers would rather just hear a summary than have to sit there and look through a bunch of code to figure out what it does.
/. stories, link to relivant and if possible, concise descriptions of terms that people are likely to be unfarmilar with. If you want to provide a link to source, do it seperatly and note it as such.
I mean ethical issues aside, it's just not that helpful to most people. I'm sure most people though "WTF is a LAND attack?" and cliked on the link to see. Getting a C file, is probably not the answer they wanted, espically given that it doesn't seem to be transfering, so I can't even see if it has useful comments or not.
When doing
I know the land attack is old, but still, linking to a .c ? I was not aware /. was a scriptkiddie toolz warehouse.
Not only that, it was unlabeled. That means anybody who follwed the link now has a copy of the malware in their machine's webcache, minimum. And if they saved it (to keep the list of vulnerable configurations, for example) they have the malware itself.
This simultaneously puts a bunch of slashdot readers at legal risk (from false prosecution and/or in-court character assasination, based on evidence from a siezed computer) and gives real baddies plausible deniability.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
This isn't funny, it's sad. People have been so brainwashed by MS that they believe it's normal for machines to not be safe if they have a direct internet connection.
I am trolling
That's a list of operating systems from 1997, taken out of an exploit from 1997. Linux 2.0.30? Novell 4.11? Solaris 2.5.1?
The idea behind a server (such as the affected W2K3 server) being connected to a network is to provide a service to the clients. If the machine is not fit to provide services to the network, might as well go back to the store and ask for a reimbursment and exchange to XP workstation.
The only safe way to safely run this server is to place it behind a SPI firewall. Packet filters will have a hard time detecting and blocking this kind of attack, you will need a full blown SPI to defend and block against these attacks.
SMCs, Linksys and other consumer level firewall seem to be vulnerable to this thing, the only thing that might save your server is the NAT they might provide. Of course if you are running your server on a public routable IP, then you better start thinking of running a serious setup there.
My other OS is the MCP!