Slashdot Mirror


Windows 2003 and XP SP2 Vulnerable To LAND Attack

An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

4 of 534 comments (clear)

  1. What kind of software dev process do MS use? by Ex+Machina · · Score: 5, Interesting

    Isn't this EXACTLY what regression tests were designed for?

    1. Re:What kind of software dev process do MS use? by KDN · · Score: 5, Interesting
      Several jobs ago, the I did software development. The manager didn't like how every time I found a significant bug I added it to a test library that I kept and ran against every version of the code that I was about to put out to the group. His thought was "the odds of someone making the same mistake twice are non existent". One time he told me to put the code out before it was done the regression tests. Sure enough, crash and burn. And yes, my regression tests later caught the bug. Never again.

      As a further indication that I was right, I put an interface around the public interface of my libraries to validate all the parameters and actions. I noticed some people would make the same error so much that I even personalized some of the error messages. Like: "Your passing a string instead of an address John", and "Your reading from a closed object Kevin".

  2. On a more serious note.. by tabkey12 · · Score: 5, Interesting
    Blanket Attacks (like blaster, where every windows computer on the net with windows sharing on is hit about 6 times an hour) are usually only viable when the Default configuration is insecure.

    At least with SP2 there is some basic security in terms of the firewall being on by default.

    Still, never thought I'd see a slashdot article linking to a page about Trumpet Winsock in 2005!

  3. Can anyone confirm? by Anonymous Coward · · Score: 5, Interesting

    A friend showed this to me a few days ago and I was unable to reproduce the attack over the LAN, both with my own code and some code of the original LAND found with google. Both were run from linux by opening a raw socket, filling in ip and tcp headers including checksums using the structs in ip.h and tcp.h, and sending with sendto(). In both cases ethereal would show the packet as recieved but the machine would operate normally.