Slashdot Mirror

← Back to Stories (view on slashdot.org)

Windows 2003 and XP SP2 Vulnerable To LAND Attack

Posted by Hemos on from the one-if-by-sea-two-if-by-LAND dept.

An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

28 of 534 comments (clear)

  1. Little known fact by beatdown · · Score: 5, Funny

    It is also subject to sea and air attacks.

    1. Re:Little known fact by Anonymous Coward · · Score: 5, Funny

      The Navy usually makes sure its ports are secure.

    2. Re:Little known fact by Anonymous Coward · · Score: 5, Funny

      Yes, but they call them "port holes".

    3. Re:Little known fact by darkpixel2k · · Score: 5, Funny

      Well...usually.

      There was this one time...in Hawaii...

      --
      There's no place like ::1 (I've completed my transition to IPv6)
    4. Re:Little known fact by harrkev · · Score: 5, Funny

      According to the Village People, the Navy usually has some back doors.

      --
      "-1 Troll" is the apparently the same as "-1 I disagree with you."
  2. wow by Quasar1999 · · Score: 5, Funny

    In other news, my computer is also prone to failing if I microwave it... hit it with a hammer, or attempt to install water cooling while I'm drunk...

    --

    ---
    Programming is like sex... Make one mistake and support it the rest of your life.
    1. Re:wow by Anonymous Coward · · Score: 5, Funny

      Problem:
      The other thing Microsoft won't tell you is that if paramilitants do a home invasion, they can take your machine right out of the house and have access to all data and the entire network, for that matter.

      Solution: Install complex home alarm system, man traps, CCTV, and acquire armed guards, string up razor wire and dig tunnel system deep in the jungle.

      Ethic:
      I told microsoft that their computers were totally unprotected from physical theft by armed gangs of paramilitants and received no response. I am now sharing this with the community.

  3. News? by Anonymous Coward · · Score: 5, Insightful

    "Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on."

    Machines that are not protected are vulnerable. Well, that isn't really news is it? Sounds pretty silly to me.

    1. Re:News? by JustForMe · · Score: 5, Funny

      Windows Server must be running some services, I guess..

  4. Windows by Anonymous Coward · · Score: 5, Funny

    Only one remote hole in the kernel FOR eight years!

  5. Wait... by Gorffy · · Score: 5, Funny

    You mean to tell me that XP and 2k3 contain buggy legacy code? that IS news!

  6. What kind of software dev process do MS use? by Ex+Machina · · Score: 5, Interesting

    Isn't this EXACTLY what regression tests were designed for?

    1. Re:What kind of software dev process do MS use? by Anonymous Coward · · Score: 5, Funny

      Regression testing makes sure that things that used to work in the old version still works in the new version, so I'd say that windows is passing its regression tests with flying colors ;)

    2. Re:What kind of software dev process do MS use? by KDN · · Score: 5, Interesting
      Several jobs ago, the I did software development. The manager didn't like how every time I found a significant bug I added it to a test library that I kept and ran against every version of the code that I was about to put out to the group. His thought was "the odds of someone making the same mistake twice are non existent". One time he told me to put the code out before it was done the regression tests. Sure enough, crash and burn. And yes, my regression tests later caught the bug. Never again.

      As a further indication that I was right, I put an interface around the public interface of my libraries to validate all the parameters and actions. I noticed some people would make the same error so much that I even personalized some of the error messages. Like: "Your passing a string instead of an address John", and "Your reading from a closed object Kevin".

    3. Re:What kind of software dev process do MS use? by Phanatic1a · · Score: 5, Funny

      Or even "You're not using contractions properly, KDN"?

  7. Re:Only win ? by redJag · · Score: 5, Informative

    There is a big list before the provided source code.

  8. Windows running slow? by hackwrench · · Score: 5, Funny

    It may be a little thing called a firewall. A firewall is a spyware-like little piece of software that constantly pings a special server called a firedoor so that spammers hackers, and their ilk know when your computer is available on the internet. Unfortuntely Microsoft refuses to release a patch for this thing but a piece of software called a backdoor can be used to prevent the firewall from doing its dirty work. Download one today!

  9. Guess we need Boston Church XP by kakos · · Score: 5, Funny

    01 if by LAND, 10 if by SEA

  10. On a more serious note.. by tabkey12 · · Score: 5, Interesting
    Blanket Attacks (like blaster, where every windows computer on the net with windows sharing on is hit about 6 times an hour) are usually only viable when the Default configuration is insecure.

    At least with SP2 there is some basic security in terms of the firewall being on by default.

    Still, never thought I'd see a slashdot article linking to a page about Trumpet Winsock in 2005!

    --
    Get a free iPod Nano 4GB!
  11. Safest OS by Virtual+Karma · · Score: 5, Funny

    Windows is one of the safest OS around (and to keep it that way it is advised that the computer should not be connected to internet or any other network for that matter)

    --
    fuvoo: watch something
  12. What is the LAND attack? by fizbin · · Score: 5, Informative
    Quoting from http://www.insecure.org/sploits/land.ip.DOS.html:
    i recently discovered a bug which freezes win95 boxes. here's how
    it works: send a spoofed packet with the SYN flag set from a host, on an open
    port (such as 113 or 139), setting as source the SAME host and port
    (ie: 10.0.0.1:139 to 10.0.0.1:139). this will cause the win95 machine to lock
    up.
    So it's a way to either remotely lock up or reboot a target machine. I would assume (not having, you know, tried it or anything) that this includes most windows-based webservers.
  13. Can anyone confirm? by Anonymous Coward · · Score: 5, Interesting

    A friend showed this to me a few days ago and I was unable to reproduce the attack over the LAN, both with my own code and some code of the original LAND found with google. Both were run from linux by opening a raw socket, filling in ip and tcp headers including checksums using the structs in ip.h and tcp.h, and sending with sendto(). In both cases ethereal would show the packet as recieved but the machine would operate normally.

  14. Re:Only one thing though... by eviltypeguy · · Score: 5, Insightful

    If you think the majority of users are security minded like that, then why do you think the majority of users have so many problems that could be prevented in the first place by firewalls? Sorry, but my experience has been the opposite of your fairy tale.

  15. Retro! by bigtallmofo · · Score: 5, Funny

    I remember the days of Ping of Death, Land, Teardrop, New Tear, Bork, etc.

    Now that my WinXP SP2 system is susceptible to land again, it's getting me into a nostalgic mood. I think I'll go play Ms PacMan on my MAME cabinet now.

    --
    I'm a big tall mofo.
  16. Re:Not that big of a deal by itsnotthenetwork · · Score: 5, Insightful

    Nobody deserves to get their Boxen hacked, even if they don't always use the best available defenses.
    That is like saying the rape victim is at fault "'cause she looked so sexy"

  17. Mod parent down by Ulric · · Score: 5, Insightful

    That's a list of operating systems from 1997, taken out of an exploit from 1997. Linux 2.0.30? Novell 4.11? Solaris 2.5.1?

  18. Re:Only win ? by Anonymous Coward · · Score: 5, Funny

    OS X is invulnerable to all attacks, because it's made of magic.

  19. Re:Only win ? by AKnightCowboy · · Score: 5, Funny
    OS X is invulnerable to all attacks, because it's made of magic.

    *snort*. You owe me a new keyboard.

    /Mac user