LAND

Land is a denial-of- service tool, which was released in November 1997. It exploits a vulnerability in the TCP implementation of operating systems, which was announced in March 1997 by Microsoft.

Operation

Country generates a SYN packet with source and destination address and port are identical, the source and destination address match that of the victim. This package is then sent to an open port of the victim. This responds with a SYN / ACK packet to the source ( ie himself). Error in the TCP / IP stack can cause this SYN / ACK packet is considered normal SYN packet and the victim generates a new SYN / ACK packet to itself. The victim is utilized by the SYN / ACK packets that it sends to itself on the same port.

The result is a race condition that can cripple the affected system. Also in November 1997, appeared Latierra, a development of the country that can carry out an attack on several (also closed ) ports at the same time and also allows you to customize several flags in the headers.

Effects

Special country gained popularity because not only various operating systems for end users as Windows and FreeBSD were affected, but also the company Cisco router could be paralyzed by this attack. These routers were susceptible in 1997 to be widespread and have been used, among others, the central points of the Internet or other large networks, so that large subnets could be made inaccessible by a single attack.

The code has been developed to generate new types (mutations).

On April 12, 2005 ( ie eight years after the birth ) it was announced that Windows XP ( SP2 ) and Windows 2003 ( RTM) are vulnerable to this attack again. A Land attack on these operating systems can not only lead to the utilization of the system, but also to crash.