Land attack
Land is a denial of service tool that was released in November 1997. It exploits a vulnerability in the TCP implementation of various operating systems that was announced by Microsoft in March 1997 .
functionality
Land generates a SYN packet in which the sender and destination address and port are identical, with the sender and destination address identical to that of the victim. This packet is then sent to an open port on the victim. This replies with a SYN / ACK packet to the source (i.e. itself). Errors in the TCP / IP stack can lead to this SYN / ACK packet being viewed as a normal SYN packet and the victim generating a new SYN / ACK packet to itself. The victim is busy with the SYN / ACK packets that it sends to itself on the same port.
A race condition arises that can paralyze the affected system. Latierra also appeared in November 1997 , a further development from Land that can attack several (even closed) ports at the same time and also allows various flags to be adjusted in the headers.
Effects
Special gained popularity country because not only various operating systems for end users such as Windows or FreeBSD were affected, but also router company Cisco could be paralyzed by this attack. These vulnerable routers were widespread in 1997 and were used, among other things, in central locations on the Internet or other large networks, so that large subnets could be made inaccessible with a single attack.
The code has evolved to create new species (mutations).
On April 12, 2005 (8 years after its creation) it became known that Windows XP (SP2) and Windows 2003 (RTM) are again susceptible to this attack. A land attack on these operating systems can not only lead to system utilization but also to a crash.