Re: "LAND" Attack Update

Aleph One (aleph1@dfw.net)
Fri, 21 Nov 1997 01:16:21 -0600

OK. Some more people reported in. A lot of people now are reporting
FreeBSD as not vulnerable. Yet the FreeBSD teams seems to have made a fix
in their code tree. YMMV.

Also you dot not need Winsocks 2 to run VTCPUPD. You can try it from:
http://support.microsoft.com/download/support/mslfiles/Vtcpupd.exe
As Ian C. Reandeau metioned VTCPUPD may only fix port 139. Try some other
ports and see if it cracshed Windows 95. It also seem that once you instal

A scary addition to the list is CISCO's IOS. This means that that any
routers that do not filter connections to their telnet (or other open
ports) can be taken down. It should be interesting to see what networking
connectitivy will be like tomorrow.

As pointed out filtering at the ingres router for spoofed packets will
stop external attacks. You can also filter at the host level if your OS
supports it.

Something to look into on multihomed machines is if it will lock up when
the packet contains two different source and destination addresses but
both belonging to the same machine.

AIX 3 IS vulnerable
BSDI 2.1 (vanilla) IS vulnerable
BSDI 2.1 (K210-021,K210-022,K210-024) NOT vulnerable
BSDI 3.0 NOT vulnerable
Digital UNIX 4.0 NOT vulnerable
FreeBSD 2.2.2-RELEASE (confilcting reports)
FreeBSD 2.2.5-RELEASE (conflicting reports)
FreeBSD 2.2.5-STABLE (conflicting reports)
HP External JetDirect Print Servers IS vulnerable
HP-UX 10.20 IS vulnerable
IRIX 6.2 NOT vulnerable
IRIX 6.3 NOT vulnerable
IRIX 6.4 NOT vulnerable
Linux 2.0.30 NOT vulnerable
Linux 2.0.32 NOT vulnerable
MacOS 7.5.1 NOT vulnerable
MacOS 8.0 IS vulnerable (TCP/IP stack crashed)
NetApp NFS server 4.3 IS vulnerable
NetBSD 1.2 IS vulnerable
NetBSD 1.2a IS vulnerable
NeXTSTEP 3.0 IS vulnerable
NeXTSTEp 3.1 IS vulnerable
Novell 4.11 NOT vulnerable
OpenBSD 2.1 (conflicting reports)
QNX 4.24 IS vulnerable
OpenBSD 2.2 (Oct31) NOT vulnerable
SCO OpenServer 5.0.4 NOT vulnerable
Salaris 2.4 NOT vulnerable
Solaris 2.5.1 NOT vulnerable
Solaris 2.6 NOT vulnerable
SunOS 4.1.4 IS vulnerable
Windows 95 (vanilla) IS vulnerable
Windows 95 + Winsock 2 + VIPUPD.EXE IS vulnerable
Windows NT (vanilla) IS vulnerable
Windows NT + SP3 IS vulnerable
Windows NT + SP3 + simptcp-fix IS vulnerable

Some misc stuff:

Ascend Pipeline 50 rev 5.0Ap13 NOT vulnerable
Cisco IOS 10.3(7) IS vulnerable
Cisco 2511 IOS ??? IS vulnerable
Cisco 753 IOS ??? IS vulnerable
LaserJet Printer NOT vulnerable
Livingston Office Router (ISDN) IS vulnerable
Livingston PM* ComOS 3.5b17 + 3.7.2 NOT vulnerable
NCD X Terminals, NCDWare v3.2.1 IS vulnerable

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01