Re: "LAND" Attack Update

Don Lewis (Don.Lewis@TSC.TDK.COM)
Fri, 21 Nov 1997 17:24:48 -0800

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John W. Temples: "Re: Intel Pentium Bug on System V"
Previous message: Pat Farrell: "CyberCash response to: Major security flaw in Cybercash 2.1.2"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Don Lewis: "Re: "LAND" Attack Update"

On Nov 21, 1:22pm, Aleph One wrote:
} Subject: Re: "LAND" Attack Update
} We keep getting conflicting reports for FreeBSD and OpenBSD. The are
} enough reports and indications that those operating systems are indeed
} vulnerable but the vulnerabilitiy may not show up in all configurations
} depending on the enviroment, the intensity of cosmic rays, the phase of
} the moon, and if the testing person is left or right handed.

In the case of FreeBSD, there was a change made to its tcp_input()
implementation in October 1996 which probably has the side effect of
protecting against this attack. This change was removed in early October
1997 because it caused problems if spoofed SYN's with the source addresses
of legitimate hosts (other than the victim) were sent to it.

It looks to me like FreeBSD 2.2.2 should not be vulnerable unless it has
an updated version of tcp_input.c. I believe FreeBSD 2.2.5 is vulnerable.

A single attack packet may or may not cause the problem to occur, depending
on the TCP sequence numbers.

Next message: John W. Temples: "Re: Intel Pentium Bug on System V"
Previous message: Pat Farrell: "CyberCash response to: Major security flaw in Cybercash 2.1.2"
Maybe in reply to: Aleph One: ""LAND" Attack Update"
Next in thread: Don Lewis: "Re: "LAND" Attack Update"