Re: "LAND" Attack Update

Aleph One (aleph1@dfw.net)
Mon, 24 Nov 1997 23:53:16 -0600

This is the last "LAND" update. I will not post any more. This list is not
meant to be comprehensive nor accurate. For an accurate assestment of the
risk to your IP stack contact your vendor.

Cisco Field Notice: TCP Loopback Denial-of-Service Attack and Cisco Devices
http://www.cisco.com/warp/public/770/land-pub.shtml

Read "Network Ingress Filtering: Defeating Denial of Service Address Spoofing"
ftp://ietf.org/internet-drafts/draft-ferguson-ingress-filtering-03.txt

The survey says:

AIX 3 IS vulnerable
AIX 3.2 NOT vulnerable
AIX 4 NOT vulnerable
AIX 4.1 NOT vulnerable
AIX 4.2.1 NOT vulnerable
AmigaOS AmiTCP 4.0demo NOT vulnerable
AmigaOS AmiTCP 4.2 (Kickstart 3.0) IS vulnerable
AmigaOS Miami 2.0 NOT vulnerable
AmigaOS Miami 2.1f NOT vulnerable
AmigaOS Miami 2.1p NOT vulnerable
AmigaOS Miami 2.92c NOT vulnerable
BeOS Preview Release 2 PowerMac IS vulnerable
BSDI 2.0 IS vulnerable
BSDI 2.1 (vanilla) IS vulnerable
BSDI 2.1 (K210-021,K210-022,K210-024) NOT vulnerable
BSDI 3.0 NOT vulnerable
DG/UX R4.12 NOT vulnerable
Digital UNIX 3.2c NOT vulnerable
Digital UNIX 4.0 NOT vulnerable
Digital VMS ??? IS vulnerable
FreeBSD 2.1.6-RELEASE NOT vulnerable
FreeBSD 2.2.2-RELEASE NOT vulnerable
FreeBSD 2.2.5-RELEASE IS vulnerable
FreeBSD 2.2.5-STABLE IS vulnerable (fixed)
FreeBSD 3.0-CURRENT IS vulnerable (fixed)
HP External JetDirect Print Servers IS vulnerable
HP-UX 9.03 NOT vulnerable
HP-UX 10.01 NOT vulnerable
HP-UX 10.20 NOT vulnerable
IBM AS/400 OS7400 3.7 IS vulnerable (100% CPU)
IRIX 5.2 IS vulnerable
IRIX 5.3 IS vulnerable
IRIX 6.2 NOT vulnerable
IRIX 6.3 NOT vulnerable
IRIX 6.4 NOT vulnerable
Linux 1.2.13 NOT vulnerable
Linux 2.1.65 NOT vulnerable
Linux 2.0.30 NOT vulnerable
Linux 2.0.32 NOT vulnerable
MacOS MacTCP IS vulnerable
MacOS OpenTransport 1.1.1 NOT vulnerable
MacOS 7.1p6 NOT vulnerable
MacOS 7.5.1 NOT vulnerable
MacOS 7.6.1 OpenTransport 1.1.2 IS vulnerable (not a compleate lockup)
MacOS 8.0 IS vulnerable (TCP/IP stack crashed)
MVS OS390 1.3 NOT vulnerable
NetApp NFS server 4.1d IS vulnerable
NetApp NFS server 4.3 IS vulnerable
NetBSD 1.1 IS vulnerable
NetBSD 1.2 IS vulnerable
NetBSD 1.2a IS vulnerable
NetBSD 1.2.1 IS vulnerable (fixed)
NetBSD 1.3_ALPHA IS vulnerable (fixed)
NeXTSTEP 3.0 IS vulnerable
NeXTSTEp 3.1 IS vulnerable
Novell 4.11 IS vulnerable (100% CPU for 30 secs)
OpenBSD 2.1 (conflicting reports)
OpenBSD 2.2 NOT vulnerable
OpenVMS 7.1 with UCX 4.1-7 IS vulnerable
OS/2 3.0 NOT vulnerable
OS/2 4.0 NOT vulnerable
QNX 4.24 IS vulnerable
Rhapsody Developer Release IS vulnerable
SCO OpenServer 5.0.2 SMP IS vulnerable
SCO OpenServer 5.0.4 IS vulnerable (kills networking)
SCO Unixware 2.1.1 IS vulnerable
SCO Unixware 2.1.2 IS vulnerable
Salaris 2.4 NOT vulnerable
Solaris 2.5.1 NOT vulnerable
Solaris 2.5.2 NOT vulnerable
Solaris 2.6 NOT vulnerable
SunOS 4.1.3 IS vulnerable
SunOS 4.1.4 IS vulnerable
Ultrix ??? NOT vulnerable
Windows 95 (vanilla) IS vulnerable
Windows 95 + Winsock 2 + VIPUPD.EXE IS vulnerable
Windows NT (vanilla) IS vulnerable
Windows NT + SP3 IS vulnerable
Windows NT + SP3 + simptcp-fix IS vulnerable

Some misc stuff:

3Com Accessbuilder 600/700 NOT vulnerable
3Com LinkSwitch 1000 NOT vulnerable
3Com OfficeConnect 500 NOT vulnerable
3Com SuperStack II Switch 1000 IS vulnerable
Adtran TSU Rack NOT vulnerable
Apple LaserWriter IS vulnerable
Ascend 4000 5.0Ap20 NOT vulnerable
Ascend Pipeline 50 rev 5.0Ai16 NOT vulnerable
Ascend Pipeline 50 rev 5.0Ap13 NOT vulnerable
BayNetworks MARLIN 1000 OS (0).3.024(R) NOT vulnerable
BinTec BIANCA/BRICK-XS 4.6.1 router IS vulnerable
Cisco Classic IOS < 10.3, early 10.3, 11.0, 11.1, and 11.2 IS vulnerable
Cisco IOS/700 IS vulnerable
Cisco Catalyst IS vulnerable
Digital VT1200 IS vulnerable
Farallon Netopia PN440 NOT vulnerable
HP Envizex Terminal IS vulnerable
LaserJet Printer NOT vulnerable
Livingston Office Router (ISDN) IS vulnerable
Livingston PM ComOS 3.3.3 NOT vulnerable
Livingston PM ComOS 3.5b17 + 3.7.2 NOT vulnerable
Livingston PM ComOS 3.7L NOT vulnerable
Livingston PM ComOS 3.7.2 NOT vulnerable
Livingston Enterprise PM 3.4 2L NOT vulnerable
Livingston T1/E1 OR IS vulnerable
Milkyway Blackhole Firewall 3.0 (SunOS) IS vulnerable
Milkyway Blackhole Firewall 3.02(SunOS) IS vulnerable
NCD X Terminals, NCDWare v3.1.0 IS vulnerable
NCD X Terminals, NCDWare v3.2.1 IS vulnerable
Netopia PN440 v2.0.1 IS vulnerable
Proteon GT60 NOT vulnerable
Proteon GT60Secure NOT vulnerable
Proteon GT70 NOT vulnerable
Proteon GT70Secure NOT vulnerable
Proteon GTAM NOT vulnerable
Proteon GTX250 NOT vulnerable
Proteon RBX250 NOT vulnerable
Sonix Arpeggio NOT vulnerable
Sonix Arpeggio + NOT vulnerable
Sonix Arpeggio Lite NOT vulnerable

Aleph One / aleph1@dfw.net
http://underground.org/
KeyID 1024/948FD6B5
Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01