From: John Young <jya@pipeline.com>
Date: Thu, 4 Dec 1997 21:45:37 +0800
To: cypherpunks@toad.com
Subject: Land Attack on Routers/Servers
Message-ID: <1.5.4.32.19971204132552.00b64cd0@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain



 Hackers Out for IP Blood with New Land Attack 

 The Internet underworld last week unsheathed a new weapon 
 capable of knocking out IP-based routers and servers, sending 
 vendors scrambling to find ways to safeguard their gear. 

 Land Attack, officially known as land.c program code, was posted 
 on the Net by someone called "Meltman" and used last week in 
 attacks on Cisco Systems, Inc. routers and Unix and Windows 
 NT servers. Some of the targeted machines were slowed to a 
 crawl, while others had to be rebooted. 

 Land Attack represents a new twist on the dreaded "TCP SYN 
 flooding" denial-of-service attack. 

 But unlike TCP SYN flooding, Land Attack sends out just one 
 sinister SYN packet in which the sending devices IP address has 
 been swapped out for the IP address of the destination machine. 
 When the destination machine tries to acknowledge receipt of the 
 transmission, it ends up using its own address, which means it
 sends the message back to itself, resulting in a potentially fatal
 loopback condition. "If someone could find a way to use this 
 Land Attack program to spread this across the Internet, it could 
 cause major service disruptions," said Chris Klaus, chief
 technology officer at Internet Security Systems, Inc.

----------

More at: http://jya.com/land-attack.txt