Search Learning Center for

LAND Attacks

AppSec, DDoS, Threats 14.1k views

A LAND Attack is a Layer 4 Denial of Service (DoS) attack in which, the attacker sets the source and destination information of a TCP segment to be the same. A vulnerable machine will crash or freeze due to the packet being repeatedly processed by the TCP stack.

Detailed Description

In a LAND attack, a specially crafted TCP SYN packet is created such that the source IP address and port are set to be the same as the destination address and port, which in turn is set to point to an open port on a victim’s machine. A vulnerable machine would receive such a message and reply to the destination address effectively sending the packet for reprocessing in an infinite loop. Thus, machine CPU is consumed indefinitely freezing the vulnerable machine, causing a lock up, or even crashing it.

CERT advisory has been published announcing that multiple servers, routers and operating systems are vulnerable to this type of attack, including the Classic Cisco IOS SoftwareMicrosoft Windows 2003 and XP SP2 ServersHP Jetdirect Print Servers and others.
Resistant implementations check for the destination information to be different then the source information. Mitigation techniques include installing patches on the vulnerable systems or using a firewall configured to filter out LAND packets