Minutes from Vulnerabilities meeting on 3 December 1997

Attendees: Matt Bishop, Karl Levitt, Peter Mell, Steven Samorodin, David O'Brien, Nik Joshi, Ricardo Anguiano



Synopsis of the LAND attack

A TCP packet is uniquely defined by the 5-tuple
< SrcAddr, SrcPort, DstAddr, DstPort, Protocol >

Summary of Attack

The attack consists of sending a SYN packet with the same source and destination address and port to a machine. In other words linking up a service such as the chargen port to itself. This confuses many boxes and causes them to lock up as CPU utilization by the confused TCP stack skyrockets.


Steven Samorodin / 12-3-97