Slide 8 of 16
- The “Land” attack disables many IP stacks or host operating systems by sending a spoofed TCP packet with identical source address/port and destination address/port parameters, where the address is the device’s own IP address.
- This causes many stacks to get very confused, by using the same connection control block for both ends of the connection, crashing many stacks.
- Again, it requires the ability to send source spoofed packets from the perpetrator’s network.
- The “Land” attack, as well as vendor information regarding vulnerability, is discussed in CERT advisory CA-97.28, available at http://www.cert.org/pub/advisories/CA-97.28.Teardrop_Land.html