LAND

The LAND attack is a TCP packet that is sent to the target computer with a SYN flag set and a fake sender address. The tricky thing here is that the fake sender address is the same as the victim's address. If TCP has been implemented poorly, the victim interprets its own SYN-ACK response as a SYN request and sends yet another SYN-ACK. This leads to an infinite loop that causes the computer to freeze.

In a newer variant, the sender address of the packet is not the address of the attacked computer, but the loopback address 127.0.0.1. The purpose of this trick is to outsmart personal firewalls that respond to the classic variant (sender address = destination address), but which let the new form through unhindered. This form is also recognized and blocked by the device.

www.lancom-systems.com

LANCOM Systems GmbH | A Rohde & Schwarz Company | Adenauerstr. 20/B2 | 52146 Wuerselen | Germany | E‑Mail info@lancom.de

LANCOM Logo