Cette Vulnérabilité est due à une erreur au niveau de la gestion de certains paquets SYN.
Aucun correctif n'est disponible à ce jour.
From: Dejan Levaja (dejanlevaja.com)
Date: Sat Mar 05 2005 - 12:17:14 CST
Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are vulnerable to LAND attack.
Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition.
IP Sorcery for creating malicious packet, Ethereal for sniffing it and tcpreplay for replaying.
Sending single LAND packet to file server causes Windows explorer freezing on all workstations currently connected to the server. CPU on server goes 100%. Network monitor on the victim server sometimes can not even sniff malicious packet. Using tcpreplay to script this attack results in total collapse of the network.
Vulnerable operating systems:
other OS not tested (I have other things to do currently – like checking firewalls on my networks )
Use Windows Firewall on workstations, use some firewall capable of detecting LAND attacks in front of your servers.
Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community.
Bulevar JNA 251
Serbia and Montenegro