lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <423166D0.1040004@home.se>
Date: Fri, 11 Mar 2005 10:37:20 +0100
From: exon <exon@...e.se>
To: bugtraq@...urityfocus.com
Subject: Re: Windows Server 2003 and XP SP2 LAND attack vulnerability
Jon O. wrote:
> All:
>
> I would like to hear from someone who can reproduce this. If you can, please send
> details with OS, patches installed, pcaps, etc. not a report of what tools you used
> to create the packet, sniff and replay the results. I've tested this and either my
> machines are magically protected from this attack, or it is invalid (despite what
> the press might say). I'd like some outside corroboration of this attack.
>
It appears it doesn't work if windows' builtin firewall is turned on,
even if the attack is sent to an unfiltered and open port. The tcp and
IP checksums must also be correct, which a lot of older land-attack
programs failed to produce (I couldn't reproduce on my system with any I
found online).
I've also noticed that targeted systems seems to respond to ping during
the attack, but are completely incapable of doing anything that requires
CPU resources to be spent in userland (typing text is impossible, moving
the mouse works fine). Continuous attacks that cross some hardcoded
packet boundary can even cause the targeted system to rustle back in to
play early.
To test it, you'd need to log in and watch the task manager freeze up
(set update interval to high to make it more obvious).
Attached is imland.c (improved multiple land), which was designed to
rapidly and possibly continuously test a wide range of servers. It
should compile cleanly on most unixen. I've thrown in some usage output
as well. Please use it responsibly.
/exon
View attachment "imland.c" of type "text/x-csrc" (9227 bytes)
Powered by blists - more mailing lists