lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <423166D0.1040004@home.se>
Date: Fri, 11 Mar 2005 10:37:20 +0100
From: exon <exon@...e.se>
To: bugtraq@...urityfocus.com
Subject: Re: Windows Server 2003 and XP SP2 LAND attack vulnerability

Jon O. wrote:
> All:
> 
> I would like to hear from someone who can reproduce this. If you can, please send
> details with OS, patches installed, pcaps, etc. not a report of what tools you used
> to create the packet, sniff and replay the results. I've tested this and either my
> machines are magically protected from this attack, or it is invalid (despite what
> the press might say). I'd like some outside corroboration of this attack.
> 

It appears it doesn't work if windows' builtin firewall is turned on, 
even if the attack is sent to an unfiltered and open port. The tcp and 
IP checksums must also be correct, which a lot of older land-attack 
programs failed to produce (I couldn't reproduce on my system with any I 
found online).

I've also noticed that targeted systems seems to respond to ping during 
the attack, but are completely incapable of doing anything that requires 
CPU resources to be spent in userland (typing text is impossible, moving 
the mouse works fine). Continuous attacks that cross some hardcoded 
packet boundary can even cause the targeted system to rustle back in to 
play early.

To test it, you'd need to log in and watch the task manager freeze up 
(set update interval to high to make it more obvious).

Attached is imland.c (improved multiple land), which was designed to 
rapidly and possibly continuously test a wide range of servers. It 
should compile cleanly on most unixen. I've thrown in some usage output 
as well. Please use it responsibly.

/exon

View attachment "imland.c" of type "text/x-csrc" (9227 bytes)

Powered by blists - more mailing lists