Threat Level: green Handler on Duty: Yee Ching Tok

SANS ISC: LAND attacks against network devices SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
LAND attacks against network devices
A "LAND" attack involves IP packets where the source and destination address are set to address the same device. Older variants, as reported earlier, rely on the source address to be spoofed to the same value as the destination IP.  A recent post to Bugtraq came up with a new twist: LAND attacks against routers and perimeter devices, addressed to the outside interface and with the source spoofed to the inside interface. Rumour has it that these attacks are easily conducted and surprisingly "successful".  The defense, though, is just as simple: Packets with spoofed source addresses have no business entering your perimeter networks. If you have not yet applied ingress filtering on the outermost devices of your internet connection that you have control over, now is a good time to do so. RFC 2827 and RFC 3704 are good sources of information on ingress filtering and Reverse Path Forwarding. And while you're at it updating your filters, dont forget to apply outbound spoofing filters as well - see this paper in the SANS Reading Room for details.


385 Posts
ISC Handler
Dec 15th 2005

Sign Up for Free or Log In to start participating in the conversation!