# LAND

> Mediated Wiki article. Canonical URL: https://mediated.wiki/source/LAND
> Markdown URL: https://mediated.wiki/source/LAND.md
> Source: https://en.wikipedia.org/wiki/LAND
> Source revision: 1338229373
> License: Creative Commons Attribution-ShareAlike 4.0 International (https://creativecommons.org/licenses/by-sa/4.0/)

{{Short description|Denial of Service attack}}

A '''LAND''' (local area network denial) is a [denial-of-service attack](/source/denial-of-service_attack) that consists of sending a special poison [spoofed](/source/Spoofing_attack) [packet](/source/packet_(information_technology)) to a computer, causing it to lock up. The security flaw was first discovered in 1997 by someone using the alias and has resurfaced many years later in [operating system](/source/operating_system)s such as [Windows Server 2003](/source/Windows_Server_2003) and [Windows XP](/source/Windows_XP) SP2.

==Mechanism ==
The attack involves sending a spoofed [TCP](/source/Transmission_Control_Protocol) [SYN](/source/SYN_(TCP)) packet (connection initiation) with the target host's [IP address](/source/IP_address) to an open port as both source and destination. This causes the machine to reply to itself continuously. It is, however, distinct from the [TCP SYN Flood vulnerability](/source/SYN_flood).

Other LAND attacks have since been found in services like [SNMP](/source/SNMP) and Windows 88/tcp (kerberos/global services). Such systems had design flaws that would allow the device to accept request on the wire appearing to be from themselves, causing repeated replies.

==Vulnerable systems==
Below is a list of vulnerable operating systems:<ref>{{Cite web|url=http://insecure.org/sploits/land.ip.DOS.html|title = The LAND attack (IP DOS)}}</ref>
* [AIX](/source/AIX_operating_system) 3.0
* [AmigaOS](/source/AmigaOS) AmiTCP 4.2 (Kickstart 3.0)
* [BeOS](/source/BeOS)  Preview release 2 PowerMac
* [BSDi](/source/BSD%2FOS) 2.0 and 2.1
* [Digital VMS](/source/OpenVMS)
* [FreeBSD](/source/FreeBSD) 2.2.5-RELEASE and 3.0 (Fixed after required updates)
* [HP](/source/Hewlett-Packard) External JetDirect Print Servers
* [IBM](/source/IBM) AS/400 OS/400 3.7
* [Irix](/source/Irix) 5.2 and 5.3
* [Mac OS](/source/Mac_OS) MacTCP, 7.6.1 OpenTransport 1.1.2  and 8.0
* [NetApp](/source/NetApp) NFS server 4.1d and 4.3
* [NetBSD](/source/NetBSD) 1.1 to 1.3 (Fixed after required updates)
* [NeXTSTEP](/source/NeXTSTEP) 3.0 and 3.1
* [Novell](/source/Novell) 4.11
* [OpenVMS](/source/OpenVMS) 7.1 with UCX 4.1-7
* [QNX](/source/QNX) 4.24
* [Rhapsody](/source/Rhapsody_(operating_system)) Developer Release
* [SCO](/source/SCO_Group) OpenServer 5.0.2 SMP, 5.0.4
* [SCO](/source/SCO_Group) Unixware 2.1.1 and 2.1.2
* [SunOS](/source/SunOS) 4.1.3 and 4.1.4
* [Windows](/source/Microsoft_Windows) 95, NT and XP SP2

==Prevention==
Most [firewalls](/source/Firewall_(networking)) should intercept and discard the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole.

==See also==
* [Slowloris (computer security)](/source/Slowloris_(computer_security))
* [High Orbit Ion Cannon](/source/High_Orbit_Ion_Cannon)
* [Low Orbit Ion Cannon](/source/Low_Orbit_Ion_Cannon)
* [ReDoS](/source/ReDoS)
* [Denial-of-service attack](/source/Denial-of-service_attack)

==References==
{{Reflist}}

==External links==
*[http://insecure.org/sploits/land.ip.DOS.html Insecure.Org's original post about the attack]
*[http://www.internetnews.com/security/article.php/3488171 Article about XP's vulnerability]

Category:Denial-of-service attacks
Category:Types of cyberattacks

---
Adapted from the Wikipedia article [LAND](https://en.wikipedia.org/wiki/LAND) by Wikipedia contributors ([contributor history](https://en.wikipedia.org/wiki/LAND?action=history)). Available under [Creative Commons Attribution-ShareAlike 4.0 International](https://creativecommons.org/licenses/by-sa/4.0/). Changes may have been made.
