[Vulnerable] XP SP2/W2003 a ataques LAND.

08/03/2005 - 19:13 por Diego | Informe spam
***
Y atención hay un exploit circulando por internet para explotar la
vulnerabilidad, activar/instalar vuestros firewall inmediatamente sino
lo teneis activado todavia.

De momento no hay parche oficial
***


Vuln. XP SP2/W2003 (LAND)
http://www.nautopia.net/archives/es...3_land.php

Según reporta Dejan Levaja, tanto Windows XP SP2 como W2003 siguen
siendo vulnerables a ataques LAND. Este tipo de ataques no son nuevos
y se producen cuando la máquina víctima recibe paquetes SYN con la
misma IP de origen y destino, lo que provoca que empiece a generar
paquetes ACK tratando de responderse a sí misma en lo que podría ser
un bucle sin fin, con alto consumo de CPU y saturación, llegándose a
la denegación de servicio. Es algo que los reglajes internos de
algunos firewalls y routers evitan, filtrando los paquetes con la
misma dirección de origen y destino, pero en cualquier caso, aquí
queda el aviso.

Creative Commons License
This article is licensed under a Creative Commons License
Posted by wolffete at Marzo 8, 2005 02:51 PM




Microsoft Windows LAND Attack Denial of Service
http://secunia.com/advisories/14512/

Secunia Advisory: SA14512
Release Date: 2005-03-07

Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Unpatched

OS:
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Dejan Levaja has reported a vulnerability in Microsoft Windows,
allowing malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to improper handling of IP packets
with the same destination and source IP and the SYN flag set. This
causes a system to consume all available CPU resources for a certain
period of time.

This kind of attack was first reported in 1997 and became known as
LAND attacks.

Microsoft Windows XP with SP2 and Microsoft Windows 2003 have been
reported vulnerable.

Solution:
Filter traffic with the same IP address as source and destination
address at the perimeter.

Provided and/or discovered by:
Dejan Levaja




Hello, everyone.

Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are
vulnerable to LAND attack.
http://www.securityfocus.com/archiv...05-03-08/0

LAND attack:
Sending TCP packet with SYN flag set, source and destination IP
address and source and destination port as of destination machine,
results in 15-30 seconds DoS condition.



Tools used:
IP Sorcery for creating malicious packet, Ethereal for sniffing it and
tcpreplay for replaying.

Results:
Sending single LAND packet to file server causes Windows explorer
freezing on all workstations currently connected to the server. CPU on
server goes 100%. Network monitor on the victim server sometimes can
not even sniff malicious packet. Using tcpreplay to script this attack
results in total collapse of the network.

Vulnerable operating systems:
Windows 2003
XP SP2
other OS not tested (I have other things to do currently ? like
checking firewalls
on my networks ;) )

Solution:
Use Windows Firewall on workstations, use some firewall capable of
detecting LAND attacks in front of your servers.

Ethic:
Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO
answer received, so I decided to share this info with security
community.


Dejan Levaja
System Engineer
Bulevar JNA 251
11000 Belgrade
Serbia and Montenegro
cell: +381.64.36.00.468
email: dejan levaja com
 

Leer las respuestas

#1 Alezito [MS MVP]
08/03/2005 - 19:24 | Informe spam
Esto quedo corregido desde Windows NT 4.0 (SP4), donde se modifico el
"Tcpip.sys".

Alejandro [MS MVP]
Windows - Shell/User


"Diego" escribió en el mensaje
news:
***
Y atención hay un exploit circulando por internet para explotar la
vulnerabilidad, activar/instalar vuestros firewall inmediatamente sino
lo teneis activado todavia.

De momento no hay parche oficial
***


Vuln. XP SP2/W2003 (LAND)
http://www.nautopia.net/archives/es...3_land.php

Según reporta Dejan Levaja, tanto Windows XP SP2 como W2003 siguen
siendo vulnerables a ataques LAND. Este tipo de ataques no son nuevos
y se producen cuando la máquina víctima recibe paquetes SYN con la
misma IP de origen y destino, lo que provoca que empiece a generar
paquetes ACK tratando de responderse a sí misma en lo que podría ser
un bucle sin fin, con alto consumo de CPU y saturación, llegándose a
la denegación de servicio. Es algo que los reglajes internos de
algunos firewalls y routers evitan, filtrando los paquetes con la
misma dirección de origen y destino, pero en cualquier caso, aquí
queda el aviso.

Creative Commons License
This article is licensed under a Creative Commons License
Posted by wolffete at Marzo 8, 2005 02:51 PM




Microsoft Windows LAND Attack Denial of Service
http://secunia.com/advisories/14512/

Secunia Advisory: SA14512
Release Date: 2005-03-07

Critical: Less critical
Impact: DoS
Where: From remote
Solution Status: Unpatched

OS:
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Dejan Levaja has reported a vulnerability in Microsoft Windows,
allowing malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to improper handling of IP packets
with the same destination and source IP and the SYN flag set. This
causes a system to consume all available CPU resources for a certain
period of time.

This kind of attack was first reported in 1997 and became known as
LAND attacks.

Microsoft Windows XP with SP2 and Microsoft Windows 2003 have been
reported vulnerable.

Solution:
Filter traffic with the same IP address as source and destination
address at the perimeter.

Provided and/or discovered by:
Dejan Levaja




Hello, everyone.

Windows Server 2003 and XP SP2 (with Windows Firewall turned off) are
vulnerable to LAND attack.
http://www.securityfocus.com/archiv...05-03-08/0

LAND attack:
Sending TCP packet with SYN flag set, source and destination IP
address and source and destination port as of destination machine,
results in 15-30 seconds DoS condition.



Tools used:
IP Sorcery for creating malicious packet, Ethereal for sniffing it and
tcpreplay for replaying.

Results:
Sending single LAND packet to file server causes Windows explorer
freezing on all workstations currently connected to the server. CPU on
server goes 100%. Network monitor on the victim server sometimes can
not even sniff malicious packet. Using tcpreplay to script this attack
results in total collapse of the network.

Vulnerable operating systems:
Windows 2003
XP SP2
other OS not tested (I have other things to do currently ? like
checking firewalls
on my networks ;) )

Solution:
Use Windows Firewall on workstations, use some firewall capable of
detecting LAND attacks in front of your servers.

Ethic:
Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO
answer received, so I decided to share this info with security
community.


Dejan Levaja
System Engineer
Bulevar JNA 251
11000 Belgrade
Serbia and Montenegro
cell: +381.64.36.00.468
email: dejan levaja com

Preguntas similares