North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Land Protection for Cisco

  • From: Jim Shankland
  • Date: Fri Nov 21 17:52:42 1997

Paul D. Robertson <[email protected]> writes:

> Has anyone tried [the "land" attack] sourced and destined for
> different interfaces on the same box?  My test gear is all tied
> up right now, and I'd rather not test on a production box.

It is highly unlikely that this would work.  The essence of the attack
is creating a TCP connection in which (src-ip, src-port) is equal
to (dst-ip, dst-port), so that the box's responses on that TCP circuit
reappear as input from the "peer".  This won't happen if
src-ip != dst-ip, even if both ip's are associated with the same box.

Jim Shankland
Flying Fox Computer Systems, Inc.