|
| TC: | 12001 | |
| Description: | This technique can be used even by an inexperienced attacker. TCP connections are characterized on the network by a 5-tuple (TCP protocol, Source IP address, Source Port, Destination IP address, Destination Port). An illegal (spoofed) packet sent with Source IP address = Destination IP address and Source Port = Destination Port may crash a target system. | |
| TC Impact: | Denial of Service |
| Vulnerability Publication: | Unknown | |
| Advisory Copyright: | M3kt, FLC | |
| Summary: | A widely available underground 'land attack' tool can be used to send a malformed packet to your system and remotely crash it or slow it down. | |
| Risk: | Medium | |
| CVSS 2.0 metrics: | Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial | |
| CVSS 2.0 Base Score: | 5.0 |
| Vulnerability Impact: |
Denial of Service |
|---|
| Host Impact: | Vulnerable systems will crash or slow down. | |
| Nature of Remediation: | Update the operating system. See the Update OS procedure. |
| Step required to fix the reported vulnerability: | |
***** Solution type: Undefined ***** In the meantime, block packets with a source address from inside with firewall or router. |
| References: | ||
| See the source code at http://www.securityfocus.com/archive/1/8083 on the BugTraq Web Archives. List of vulnerable systems at http://www.securityfocus.com/archive/1/8081 on the BugTraq Web Archives. Detailed description at http://www.cert.org/advisories/CA-1997-28.html on the CERT Web site. Description and source code at ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-98:01.land.asc on the FreeBSD Web site. For Windows NT, see the Q165005 article at http://support.microsoft.com/support/kb/articles/q165/0/05.asp on the Microsoft Web site. |
| CVE Link: |
CVE-1999-0016 |
 |
|---|
| Glossary: |
Firewall Packet Port Spoofing TCP |
|---|