On Nov 21, 1:22pm, Aleph One wrote: } Subject: Re: "LAND" Attack Update } We keep getting conflicting reports for FreeBSD and OpenBSD. The are } enough reports and indications that those operating systems are indeed } vulnerable but the vulnerabilitiy may not show up in all configurations } depending on the enviroment, the intensity of cosmic rays, the phase of } the moon, and if the testing person is left or right handed. In the case of FreeBSD, there was a change made to its tcp_input() implementation in October 1996 which probably has the side effect of protecting against this attack. This change was removed in early October 1997 because it caused problems if spoofed SYN's with the source addresses of legitimate hosts (other than the victim) were sent to it. It looks to me like FreeBSD 2.2.2 should not be vulnerable unless it has an updated version of tcp_input.c. I believe FreeBSD 2.2.5 is vulnerable. A single attack packet may or may not cause the problem to occur, depending on the TCP sequence numbers.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:33:01 PDT