Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Land Attack

From: Ashley Thomas <athomas () cc gatech edu>
Date: Tue, 31 Dec 2002 02:31:51 -0500
Hi,

What is the signature for a Land attack ?

All the documentation i could get hold mentioned 'Land Attack' to be a
TCP Syn packet with same Src IP/port and Dest IP/port.

http://www.cert.org/advisories/CA-1997-28.html
http://www.insecure.org/sploits/land.ip.DOS.html
http://www.physnet.uni-hamburg.de/physnet/security/vulnerability/land.html
Then how do we classify the DoS attack packet which has same Src IP and Dest IP. 
( lets say it is not a TCP/UDP packet -> so port is not considered )
Snort signature for Land also has considered only the IP address and not port. 

thanks
ashley

--
Ashley Thomas
Research scientist
College of Computing
Georgia Tech.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: