Snort mailing list archives
Land Attack
From: Ashley Thomas <athomas () cc gatech edu>
Date: Tue, 31 Dec 2002 02:31:51 -0500
Hi, What is the signature for a Land attack ? All the documentation i could get hold mentioned 'Land Attack' to be a TCP Syn packet with same Src IP/port and Dest IP/port. http://www.cert.org/advisories/CA-1997-28.html http://www.insecure.org/sploits/land.ip.DOS.html http://www.physnet.uni-hamburg.de/physnet/security/vulnerability/land.htmlThen how do we classify the DoS attack packet which has same Src IP and Dest IP.
( lets say it is not a TCP/UDP packet -> so port is not considered )Snort signature for Land also has considered only the IP address and not port.
thanks ashley -- Ashley Thomas Research scientist College of Computing Georgia Tech. ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Land Attack Ashley Thomas (Dec 31)
- Re: Land Attack Phil Wood (Dec 31)
- Re: Land Attack Ashley Thomas (Dec 31)
- Re: Land Attack Phil Wood (Dec 31)