Re: Land Protection for Cisco

[Jim Shankland <jas () flyingfox com>]

Paul D. Robertson <root () gannett com> writes:

> Has anyone tried [the "land" attack] sourced and destined for
> different interfaces on the same box?  My test gear is all tied
> up right now, and I'd rather not test on a production box.

It is highly unlikely that this would work.  The essence of the attack
is creating a TCP connection in which (src-ip, src-port) is equal
to (dst-ip, dst-port), so that the box's responses on that TCP circuit
reappear as input from the "peer".  This won't happen if
src-ip != dst-ip, even if both ip's are associated with the same box.

Jim Shankland
Flying Fox Computer Systems, Inc.