LAND

A LAND is a denial-of-service attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was first discovered in 1997 by someone using the alias and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

Mechanism

The attack involves sending a spoofed TCP SYN packet with the target host's IP address to an open port as both source and destination. This causes the machine to reply to itself continuously. It is, however, distinct from the TCP SYN Flood vulnerability.
Other LAND attacks have since been found in services like SNMP and Windows 88/tcp. Such systems had design flaws that would allow the device to accept request on the wire appearing to be from themselves, causing repeated replies.

Vulnerable systems

Below is a list of vulnerable operating systems:

AIX 3.0
AmigaOS AmiTCP 4.2
BeOS Preview release 2 PowerMac
BSDi 2.0 and 2.1
Digital VMS
FreeBSD 2.2.5-RELEASE and 3.0
HP External JetDirect Print Servers
IBM AS/400 OS7400 3.7
Irix 5.2 and 5.3
Mac OS MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0
NetApp NFS server 4.1d and 4.3
NetBSD 1.1 to 1.3
NeXTSTEP 3.0 and 3.1
Novell 4.11
OpenVMS 7.1 with UCX 4.1-7
QNX 4.24
Rhapsody Developer Release
SCO OpenServer 5.0.2 SMP, 5.0.4
SCO Unixware 2.1.1 and 2.1.2
SunOS 4.1.3 and 4.1.4
Windows 95, NT and XP SP2

Prevention

Most firewalls should intercept and discard the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole.