Rajeev Atluri
Posted at 5:35 PM PT, Nov 25, 1997
A new bug has been posted on an Internet mail list that has the ability to cause systems, and particularly routers, to lock up and crash. Systems vulnerable to attacks include
Windows 95 and NT, Unix, and Macintosh OS, according to Internet Security Systems, a vulnerability detection company that has been compiling data on the bug.
"This one is probably one of the worst kind of attacks because it can easily bring down many different types of machines," said Christopher Klaus, founder and chief technology
officer at Internet Security Systems.
The bug, called the Land Attack and named after its discoverer, allows an attacker to send a Syn packet, which is used to open a connection, to a host that person wants to attack.
The packet is spoofed so that it appears to be coming from the same port as the computer is receiving the bug on, creating a loop while the machine tries to respond to itself, which
crashes the system.
The bug was posted to a mail list called bugtraq last week by a hacker code-named Meltdown, according to Klaus.
"That's become a mailing list of people to post exploits," Klaus said.
The attack affects routers, especially Cisco routers, significantly. However, Cisco has posted a means to reconfigure the machines to avoid the problem.
"Cisco has put out an advisory telling you how to reconfigure the router to block the attack," Klaus said. "For NT, you're probably going to need to apply a patch."
Patches of this sort can take as long as six months, but because of the seriousness of the Land Attack, a fix for the bug may arrive sooner, according to Klaus.
Internet Security Systems Inc., in Atlanta, can be reached at http://www.iss.net. Cisco Systems Inc., in San Jose, Calif., is at http://www.cisco.com.