Land Attack bug puts many servers and routers at risk

Land Attack, a newly discovered method to crash servers and routers by exploiting a bug in their TCP/IP stacks, is causing a stir in the Internet community.

A long list of systems are apparently susceptible to Land Attack, because their TCP/IP protocol stacks share the same design fault. According to information circulated on an Internet mailing list, computers running Windows 95, NT, Mac OS, HP/UX, and Solaris, as well as some routers, are all affected.

Not vulnerable to the bug are SCO Open Server, Digital Unix, Novell Intranetware and the ?freeware? Unix version Linux, among surprisingly few other systems.

To lanch a Land Attack on a particular host system, a hacker sends a so-called ?Syn? packet to open a connection with the host. By using a technique called ?spoofing?, the Syn packet is made to appear as if it was sent by the host computer itself. This causes the host to attempt to respond to itself, causing a loop that effectively hangs up the system. ?It?s about as efficient as yanking out the power cord?, said Internet security consultant Kristof Van Damme.

The most worrying thing about the bug, however, is who knows about it. The Land Attack method was detailed in an Internet mailing list wich is received by system administrators and hackers alike - which means it is now commonly known to hackers all over the world.

?If I were an ISP, I would install a patch as soon as I can get one," warned Van Damme, ?Because right now, anyone can crash your server without leaving a trace.?

Software patches for the various affected operating systems might be some weeks in coming. Cisco is telling users how to reconfigure their routers so as to render them invulnerable to Land Attack. Most vendors were unavailable for comment due to the Thanksgiving Holiday.