Your ISP must not have any anti-spoof access lists in place. Normally, a
packet with a source address the same as the destination shouldn't be
allowed in from a remote source. Unless I'm not understanding something,
anti-spoofing at the ISP should stop all Land Attack problems.
On Wed, 27 Jun 2001, Adam Richardson wrote:
> I got the following reply regarding Land Attack which might well be it.
>
> Info is at
>
> http://www.wired.com/news/technology/0,1282,8707,00.html
> http://support.microsoft.com/support/kb/ARTICLES/Q165/0/05.asp
>
> >Envelope-to: [EMAIL PROTECTED]
> >From: "Rob Tashjian" <[EMAIL PROTECTED]>
> >To: "Adam Richardson" <[EMAIL PROTECTED]>
> >Subject: Re: Strange hack attempt on port 25 from my own ip address
> >Date: Wed, 27 Jun 2001 09:26:31 -0700
> >X-Priority: 3
> >
> >Adam,
> >
> >Look up 'Land Attack'. You send a packet to a host with the source
> >and destination addresses set to that host's address, and the source and
> >destination port set to the same port. The host then dies a horrible death
> >trying to reply to itself.
> >
> >rwt
> >---
> >Robert Tashjian
> >[EMAIL PROTECTED]
> >
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
