Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Windows 2003 and XP SP2 Vulnerable To LAND Attack

Hemos posted more than 9 years ago | from the one-if-by-sea-two-if-by-LAND dept.

Windows 534

An anonymous reader writes "Dejan Levaja, a Serbian security engineer has discovered that nearly 8 years after the attack was first made public, WIndows 2003 and Windows XP SP2 are in fact vulnerable to the historic LAND attack." Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

cancel ×

534 comments

Sorry! There are no comments related to the filter you selected.

Only win ? (4, Interesting)

mirko (198274) | more than 9 years ago | (#11865879)

Are only Windows platform vulnerable or will these attacks be successful on other non-ms platforms ?

Re:Only win ? (5, Informative)

redJag (662818) | more than 9 years ago | (#11865952)

There is a big list before the provided source code [hoobie.net] .

MOD PARENT UP ! (4, Informative)

mirko (198274) | more than 9 years ago | (#11866205)

BSDI 2.1 (vanilla) IS vulnerable
BSDI 2.1 (K210-021,K210-022,K210-024) NOT vulnerable
BSDI 3.0 NOT vulnerable
Digital UNIX 4.0 NOT vulnerable
FreeBSD 2.2.2-RELEASE IS vulnerable
FreeBSD 2.2.5-RELEASE IS vulnerable
FreeBSD 2.2.5-STABLE IS vulnerable
FreeBSD 3.0-CURRENT IS vulnerable
HP-UX 10.20 IS vulnerable
IRIX 6.2 NOT vulnerable
Linux 2.0.30 NOT vulnerable
Linux 2.0.32 NOT vulnerable
MacOS 8.0 IS vulnerable (TCP/IP stack crashed)
NetBSD 1.2 IS vulnerable
NeXTSTEP 3.0 IS vulnerable
NeXTSTEp 3.1 IS vulnerable
Novell 4.11 NOT vulnerable
OpenBSD 2.1 IS vulnerable
OpenBSD 2.2 (Oct31) NOT vulnerable
SCO OpenServer 5.0.4 NOT vulnerable
Solaris 2.5.1 IS vulnerable (conflicting reports)
SunOS 4.1.4 IS vulnerable
Windows 95 (vanilla) IS vulnerable
Windows 95 + Winsock 2 + VIPUPD.EXE IS vulnerable

Little known fact (5, Funny)

beatdown (788583) | more than 9 years ago | (#11865882)

It is also subject to sea and air attacks.

Re:Little known fact (1)

Spodlink05 (850651) | more than 9 years ago | (#11865897)

True, the US Navy use Windows don't they?

Re:Little known fact (4, Funny)

spektr (466069) | more than 9 years ago | (#11866006)

True, the US Navy use Windows don't they?

They had put it on an aircraft carrier and navigated it away from shore immediately, when they heard about the LAND exploit. To their delight, it stayed pretty stable in the middle of the sea.

Re:Little known fact (5, Funny)

Anonymous Coward | more than 9 years ago | (#11866248)

Yes, but they call them "port holes".

Re:Little known fact (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11865939)

they also use doors.

Re:Little known fact (2, Funny)

ndogg (158021) | more than 9 years ago | (#11865992)

But the most powerful weapon of all, which sometimes even classifies as a WMD? The /. attack!!!!!

Re:Little known fact (5, Funny)

Anonymous Coward | more than 9 years ago | (#11866060)

The Navy usually makes sure its ports are secure.

wow (5, Funny)

Quasar1999 (520073) | more than 9 years ago | (#11865886)

In other news, my computer is also prone to failing if I microwave it... hit it with a hammer, or attempt to install water cooling while I'm drunk...

Re:wow (1)

Freexe (717562) | more than 9 years ago | (#11865961)

Installing water cooling while drunk isn't that hard if you know what you are doing.

Things only really get messy when your drunk friends think its a good idea to try and drink the De-Ionised water running round the closed loop system

Twice!!

Re:wow (5, Funny)

Anonymous Coward | more than 9 years ago | (#11865984)

Problem:
The other thing Microsoft won't tell you is that if paramilitants do a home invasion, they can take your machine right out of the house and have access to all data and the entire network, for that matter.

Solution: Install complex home alarm system, man traps, CCTV, and acquire armed guards, string up razor wire and dig tunnel system deep in the jungle.

Ethic:
I told microsoft that their computers were totally unprotected from physical theft by armed gangs of paramilitants and received no response. I am now sharing this with the community.

Re:wow (1)

AviLazar (741826) | more than 9 years ago | (#11866190)

You haven't done this already? And you call yourself a geek. Oh, and you forgot the tremor-sensor and laser motion device. Not to mention the ED-209

No Sir, It's not similar (1)

vijaya_chandra (618284) | more than 9 years ago | (#11866000)

In this case, your computer is prone to failing when someone else decides that it should go down.

Re:wow (2, Insightful)

antiMStroll (664213) | more than 9 years ago | (#11866057)

Turning Windows firewall off poses the same risk as a strike with a hammer or microwaving? That's one fragile OS!

Re:wow (4, Insightful)

Tassach (137772) | more than 9 years ago | (#11866063)

There is NO legitimate reason whatsoever for a modern, patched operating system to be vulnerable to a simple, 8-year-old DOS attack. What's next, reintroduction of the Ping Of Death vulnerability? This is sloppy quality control, pure and simple.

This incident is just another example which demonstrates the importance (or more accurately, the lack thereof) that Microsoft's corporate culture places on security. Hasn't anyone at Microsoft ever heard about regression testing?

Microsoft has consistantly demonstrated that, regardless of what their press releases say, security is NOT one of their priorities. People need to start waking up and realizing this before they entrust their critical infrastructure to Microsoft products.

Re:wow (3, Funny)

log0n (18224) | more than 9 years ago | (#11866266)

Personally, I'm hoping WinNuke make a comeback.

News? (5, Insightful)

Anonymous Coward | more than 9 years ago | (#11865899)

"Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on."

Machines that are not protected are vulnerable. Well, that isn't really news is it? Sounds pretty silly to me.

Re:News? (4, Insightful)

A beautiful mind (821714) | more than 9 years ago | (#11865945)

You forgot something:

A box running no services should be not vulnerable of any dos except brute force even without a firewall. A firewall shouldn't be a solution to poor design/implementation problems and code bugs. That is simply not working. What if someone gets through the firewall?

Re:News? (0)

Anonymous Coward | more than 9 years ago | (#11865983)

I agree with what you are saying. But.. if you don't have a firewall and you are not protecting yourself, sooner or later you are bound to get hit by something/someone.

We shouldn't have to protect against poor designs, but that is life.

Re:News? (0)

Anonymous Coward | more than 9 years ago | (#11865987)

A machine running no services wouldn't be vulnerable to this. In order for this to work your machine needs to be connected to the internet, and if you're connected to the internet then you're running a service.

Re:News? (2, Insightful)

garcia (6573) | more than 9 years ago | (#11865991)

What if someone gets through the firewall?

Then you get attacked I guess but I have a feeling that if the firewall is up the would-be attackers would move on to a more vunerable attacker.

Re:News? (4, Informative)

InsaneGeek (175763) | more than 9 years ago | (#11866090)

The LAND attack requires an open port, so by definition if the system isn't running any services it will have no open ports and not be vulnerable to this attack.

Re:News? (5, Funny)

JustForMe (863749) | more than 9 years ago | (#11866198)

Windows Server must be running some services, I guess..

Re:News? (3, Insightful)

BorgDrone (64343) | more than 9 years ago | (#11865966)

"Machines that are not protected are vulnerable. Well, that isn't really news is it?"
A firewall is an additional level of security, a system should be save without it.

Re:News? (0, Insightful)

Anonymous Coward | more than 9 years ago | (#11866038)

Great attitude. Do you wear seatbelts? After all, your car should be safe enough without needing them. They're purely optional.

Re:News? (1)

Zork the Almighty (599344) | more than 9 years ago | (#11866106)

I guess seatbelts are the be-all end-all of safe car design then.

Re:News? (0, Troll)

Siniset (615925) | more than 9 years ago | (#11866242)

isn't that what airbags are, to make a car safe for people who don't wear their seatbelts?

Re:News? (0)

Anonymous Coward | more than 9 years ago | (#11866067)

Do you have stacks of cash laying around the house because your door are locked?

Re:News? (0)

Anonymous Coward | more than 9 years ago | (#11866068)

Well it sucks if you have to actually have open ports, e.g. if you have a web server/mail server/file server/etc running on Windows.

What about servers? (1)

Ulric (531205) | more than 9 years ago | (#11866271)

Looking at the code, this looks almost like something a firewall might let through. Let's say you have a web server. Obviously you must open up for syn packets to port 80. Would the Windows builtin firewall catch this?

Windows (5, Funny)

Anonymous Coward | more than 9 years ago | (#11865908)

Only one remote hole in the kernel FOR eight years!

Wait... (5, Funny)

Gorffy (763399) | more than 9 years ago | (#11865911)

You mean to tell me that XP and 2k3 contain buggy legacy code? that IS news!

What, is W gonna invade Redmond? (-1, Redundant)

Anonymous Coward | more than 9 years ago | (#11865915)

As long as we're going about imposing democracy, why not apply it to Microsoft?

And what about air or sea attack

Re:What, is W gonna invade Redmond? (1)

BigGerman (541312) | more than 9 years ago | (#11866078)

You are trolling of course but recently I was thinking WHAT IF an idealisticly-minded political leader gets right exposure to "free as in freedom" concept.. Not necessarely W mind you.

What kind of software dev process do MS use? (5, Interesting)

Ex Machina (10710) | more than 9 years ago | (#11865919)

Isn't this EXACTLY what regression tests were designed for?

Re:What kind of software dev process do MS use? (5, Funny)

Anonymous Coward | more than 9 years ago | (#11865957)

Regression testing makes sure that things that used to work in the old version still works in the new version, so I'd say that windows is passing its regression tests with flying colors ;)

Re:What kind of software dev process do MS use? (5, Interesting)

KDN (3283) | more than 9 years ago | (#11866178)

Several jobs ago, the I did software development. The manager didn't like how every time I found a significant bug I added it to a test library that I kept and ran against every version of the code that I was about to put out to the group. His thought was "the odds of someone making the same mistake twice are non existent". One time he told me to put the code out before it was done the regression tests. Sure enough, crash and burn. And yes, my regression tests later caught the bug. Never again.

As a further indication that I was right, I put an interface around the public interface of my libraries to validate all the parameters and actions. I noticed some people would make the same error so much that I even personalized some of the error messages. Like: "Your passing a string instead of an address John", and "Your reading from a closed object Kevin".

Re:What kind of software dev process do MS use? (5, Funny)

Phanatic1a (413374) | more than 9 years ago | (#11866260)

Or even "You're not using contractions properly, KDN"?

Re:What kind of software dev process do MS use? (0, Troll)

Threni (635302) | more than 9 years ago | (#11866265)

Did anyone ever reply "You're using the wrong spelling of "You're", KDN"?

Want to do your own testing? (4, Informative)

bluelip (123578) | more than 9 years ago | (#11866203)

Grab a copy of hping2 and try:

hping2 aaa.bbb.ccc.ddd -s 135 -p 135 -S -a aaa.bbb.ccc.ddd

Obviously, replace aaa.bbb.ccc.ddd w/ the ip address of the workstation you'd like to test

Re:What kind of software dev process do MS use? (3, Funny)

jd (1658) | more than 9 years ago | (#11866244)

Hey, give Microsoft a chance! Windows is regressing as fast as it can! :)


Oh, regression tests! Those things! Bill Gates thought they were just funny-looking packing peanuts and threw them out.

Arr...i be by sea (1, Funny)

Anonymous Coward | more than 9 years ago | (#11865925)

The pirates come by sea, not LAND.

What'd you deduce (0, Offtopic)

vijaya_chandra (618284) | more than 9 years ago | (#11865933)

if a 6.1 KB file takes 20 seconds to get downloaded?!

only that the server is going to get fried

And you're surprised becuase (0, Flamebait)

Nom du Keyboard (633989) | more than 9 years ago | (#11865934)

And everybody is surprised by this because...?

so what? (2, Funny)

MC68000 (825546) | more than 9 years ago | (#11865938)

Amazing, if I don't use I firewall, I'm vulnerable. Who would have thought?

Only one thing though... (4, Insightful)

MtViewGuy (197597) | more than 9 years ago | (#11865947)

Granted, you need to have the firewall turned off for this work, but there's a whole lotta machines that don't have it turned on.

...Isn't the Internet Connection Firewall that comes with Windows XP SP2 turned on by default when you install it in the first place?

Anyway, given all the warnings about Internet security in the last five years, the majority of users will already have downloaded and installed firewall programs such as ZoneAlarm.

Re:Only one thing though... (5, Insightful)

eviltypeguy (521224) | more than 9 years ago | (#11866044)

If you think the majority of users are security minded like that, then why do you think the majority of users have so many problems that could be prevented in the first place by firewalls? Sorry, but my experience has been the opposite of your fairy tale.

Re:Only one thing though... (2, Insightful)

liquidpele (663430) | more than 9 years ago | (#11866207)

Why would you want to DOS home computers?
Serers will have a firewall. Home comptuers won't, but what's the point then?
this means pretty much nothing.

Re:Only one thing though... (2, Interesting)

yasth (203461) | more than 9 years ago | (#11866072)

Yes but it does break a few things. And most users have certainly not downloaded zonealarm. Also W2k iirc does not have a built in firewall.

Now granted it is only a DOS attack, but still.

Not that big of a deal (0, Redundant)

Anonimo Covarde (669695) | more than 9 years ago | (#11865958)

Not trying to be an M$ apologist, but who will really be vulnerable to this? Home (l)users will most likely have the firewall on (because it is on by default) and any sane IT dept. will have a hardware firewall guarding any internet facing windows boxen. If you haven't firewalled your boxen in this day and age, you pretty much get what you deserve.

Re:Not that big of a deal (0)

Anonymous Coward | more than 9 years ago | (#11866099)

"Have you removed the security holes in the OS yet?" "No need. The firewall can handle it"

Re:Not that big of a deal (1)

Progman3K (515744) | more than 9 years ago | (#11866107)

I disagree.
The best reason for a firewall is stealth.
The second-best reason is to restrict access to certain service-ports for local-area network use only.

But even when you do that, the local machines can still use an exploit (knowingly or as zombies) on one of the open ports if an exploit for that port exists.

It's best BY FAR to fix your protocol to prevent exploits than hope the firewall keeps the Internet badguys out while praying none of your local machines are hostile.

Re:Not that big of a deal (5, Insightful)

itsnotthenetwork (634970) | more than 9 years ago | (#11866134)

Nobody deserves to get their Boxen hacked, even if they don't always use the best available defenses.
That is like saying the rape victim is at fault "'cause she looked so sexy"

Re:Not that big of a deal (4, Interesting)

Dimensio (311070) | more than 9 years ago | (#11866163)

I work in a university. Policy is not to have the Windows firewall turned on because it supposedly conflicts with a few needed applications. There is no hardware firewall whatsoever between the internal network and the outside world.

Oh, and standard policy is to have user accounts set up as Administrator at all times.

Cleaning up infected machines is a never-ending endeavour. Oddly, the few departments run by competent admins (as in, not the university's IT department) where user accounts are set up only as Users (among other things) don't have any security problems at all. I wonder why..

Oh, and before anyone blames me: I'm a grunt with no authority whatsoever. I've voiced my objections to the way things are run, but I can do little more than that.

Re:Not that big of a deal (2, Interesting)

Mikito (833242) | more than 9 years ago | (#11866187)

I would think that there would still be a lot of people (home users) who are running Windows 95, 98, 2000 or XP unpatched. Not everybody can afford to buy new systems every couple of years, and not everybody would even think of upgrading their operating system, let alone patching it or activating a firewall.

Windows running slow? (5, Funny)

hackwrench (573697) | more than 9 years ago | (#11865963)

It may be a little thing called a firewall. A firewall is a spyware-like little piece of software that constantly pings a special server called a firedoor so that spammers hackers, and their ilk know when your computer is available on the internet. Unfortuntely Microsoft refuses to release a patch for this thing but a piece of software called a backdoor can be used to prevent the firewall from doing its dirty work. Download one today!

Guess we need Boston Church XP (5, Funny)

kakos (610660) | more than 9 years ago | (#11865964)

01 if by LAND, 10 if by SEA

Re:Guess we need Boston Church XP (3, Funny)

Anonymous Coward | more than 9 years ago | (#11866031)

I thought it was 1 if by LAN, 2 if by C:

Re:Guess we need Boston Church XP (1)

Cylix (55374) | more than 9 years ago | (#11866222)

Think different, think binary....

In any case... (0, Troll)

M3rk1n_Muffl3y (833866) | more than 9 years ago | (#11865969)

Let's hope Dejan Levaja does not fall victim to the usual retaliation by big software co's like Dmitry Sklyarov.

On a more serious note.. (5, Interesting)

tabkey12 (851759) | more than 9 years ago | (#11865973)

Blanket Attacks (like blaster, where every windows computer on the net with windows sharing on is hit about 6 times an hour) are usually only viable when the Default configuration is insecure.

At least with SP2 there is some basic security in terms of the firewall being on by default.

Still, never thought I'd see a slashdot article linking to a page about Trumpet Winsock in 2005!

All windows? (1)

Sharp Rulez (799059) | more than 9 years ago | (#11865986)

The question is:

Why Win2000 is not affected by Land, but WinXP SP2 is!

Did Microsoft forgot to applied this patch? Or they removed it from the ip stack for somewhat reason..

Safest OS (5, Funny)

Virtual Karma (862416) | more than 9 years ago | (#11866003)

Windows is one of the safest OS around (and to keep it that way it is advised that the computer should not be connected to internet or any other network for that matter)

With the cdrom and floppy drive removed (1)

vijaya_chandra (618284) | more than 9 years ago | (#11866103)

and the usb slots closed lest you should hurt your OS

Re:Safest OS (2, Funny)

Terrasque (796014) | more than 9 years ago | (#11866135)

Including the power net.

Microsoft Notified (4, Funny)

Nom du Keyboard (633989) | more than 9 years ago | (#11866005)

Ethic:
Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community.

Of course they didn't reply. They're under LAND attack, and your message is caught in the server. You must have sent them a proof-of-concept, so what did you expect?

What is the LAND attack? (5, Informative)

fizbin (2046) | more than 9 years ago | (#11866008)

Quoting from http://www.insecure.org/sploits/land.ip.DOS.html [insecure.org] :
i recently discovered a bug which freezes win95 boxes. here's how

it works: send a spoofed packet with the SYN flag set from a host, on an open
port (such as 113 or 139), setting as source the SAME host and port
(ie: 10.0.0.1:139 to 10.0.0.1:139). this will cause the win95 machine to lock
up.
So it's a way to either remotely lock up or reboot a target machine. I would assume (not having, you know, tried it or anything) that this includes most windows-based webservers.

Re:What is the LAND attack? (1)

afidel (530433) | more than 9 years ago | (#11866118)

Hehe, so he's saying that Windows XP SP2 and Windows Server 2003 are vulnerable to WinNuke? Wow, MS patched that for Windows 95 pretty quickly, only took them a month or two. Before the patch came out we had all sorts of fun with people. One kid in our dorm was so hated that multiple people had scripts running on regular intervals to nuke his PC. Needless to say he had to go to residence services to get a new IP address which he failed to share =)

I know its been around, but...Linking to source? (2, Insightful)

Tmack (593755) | more than 9 years ago | (#11866009)

I know the land attack is old, but still, linking to a .c ? Why not link to the description of the attack and let that be enough. I was not aware /. was a scriptkiddie toolz warehouse. As stated by the article, there are still probably a bunch of machines this will affect, and putting a link directly to LAND.c on the main page probably isnt such a good idea. Whats next, root kits?

Tm

Re:I know its been around, but...Linking to source (1, Funny)

Anonymous Coward | more than 9 years ago | (#11866088)

The server has been slashdotted... guess it wasn't such a bad idea after all. Now fewer people can get to that file :)

Re:I know its been around, but...Linking to source (3, Insightful)

_bug_ (112702) | more than 9 years ago | (#11866216)

I know the land attack is old, but still, linking to a .c ? Why not link to the description of the attack and let that be enough. I was not aware /. was a scriptkiddie toolz warehouse. As stated by the article, there are still probably a bunch of machines this will affect, and putting a link directly to LAND.c on the main page probably isnt such a good idea. Whats next, root kits?

Honestly. Why don't you just stick your head in the ground every time there's a problem. If you don't see it, it can't be real.

C'mon. How much more difficult is it to go to google, type in "land.c" and get the source yourself?

Do you honestly think people visiting /. don't know how to use a search engine?

Besides, any good system administrator has to assume that every user out there has access to the latest, greatest, and most sophisticated tools to get into their systems.

And this is an 8 year-old exploit to boot.

OH NOES! He linked to the h4x0r f13lz! Whut k4nz W3 DOOZ?! C4llz 0wtz t3h wh4mbul4nc3!!!11!!

It shouldn't matter a single bit what gets linked to. The information is out there, anyone who wants to find it will. You can't try and suppress it. And to say that linking to it makes it easier... what did I just say about search engines? Oh gee, I've been saved a whole 5 seconds from going to google and finding it myself. Maybe all windows machiens will be patched within that time?

And source isn't useful to many people (4, Insightful)

Sycraft-fu (314770) | more than 9 years ago | (#11866223)

I'm not a programmer, so looking through a C file isn't likely to give me any useful information, unless it's in comments at the beginning of the code. What's more, I imagine even programmers would rather just hear a summary than have to sit there and look through a bunch of code to figure out what it does.

I mean ethical issues aside, it's just not that helpful to most people. I'm sure most people though "WTF is a LAND attack?" and cliked on the link to see. Getting a C file, is probably not the answer they wanted, espically given that it doesn't seem to be transfering, so I can't even see if it has useful comments or not.

When doing /. stories, link to relivant and if possible, concise descriptions of terms that people are likely to be unfarmilar with. If you want to provide a link to source, do it seperatly and note it as such.

UNLABELED too. (4, Insightful)

Ungrounded Lightning (62228) | more than 9 years ago | (#11866247)

I know the land attack is old, but still, linking to a .c ? I was not aware /. was a scriptkiddie toolz warehouse.

Not only that, it was unlabeled. That means anybody who follwed the link now has a copy of the malware in their machine's webcache, minimum. And if they saved it (to keep the list of vulnerable configurations, for example) they have the malware itself.

This simultaneously puts a bunch of slashdot readers at legal risk (from false prosecution and/or in-court character assasination, based on evidence from a siezed computer) and gives real baddies plausible deniability.

Re:I know its been around, but...Linking to source (0)

Anonymous Coward | more than 9 years ago | (#11866274)

...so we all can modify the code and make a worm.land attack...

Open ports (4, Insightful)

ca1v1n (135902) | more than 9 years ago | (#11866010)

Of course, some windows machines need to have open ports, like, say, if they're offering *services*. So really, your mundane desktop need not be affected. It's the production server you should be quite terrified about.

Can anyone confirm? (5, Interesting)

Anonymous Coward | more than 9 years ago | (#11866013)

A friend showed this to me a few days ago and I was unable to reproduce the attack over the LAN, both with my own code and some code of the original LAND found with google. Both were run from linux by opening a raw socket, filling in ip and tcp headers including checksums using the structs in ip.h and tcp.h, and sending with sendto(). In both cases ethereal would show the packet as recieved but the machine would operate normally.

Oh c'mon, that isn't fair. (4, Funny)

Billy Bo Bob (87919) | more than 9 years ago | (#11866030)

8 years is hardly enough to figure out how to patch windows.

Besides, like all everyone here says, it is the users own fault for not using a firewall. Having an expectation that 8 yr old attacks should be fixed is just unreasonable.

WTF, are you all on crack?

Re:Oh c'mon, that isn't fair. (1)

The Amazing Fish Boy (863897) | more than 9 years ago | (#11866182)

Besides, like all everyone here says, it is the users own fault for not using a firewall. Having an expectation that 8 yr old attacks should be fixed is just unreasonable.

Firewall is ON by default. If you're going to turn it OFF, Windows warns you. Windows can't stop you from making your computer insecure if you want to. You could just as well make a Remote Desktop account with Admin priveleges and no password.

Re:Oh c'mon, that isn't fair. (1)

Billy Bo Bob (87919) | more than 9 years ago | (#11866272)

Firewall is ON by default. If you're going to turn it OFF, Windows warns you. Windows can't stop you from making your computer insecure if you want to. You could just as well make a Remote Desktop account with Admin priveleges and no password. What a load of BS. There is *NO* excuse for vulnerability to this. "Making your computer insecure"???? No, Microsoft made my computer insecure; my only foolishness was installing windows. A firewall is an additional protection device, not the primary one. Still being vulnerable to age-old attacks is simply irresponsible.

so all windows servers are vulnerable to this? (1)

leuk_he (194174) | more than 9 years ago | (#11866046)

if i read correct:

Sending TCP packet with SYN flag set, source and destination IP address and source
and destination port as of destination machine, results in 15-30 seconds DoS condition.


SO sending every 10 seconds such a packet to a windows internet (http) host will make it disappear form the internet? DOS attack? that is lame.

Retro! (5, Funny)

bigtallmofo (695287) | more than 9 years ago | (#11866048)

I remember the days of Ping of Death, Land, Teardrop, New Tear, Bork, etc.

Now that my WinXP SP2 system is susceptible to land again, it's getting me into a nostalgic mood. I think I'll go play Ms PacMan on my MAME cabinet now.

Before the M$ bashing begins wholesale... (2, Funny)

go3 (570471) | more than 9 years ago | (#11866052)

Just remember that these people running 2003/XP without a firewall would also be running *NIX with a root password of "password". Mine is 12345

Re:Before the M$ bashing begins wholesale... (1)

Fuzzums (250400) | more than 9 years ago | (#11866151)

people running WXP without firewall don't use *NIX :)

Re:Before the M$ bashing begins wholesale... (1)

Ulric (531205) | more than 9 years ago | (#11866153)

A better comparison would perhaps be that they would be running Unix without a firewall. It can be done, with reasonable security even, although perhaps not a good idea.

Am I vulnerable? (3, Interesting)

SteelV (839704) | more than 9 years ago | (#11866061)

I have yet to install SP2 because I heard it hurts performance of some computer games, which is mainly what I use my windows PC for.

I am otherwise up-to-date with windows updates. I have a linksys router for my internet connection, but no software firewall.

Am I vulnerable to this and other issues? Should I update to SP2 already (the first time I tried it crashed while installing, didn't even work, but I could prob. get it to work next time). Or should I stay with SP1 for games?

Thank you.

Re:Am I vulnerable? (0)

Anonymous Coward | more than 9 years ago | (#11866209)

Please make sure to turn on port forwarding for your Linksys and provide your public IP. We'll let you know.

Re:Am I vulnerable? (1)

FunnyLookinHat (718270) | more than 9 years ago | (#11866218)

Update it. I haven't lost performance with any of my games... chances are that your system with automatic updates has already partially installed SP2.

Re:Am I vulnerable? (0)

Anonymous Coward | more than 9 years ago | (#11866238)

My only reaction to your comment can be summed up as follows: "OEH NOES A MICROSOFT UPDATE MIGTH REMOVE 2FPS FROM MY FAVEZ GAME LOL"

I hope you get the idea :)

Two things of note: (2, Informative)

AceJohnny (253840) | more than 9 years ago | (#11866127)

WTF is a LAND attack? From the source:
"LAND attack:
Sending TCP packet with SYN flag set, source and destination IP address and source and destination port as of destination machine, results in 15-30 seconds DoS condition."
If I understand correctly, this means the vulnerable machine will attempt to synchronise a connection with itself?

I find this quote enlightening:
"Ethic:
Microsoft was informed 7 days ago (25.02.2005, GMT +1, local time), NO answer received, so I decided to share this info with security community. "

So the vulnerability was made public. So exploits are going to be made. However, if Microsoft, who claim to have shifted more focus to security issues, had even acknowledged this report, the vulnerability wouldn't have become public so soon without a patch.
Kinda worries you about the way computer security is handled, doesn't it?

Re:Two things of note: (0)

Anonymous Coward | more than 9 years ago | (#11866189)

thing is that its been about for ages
http://www.insecure.org/sploits/land.ip.DOS. html
Vulnerable Systems: Windows95, Windows NT 4.0, WfWG 3.11, FreeBSD
Date: 20 November 1997

Really? You don't say. (0, Flamebait)

Squishy Eyeball Jeff (796823) | more than 9 years ago | (#11866137)

In other news, most homes are vulnerable to the classic BREAKIN attack if doors are left unlocked.

Film at 11.

In other news.... (1)

AviLazar (741826) | more than 9 years ago | (#11866146)

leaving your firewall, spamblocker, pop-up blocker, and virus protection programs off will leave your computer vulnerable to serious attacks....

Big deal... (2, Interesting)

14erCleaner (745600) | more than 9 years ago | (#11866152)

Denial of service attacks are so twentieth-century.

We've moved on to more productive uses of vulnerable machines (e.g. spam zombies). Who wants to do a DOS attack on a machine without a firewall anyway? What's the point?

Re:Big deal... (1, Insightful)

Anonymous Coward | more than 9 years ago | (#11866226)

I think the point is that this DOS exploit is so easy using one machine that it's begging for kiddies to do it.

Maybe he should change his name... (1)

Giggle Stick (673504) | more than 9 years ago | (#11866172)

to Dejan "Vue" Levaja! Thank you, I'm here 'till Thursday.

Everyone has good points, and yet.... (4, Funny)

writermike (57327) | more than 9 years ago | (#11866202)

Experts say servers are vulnerable to the infamous CAFE attack. One drop can take down an entire network!

Granted you have to have a computer next to a cup of coffee for this to work, but MANY PEOPLE DO!!!!!!!!!!

"LAND" war in Asia ... (4, Funny)

YetAnotherName (168064) | more than 9 years ago | (#11866219)

Vizzini: You only think I guessed wrong - that's what's so funny. I switched glasses when your back was turned. Ha-ha, you fool. You fell victim to one of the classic blunders, the most famous of which is "Never get involved in a land war in Asia", but only slightly less well known is this: "Never go in against a Sicilian, when *death* is on the line.". Hahahahahah. [Vizzini falls over dead]

(Yeah, off topic, I don't care.)

Does it work? (1)

ajaf (672235) | more than 9 years ago | (#11866273)

I haven't read any comment saying that this really works, could anyone confirm this?
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>