IBM AS/400 OS7400 3.7

HP External JetDirect Print Servers

OpenVMS 7.1 with UCX 4.1-7

Novell 4.11

Windows 95, NT and XP SP2, Vista

Most firewalls should intercept the poison packet thus protecting the host from this attack. Some operating systems released updates fixing this security hole.

AmigaOS AmiTCP 4.2 (Kickstart 3.0)

Mac OS MacTCP, 7.6.1 OpenTransport 1.1.2 and 8.0

FreeBSD 2.2.5-RELEASE and 3.0 (Fixed after required updates)

AIX 3.0

SCO Unixware 2.1.1 and 2.1.2

NetBSD 1.1 to 1.3 (Fixed after required updates)

NetApp NFS server 4.1d and 4.3

BeOS Preview release 2 PowerMac

QNX 4.24

SunOS 4.1.3 and 4.1.4

NeXTSTEP 3.0 and 3.1

Irix 5.2 and 5.3

Rhapsody Developer Release

BSDi 2.0 and 2.1

A LAND attack is a DoS (Denial of Service) attack that consists of sending a special poison spoofed packet to a computer, causing it to lock up. The security flaw was actually first discovered in 1997 by someone using the alias "m3lt", and has resurfaced many years later in operating systems such as Windows Server 2003 and Windows XP SP2.

The attack involves sending a spoofed TCP SYN packet (connection initiation) with the target host's IP address and an open port as both source and destination. The reason a LAND attack works is because it causes the machine to reply to itself continuously. Definition: "A LAND attack involves IP packets where the source and destination address are set to address the same device." Other land attacks have since been found in services like SNMP and Windows 88/tcp (kerberos/global services) which were caused by design flaws where the devices accepted requests on the wire appearing to be from themselves and causing replies repeatedly.