Results 1 to 5 of 5

Thread: Getting Land Attacks

  1. #1
    Junior Member
    Join Date
    May 2005

    Getting Land Attacks

    Frequently when I open my IE web browser, my McAfee Firewall warns me that it has blocked a Land Attack. Is there a way to trace the source of the attack? It is so regular, even though it doesn't seem to hurt anything, I would like to trace it to its source.

  2. #2
    They call me the Hunted foxyloxley's Avatar
    Join Date
    Nov 2003
    3rd Rock from Sun
    Sygate firewall allows you to do a backtrace of the offending IP, but that only shows the route taken to you.

    Why would you like to trace it ?

    If your F/W has it stopped, then it is doing its job.
    By regular. How regular ?

    You could always try the AO IP locator on the front page, to give you an idea of where the IP originates. [be aware that the locator isn't deadly accurate ]
    55 - I'm fiftyfeckinfive and STILL no wiser,
    OLDER yes
    Beware of Geeks bearing GIF's
    come and waste the day :P at The Taz Zone

  3. #3
    Junior Member
    Join Date
    May 2005
    Sorry lost track of my post. The land attacks were occuring almost as regularly as when I signed on to my web browser. That has continued up until a few days ago when they seemed to subside, but still occur but not as often. The trace indicated Shanghai, China as the source in most cases.

  4. #4
    Senior Member
    Join Date
    Sep 2001
    Unless you have access to you're ISP's router's netflow functions, there's no way you can trace back a Land attack to any computer other than... your own.

    Land attack packets, by nature, tcp packets with the syn flag up with the same (spoofed) source IP as the destination (ie: victim's) IP.

    Credit travels up, blame travels down -- The Boss

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Must admitt.. I hadn't Heard of "Land Attack" untill reading this post.. ..
    now most here will know and understand.. but to add to ammo's comment.. here is a bit of info from a quick Google.. a starting point for those who wish to learn more..

    A LAND attack consists of a stream of TCP SYN packets that have the source IP address and TCP port number set to the same value as the destination address and port number (i.e., that of the attacked host). Some implementations of TCP/IP cannot handle this theoretically impossible condition, causing the operating system to go into a loop as it tries to resolve repeated connections to itself. Service providers can block LAND attacks that originate behind aggregation points by installing filters on the ingress ports of their edge routers to check the source IP addresses of all incoming packets. If the address is within the range of advertised prefixes, the packet is forwarded; otherwise it is dropped.
    oh and the source.. Here

    Bastard I am.. a google results page it is

    Bloody smilies and that bloody url... geez
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts