Hi,
What is the signature for a Land attack ?
All the documentation i could get hold mentioned 'Land Attack' to be a
TCP Syn packet with same Src IP/port and Dest IP/port.
http://www.cert.org/advisories/CA-1997-28.html
http://www.insecure.org/sploits/land.ip.DOS.html
http://www.physnet.uni-hamburg.de/physnet/security/vulnerability/land.html
Then how do we classify the DoS attack packet which has same Src IP and
Dest IP.
( lets say it is not a TCP/UDP packet -> so port is not considered )
Snort signature for Land also has considered only the IP address and not
port.
thanks
ashley
--
Ashley Thomas
Research scientist
College of Computing
Georgia Tech.
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users