NTA Monitor

Latest News

60% of UK website tests revealed Internet encryption and cross-site scripting vulnerabilities

10th April 2008 60% of web application tests performed for UK organisations showed that their websites contain weak encryption or cross-site scripting (XSS) vulnerabilities Read More

Demilitarised Zone most secure option for BlackBerry device

28th February 2008 Recent BlackBerry testing by IT security consultancy, NTA Monitor, has revealed that organisations are still not configuring these mobile devices correctly Read More

Retailers should put security top of their Christmas list

13th November 2007 With British consumers spending more than £6.6 billion online in the last two months of last year, the 2007 festive season is set to be one of great cheer for online retailers Read More

Businesses warned not to have skeletons in cupboards

13th November 2007 For many organisations, the festive season is an opportunity to heave a corporate sigh of relief and enjoy the brief respite in frenetic business activity as countless people all over the world, go home to celebrate Christmas Read More
Date: 30th April 2005
Risk: Medium

Security researchers have published details of a denial-of-service vulnerability that could enable hackers to attack Microsoft Windows and spin computers into senseless processing loops.

Posting to the SecurityFocus industry forum, an individual identified only as Dejan Levaja first described how the threat, known technically as a LAND attack for the type of code that triggers it, could affect Windows users by needlessly occupying their computers' processing power.

Using such an approach, an individual typically sends a packet of data to a Windows machine using a command that features the same source host and destination host information, thereby sending the computer running in circles.

Despite admitting that the potential for LAND attacks is real, Microsoft downplayed the impact of the vulnerability's exploitation, saying such an effort would only slow a Windows computer, not force it to crash. The company said the attacks can be largely avoided by merely employing the firewall tools it includes with its Windows operating system.

"Our initial investigation has revealed that this reported vulnerability cannot be used by an attacker to run malicious software on a computer," Microsoft said in a statement. "At this point, our analysis indicates the impact of a successful attack would be to cause the computer to perform sluggishly for a short period of time."

At least one research outfit says Microsoft's claim appears to ring true. The SANS Internet Storm Centre said existing attacks have not been able to take down computers entirely.

"We have not seen crashes. So far, we have seen the Windows OS do a local loop. The victim's machine is seeing packets from itself, so it is freaking out and doesn't know what to do, and it is using up a lot of resources trying to figure out what is going on."

Such threats are nothing new. LAND attacks first appeared as early as 1997 and have resurfaced for some unknown reason.

Security watchdogs at Secunia said software bugs, such as the one that allows for the LAND attacks, are caused by improper handling of IP packets with the same destination and source IP, which cause a system to consume all available CPU resources.

Secunia state that in some extreme cases, a LAND attack could indeed bring an infected machine to its knees.

References

http://isc.sans.org3http://www.cnet.com