What attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the victim’s
machine on any open port that is listening?
A.
Bonk attack
B.
Land attack
C.
Teardrop attack
D.
Smurf attack
Explanation:
The Land attack involves the perpetrator sending spoofed packet(s) with the SYN flag set to the
victim’s machine on any open port that is listening. If the packet(s) contain the same destination and
source IP address as the host, the victim’s machine could hang or reboot. In addition, most systems
experience a total freeze up, where as CTRL-ALT-DELETE fails to work, the mouse and keyboard
become non operational and the only method of correction is to reboot via a reset button on the
system or by turning the machine off. Vulnerable Systems: This will affect almost all Windows 95,
Windows NT, Windows for Workgroups systems that are not properly patched and allow Net Bios
over TCP/IP. In addition, machines running services such as HTTP, FTP, Identd, etc that do not filter
packet(s), that contain the same source / destination IP address, can still be vulnerable to attack
through those ports. Prevention: This attack can be prevented for open / listening ports by filtering
inbound packets containing the same source / destination IP address at the router or firewall level.
For most home users not running a lot of services, and for those who use IRC, disabling the Identd
server within their client will stop most attacks since the identd service (113) is becoming the most
attacked service/port.