LAND Attack
What is LAND Attack?
LAND AttackA legacy DoS attack that sends a spoofed TCP SYN packet whose source IP and port equal the destination, causing vulnerable systems to loop or crash.
A LAND (Local Area Network Denial) attack crafts a TCP SYN where the source IP address and port equal the destination IP and port, so the target appears to be initiating a connection with itself. Older TCP/IP stacks (Windows 95/NT, certain BSD- and SunOS-era systems, some embedded devices) responded by getting stuck in a SYN/ACK loop, consuming CPU, locking up, or rebooting. Modern operating systems detect and drop such packets, but the pattern reappears in poorly tested IoT and industrial network stacks. Defences include ingress filtering of packets where source equals destination, edge ACLs that drop spoofed traffic for owned address space, and timely patching or replacement of legacy devices.
● Examples
- 01
Sending a SYN packet from 10.0.0.1:80 to 10.0.0.1:80 to lock up an unpatched Windows 95 host.
- 02
A modern LAND-style packet causing a CPU spike on a vulnerable industrial controller.
● Frequently asked questions
What is LAND Attack?
A legacy DoS attack that sends a spoofed TCP SYN packet whose source IP and port equal the destination, causing vulnerable systems to loop or crash. It belongs to the Attacks & Threats category of cybersecurity.
What does LAND Attack mean?
A legacy DoS attack that sends a spoofed TCP SYN packet whose source IP and port equal the destination, causing vulnerable systems to loop or crash.
How do you defend against LAND Attack?
Defences for LAND Attack typically combine technical controls and operational practices, as detailed in the full definition above.