Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A DoS attack that sends a spoofed packet whose source IP and port match the destination, making a vulnerable host reply to itself and hang.
Land Attack Definition: A DoS attack that sends a spoofed packet whose source IP and port match the destination, making a vulnerable host reply to itself and hang.
A LAND (Local Area Network Denial) attack is a denial-of-service technique that sends a target a crafted TCP SYN packet in which the source IP address and port are spoofed to be identical to the destination IP address and port. A vulnerable system tries to reply to itself, creating a loop or empty connection state that consumes resources and can freeze or crash the host.
The attack exploits flawed handling of self-referential packets in older TCP/IP stacks. When the victim receives the SYN with matching source and destination, it generates a SYN-ACK addressed back to itself and waits, repeatedly processing the same connection attempt. On unpatched systems this loops or fills the connection table, spiking CPU usage and rendering the machine unresponsive. A single malformed packet can be enough on susceptible targets.
This matters because LAND illustrates how a tiny, malformed input can cause an outsized availability impact, the core risk of denial-of-service attacks. Although first publicized in the late 1990s and patched in modern operating systems, the underlying lesson, that protocol stacks and network devices must validate packet fields, remains central to defensive design. Network filtering that drops packets whose source address equals the destination, and ingress filtering against spoofed addresses (per BCP 38), neutralize it.
For example, an attacker targets a legacy device by sending a TCP SYN packet spoofed so both the source and destination are the device's own IP and an open port such as 139. The vulnerable host attempts to answer itself, enters a tight loop processing the bogus connection, and becomes unreachable to legitimate users. A properly configured firewall or router with anti-spoofing rules detects that the source and destination addresses are identical and silently discards the packet before it ever reaches the host.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →