BugTraq has a note that version 10.3(7) is vunerable. I don't know which version of Cisco the IOS was running on.

-- Stan | Academ Consulting Services |internet: sob@academ.com Olan | For more info on academ, see this |uucp: {mcsun|amdahl}!academ!sob Barber | URL- http://www.academ.com/academ |Opinions expressed are only mine.A

Here's the post from bugtraq that details which operating systems and what hardware/software versions of Cisco IOS are vulnerable. I'm wondering, is SYN a TCP small service? I could usually find this out for myself, but my 102 degree fever is making it hard to think. Back to bed with me, Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services ---------- Forwarded message ---------- Date: Fri, 21 Nov 1997 13:22:22 -0600 From: Aleph One <aleph1@dfw.net> To: BUGTRAQ@NETSPACE.ORG Subject: Re: "LAND" Attack Update The latest update. It seems that not many versions of IOS are affected. The symptoms can also be strange. It will stop accepting connection, then after 30 seconds if may stop accepting processing ICMP echos, and after that it stops forwarding packets. So if you perform the test wait a couple of minutes and see if it still up before you come to any conclusions. Ivan Ganev also reports that testing again port 23 alone would not kill the router but testing againts the first 255 ports did.

From the reports is seem to be the older revisions of IOS (10.X and 11.0) in certain hardware configurations and the Cisco 700 Series ISDN access routers (not running IOS) are vulnerable.

We keep getting conflicting reports for FreeBSD and OpenBSD. The are enough reports and indications that those operating systems are indeed vulnerable but the vulnerabilitiy may not show up in all configurations depending on the enviroment, the intensity of cosmic rays, the phase of the moon, and if the testing person is left or right handed. An external "land" attack should not be an issue if you are filtering IP address spoofing at your ingress routers. You _ARE_ doing so? Correct? Well in case you forgot you can find Paul Ferguson's "Network Ingress Filtering: Defeating Denial of Service Address Spoofing" Internet Draft at ftp://ietf.org/internet-drafts/draft-ferguson-ingress-filtering-03.txt I highly recommend you implement it's recommendations. Of curse you are still at the mercy of those behind the filter. The survey says: AIX 3 IS vulnerable AIX 3.2 NOT vulnerable AIX 4 NOT vulnerable AIX 4.1 NOT vulnerable BeOS Preview Release 2 PowerMac IS vulnerable BSDI 2.1 (vanilla) IS vulnerable BSDI 2.1 (K210-021,K210-022,K210-024) NOT vulnerable BSDI 3.0 NOT vulnerable DG/UX R4.12 NOT vulnerable Digital UNIX 4.0 NOT vulnerable FreeBSD 2.2.2-RELEASE (confilcting reports) FreeBSD 2.2.5-RELEASE (conflicting reports) FreeBSD 2.2.5-STABLE (conflicting reports) FreeBSD 3.0-CURRENT IS vulnerable HP External JetDirect Print Servers IS vulnerable HP-UX 10.20 IS vulnerable IRIX 5.3 IS vulnerable IRIX 6.2 NOT vulnerable IRIX 6.3 NOT vulnerable IRIX 6.4 NOT vulnerable Linux 2.0.30 NOT vulnerable Linux 2.0.32 NOT vulnerable MacOS 7.5.1 NOT vulnerable MacOS 8.0 IS vulnerable (TCP/IP stack crashed) MVS OS390 1.3 NOT vulnerable AIX 4.1 NOT vulnerable NetApp NFS server 4.3 IS vulnerable NetBSD 1.1 IS vulnerable NetBSD 1.2 IS vulnerable NetBSD 1.2a IS vulnerable NetBSD 1.2.1 IS vulnerable NetBSD 1.3_ALPHA IS vulnerable NeXTSTEP 3.0 IS vulnerable NeXTSTEp 3.1 IS vulnerable Novell 4.11 NOT vulnerable OpenBSD 2.1 (conflicting reports) OS/2 3.0 NOT vulnerable QNX 4.24 IS vulnerable OpenBSD 2.2 (Oct31) NOT vulnerable SCO OpenServer 5.0.4 NOT vulnerable Salaris 2.4 NOT vulnerable Solaris 2.5.1 NOT vulnerable Solaris 2.6 NOT vulnerable SunOS 4.1.4 IS vulnerable Ultrix ??? NOT vulnerable Windows 95 (vanilla) IS vulnerable Windows 95 + Winsock 2 + VIPUPD.EXE IS vulnerable Windows NT (vanilla) IS vulnerable Windows NT + SP3 IS vulnerable Windows NT + SP3 + simptcp-fix IS vulnerable Some misc stuff: 3Com SuperStack II IS vulnerable Apple LaserWriter IS vulnerable Ascend 4000 5.0Ap20 NOT vulnerable Ascend Pipeline 50 rev 5.0Ai16 NOT vulnerable Ascend Pipeline 50 rev 5.0Ap13 NOT vulnerable BayNetworks MARLIN 1000 OS (0).3.024(R) NOT vulnerable BinTec BIANCA/BRICK-XS 4.6.1 router IS vulnerable Cisco IOS 10.3(7) IS vulnerable Cisco IOS 11.1(13) NOT vulnerable Cisco 1003 IOS 11.0 NOT vulnerable Cisco 1005 IOS 11.0(4) NOT vulnerable Cisco 1600 IOS 11.0(6) fc1 IS vulnerable Cisco 1601 IOS 11.1(8) AA NOT vulnerable Cisco 1601 IOS 11.1(10)AA NOT vulnerable Cisco 2500 IOS 11.0(9) NOT vulnerable Cisco 2500 IOS 11.1(6) fc1 IS vulnerable Cisco 2500 IOS 11.1(10) NOT vulnerable Cisco 2501 IOS 10.2 IS vulnerable Cisco 2501 IOS 10.2(2) IS vulnerable Cisco 2501 IOS 10.(7) IS vulnerable Cisco 2501 IOS 11.1(9) NOT vulnerable Cisco 2501 IOS 11.2(4)P NOT vulnerable Cisco 2503 IOS 11.0(9) IS vulnerable Cisco 2509 IOS 11.1 NOT vulnerable Cisco 2511 IOS ??? IS vulnerable Cisco 2511 IOS 10.3(4) NOT vulnerable Cisco 2511 IOS 11.1(8) NOT vulnerable Cisco 2511 IOS 11.2(4) NOT vulnerable Cisco 2514 IOS 11.2(5) NOT vulnerable Cisco 3102 IOS 9.X IS vulnerable Cisco 4000 IOS 11.0(7) NOT vulnerable Cisco 4000 IOS 11.1(6) NOT vulnerable Cisco 4000 IOS 11.2(4) fc1 NOT vulnerable Cisco 4000 IOS 11.2(9) NOT vulnerable Cisco 4500 IOS 10.13(15) IS vulnerable Cisco 4500 IOS 11.2(9) NOT vulnerable Cisco 4700M IOS 11.0(16) NOT vulnerable Cisco 7000 IOS 11.0(1) NOT vulnerable Cisco 7000 IOS 11.0(16) NOT vulnerable Cisco 7000 IOS 11.1(12) NOT vulnerable Cisco 7000 IOS 11.2(8) NOT vulnerable Cisco 7507 IOS 11.0(17) NOT vulnerable Cisco 753 OS Release 4 IS vulnerable Cisco 753 OS Release 4.0 IS vulnerable Cisco 754 OS Release 4.1 IS vulnerable Cisco 761 OS Release 4.0(1) IS vulnerable Cisco Catalyst 5000 IS vulnerable Digital VT1200 IS vulnerable HP Envizex Terminal IS vulnerable LaserJet Printer NOT vulnerable Livingston Office Router (ISDN) IS vulnerable Livingston PM ComOS 3.3.3 NOT vulnerable Livingston PM ComOS 3.5b17 + 3.7.2 NOT vulnerable Livingston PM ComOS 3.7L NOT vulnerable Livingston Enterprise PM 3.4 2L NOT vulnerable Milkyway Firewall 3.02 (SunOS) IS vulnerable NCD X Terminals, NCDWare v3.1.0 IS vulnerable NCD X Terminals, NCDWare v3.2.1 IS vulnerable