Check or Attack Name: CiscoLand

The system is vulnerable to the land denial of service attack. Recovery may require physically visiting the affected hardware. The exploit initiates a TCP connection, giving the target host's address as both source and destination, and using the same port on the target host as both source and destination.

IOS v10.3 to v11.2 users should upgrade to 10.3(19a), 11.0(17), 11.0(17)BT, 11.1(15), 11.1(15)AA, 11.1(15)CA, 11.1(15)IA, 11.2(10), 11.2(9)P, 11.2(4)F1, or the latest supported version for the device. As with any software upgrade, you should verify that your hardware can support the new software before upgrading.

Temporary Fix: Appropriate firewalls and some configuration workarounds can block this attack. Other workarounds using input access lists are described in the Cisco Field Notice.

Patches: Cisco customers with contracts should obtain upgraded software through their regular update channels (generally via Cisco's web site). Customers without contracts should contact Cisco TAC at tac@cisco.com.

Cisco Systems Interim Field Notice, TCP Loopback DoS Attack (land.c) and Cisco Devices, http://www.cisco.com/warp/public/770/land-pub.shtml