Windows XP, 2003 Vulnerable to Attack

A Serbian systems engineer alerted users of the Web site Security Focus over the weekend to a possible denial of service attack using MS-DOS. The problem affects those using Windows Server 2003 or Windows XP SP2 without a firewall activated.

Called a LAND attack, the 8 year-old denial of service involves a packet of information being sent to a computer where the source computer makes it look like the origin of the packet is the destination computer itself.

The invalid packet information results a 15 to 30 second period where the Windows computer becomes unresponsive. If repeated packets are sent, it can result in a collapse of the entire network.

The engineer said that simply activating Windows Firewall, or some other firewall software capable of detecting these LAND packets will prevent an attack.

Thus far, Microsoft has been unresponsive to the engineer's concerns. "Microsoft was informed 7 days ago (February 25), NO answer received, so I decided to share this info with security community," he said.