In a Land attack, an attacker sends SYN packets to the attacked. The source IP addresses and destination IP addresses of SYN packets are all the IP addresses of the attacked. As a result, the attacked send SYN-ACK packets to their own IP addresses, which leads to a large number of null connections on the attacked host. The attacked encounter different problems under Land attacks: UNIX hosts crash and Windows NT hosts run very slowly.
After Land attack defense is configured, the device checks whether the source IP address and the destination IP address of a TCP packet are the same, or whether the source IP address of the TCP packet is a loopback address. If yes, the packet is discarded.