CVE-1999-0016

Cisco IOS - Denial of Service via Land IP Attack

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 7 public exploits for CVE-1999-0016. PoCs published by Dejan Levaja, m3lt, MondoMan.

AI-analyzed exploit summary This exploit sends a spoofed TCP SYN packet with the source address and port set to match the destination, triggering an infinite loop in vulnerable TCP/IP stacks. It specifically targets Windows systems (including Windows Server 2003 and XP SP2) and requires correct TCP/IP checksums for newer Microsoft platforms.

Description

Land IP denial of service.

Exploits (7)

exploitdb WORKING POC VERIFIED
by Dejan Levaja · cdoswindows
https://www.exploit-db.com/exploits/20814

This exploit sends a spoofed TCP SYN packet with the source address and port set to match the destination, triggering an infinite loop in vulnerable TCP/IP stacks. It specifically targets Windows systems (including Windows Server 2003 and XP SP2) and requires correct TCP/IP checksums for newer Microsoft platforms.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows 95, Windows NT 4.0 (up to SP3), Windows Server 2003, Windows XP SP2, Cisco IOS devices, Catalyst switches, HP-UX (up to 11.00)
No auth needed
Prerequisites: Raw socket permissions · Direct network access to the target (routers may block malformed packets)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by m3lt · cdoswindows
https://www.exploit-db.com/exploits/20812

This exploit sends a spoofed TCP SYN packet with the source and destination IP/port set to the target's address, triggering a 'land' attack that causes a denial-of-service (DoS) due to an infinite loop in vulnerable TCP/IP stacks. It includes checksum calculation to ensure packet validity for modern systems.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows 95, Windows NT 4.0 (up to SP3), Windows Server 2003, Windows XP SP2, Cisco IOS devices, Catalyst switches, HP-UX (up to 11.00)
No auth needed
Prerequisites: Raw socket permissions · Direct network access to the target (routers may block malformed packets)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by MondoMan · cdosmultiple
https://www.exploit-db.com/exploits/20813

This exploit code is a proof-of-concept for CVE-1999-0016, a TCP/IP stack vulnerability that causes a denial-of-service (DoS) by sending a spoofed TCP SYN packet with the source address and port set to match the destination. The code constructs and sends malformed packets to trigger an infinite loop in vulnerable systems.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Multiple TCP/IP stacks (Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, HP-UX up to 11.00)
No auth needed
Prerequisites: Network access to the target · Ability to spoof packets (may require local network access)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Konrad Malewski · c++dosmultiple
https://www.exploit-db.com/exploits/20811

This exploit code demonstrates a 'LAND' attack for CVE-1999-0016, which causes a denial-of-service by sending a spoofed TCP SYN packet where the source and destination IP/port are identical. It constructs and sends a malformed IPv6 packet with correct checksums to trigger an infinite loop in vulnerable systems.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Windows 95, Windows NT 4.0 (up to SP3), Windows Server 2003, Windows XP SP2, Cisco IOS devices, Catalyst switches, HP-UX (up to 11.00)
No auth needed
Prerequisites: Network access to the target · Ability to spoof packets (e.g., local network segment or misconfigured routing)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by m3lt · cdosmultiple
https://www.exploit-db.com/exploits/20810

This exploit code demonstrates the LAND attack (CVE-1999-0016), a DoS vulnerability affecting multiple TCP/IP stacks. It sends spoofed TCP SYN packets with the source address and port set to match the destination, causing an infinite loop in vulnerable systems.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Windows 95, Windows NT 4.0 up to SP3, Windows Server 2003, Windows XP SP2, Cisco IOS devices & Catalyst switches, HP-UX up to 11.00
No auth needed
Prerequisites: Raw socket permissions · Network access to target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by pexmee · poc
https://github.com/pexmee/CVE-1999-0016-Land-DOS-tool

This repository contains a functional PoC for CVE-1999-0016 (Land Attack), a DoS vulnerability where a spoofed TCP SYN packet with the same source and destination IP/port causes the target system to crash or hang. The script uses Scapy to craft and send the malicious packet, then verifies vulnerability by checking the target's response.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Various TCP/IP stack implementations (e.g., Windows 95/NT, Linux kernels pre-2.1.63)
No auth needed
Prerequisites: Scapy library · Network access to target · Target IP and open port
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WORKING POC
by Pommaq · poc
https://github.com/Pommaq/CVE-1999-0016-POC

This PoC exploits CVE-1999-0016 (Land Attack) by sending a spoofed TCP SYN packet with the same source and destination IP/port to crash vulnerable systems. It uses Scapy to craft and send the malicious packet, then verifies target downtime via ICMP ping.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Windows NT 4.0, Windows 95, and other vulnerable TCP/IP stack implementations
No auth needed
Prerequisites: Root/administrator privileges · Network access to target · Scapy library
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

EPSS 0.8099
EPSS Percentile 99.2%

Details

Status published
Products (23)
cisco/ios 7000
gnu/inet 5.01
hp/hp-ux 9.00
hp/hp-ux 9.01
hp/hp-ux 9.03
hp/hp-ux 9.04
hp/hp-ux 9.05
hp/hp-ux 9.07
hp/hp-ux 10.00
hp/hp-ux 10.01
... and 13 more
Published Dec 01, 1997
Tracked Since Feb 18, 2026