[10221] in bugtraq
Re: ARP problem in Windows9X/NT
daemon@ATHENA.MIT.EDU (Joseph Gooch)
Thu Apr 15 13:24:23 1999
Date: Wed, 14 Apr 1999 15:41:22 -0400
Reply-To: Joseph Gooch <mrwizard@PSU.EDU>
From: Joseph Gooch <mrwizard@PSU.EDU>
X-To: Alan DeKok <alan@CRYPTOCARD.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199904131949.PAA22188@cryptocard.ott.igs.net>
> -----Original Message-----
> From: Bugtraq List [mailto:BUGTRAQ@NETSPACE.ORG]On Behalf Of
> Alan DeKok
> Sent: Tuesday, April 13, 1999 3:49 PM
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Re: ARP problem in Windows9X/NT
>
>
> route@RESENTMENT.INFONEXUS.COM wrote:
> > Didn't test your code. Rolled my from the same libnet
> example, and it
> > does work against NT and 95/98.
>
> I tested yours against a number of machines at work. Summary:
>
> NT4 sp3 displays one requestor. While it's on-screen, any
> additional ARP packets are ignored. Clicking 'OK', and then sending
> more packets results in another requestor.
>
> 95/98 displays one requestor per packet.
Same behavior here, however NT LOGS all packets to the event log. I'm not
sure of NT's logging behavior, it could either fill the drive or if it has a
max size it could erase old events. Possibly cover up other vulnerabilities
that were tested. Since the MAC address isn't a real one, it's alot harder
to trace.
9x is boring, just a lame message box.
Later,
Joseph Gooch
