Re: ARP problem in Windows9X/NT

[gandalf () POBOX COM (gandalf () POBOX COM)]

On Mon, 12 Apr 1999, Joel Jacobson wrote:

> Hello all bugtraqers!
>
> I've found a problem in Windows9X/NT's way of handeling ARP packets.
>
> If you flood a computer at your LAN with the packet below, it's user
> will be forced to click a messagebox's OK button x times, where x is the number
> of packets you flooded with.
[snip]
> And in HEX the packet look like this:
> ff ff ff ff ff ff 00 00 00 00 00 00 08 06 08 00 06 04 00 01 00 00 00
> 00 00 00 XX XX XX XX 00 00 00 00 00 00 XX XX XX XX
> (XX is what matters here)

Perhaps I am doing it wrong, but sending out arp requests like this only
generates a single messagebox.  If you send one or a million requests in
the time it takes to click ok, no new messageboxes will appear.

This is on NT4 sp4.

The packet I am sending out seems a tad different from the one listed,
the hex dump above seems to be missing the hardware address type.
anyways, what I sent was:

ff ff ff ff ff ff 00 00 00 00 00 00
08 06 00 01 08 00 06 04 00 01
00 00 00 00 00 00 XX XX XX XX
00 00 00 00 00 00 XX XX XX XX

-chris

_______________________________________________________
Christopher Rogers      Stevens Institute of Technology
gandalf () pobox com       http://www.pobox.com/~gandalf

Life would be much easier if we could just look at the source code