Bugtraq mailing list archives
Re: Buggy ARP handling in Windoze
From: "Woch, Wojtek" <wwoch () CPR FR>
Date: Tue, 10 Oct 2000 20:03:41 +0200
Paul Starzetz wrote:
I discovered a strange bug in the ARP handling under Windows 98/latest Winsock patch (IGMP). Win98 (at almost Win95 as far as tested) would not handle static ARP entries correctly. Setting up an static ARP cache
Testing on NT 4.0 with SP6a shows that it behaves the same, although the spoofed machine complains in its event log with a Tcpip event #4199 and an application popup #26 (IP address conflict). It appears also that as long as the IP address is in the ARP cache, it's MAC address can be overwritten - even if the entry is flagged as dynamic. But as Yuri Volobuev noted in his post "Redir games with ARP and ICMP", you would need to inject ARP packets continously in this case. cf http://www.securityfocus.com/templates/archive.pike?start=2000-10-08&list=1&end=2000-10-14&tid=7665&threads=0&
Current thread:
- Re: Buggy ARP handling in Windoze Woch, Wojtek (Oct 12)