On Wed, 14 Apr 1999, Joseph Gooch wrote: > Same behavior here, however NT LOGS all packets to the event log. I'm not > sure of NT's logging behavior, it could either fill the drive or if it has a > max size it could erase old events. Possibly cover up other vulnerabilities > that were tested. Since the MAC address isn't a real one, it's alot harder > to trace. The NT system logger has a size limit, on my system (and therefore I assume the default since I don't think I ever touched it) it is 512kb. It also will by default (this is configurable) not write over any entries less than 7 days old, which means when you fill all 512Kb it gives you a warning that the log is full, and _stops logging_. of course all of these attacks only work on the local subnet, which makes them a lot less worrisome then a more remote attack. > 9x is boring, just a lame message box. what versions? It definetly does work on some versions of 95 (like 4.00.950 B) If people want to test and send me the exact version and the results on the version I'll collate and post a summary. -chris _______________________________________________________ Christopher Rogers Stevens Institute of Technology gandalfat_private http://www.pobox.com/~gandalf I can prove anything with research except the truth. -Unknown
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:42:45 PDT