Hi folks, even if it seems quite strange to answer to my own mail - there are two another observations concerning the mentioned vulnerability: 1) after a successfull attack there is another lock up occuring after the random MAC addresses are flushed from the ARP cache (it takes about 2 minutes) - the Windows machine locks for about 20 seconds, after that all goes fine again. 2) again, after such a successfull attack, giving arp -a on the command line results in 100% cpu utilization and nothings gets printed, however the machine is still responding to ctrl-c. Both, 1 and 2 are indicators for an ineffective arp table. It must be emphasized that the mentioned machine lockup is not an artifact of very high interrupt rates - 2000 packets per seconds should be easily handled, even by Windows. sincerly, Ihq.
This archive was generated by hypermail 2b30 : Mon Jul 30 2001 - 13:25:07 PDT