Hi Well ARP poisoning canīt be considered as something new, and I would prefer to call it a vulnerability in the ARP protocol rather than a windows vulnerability. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Tomas Nybrand - UNIX Administrator ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -- Bene qui latuit, bene vixit. -- Grzegorz.Flakat_private writes: >Hi, > >I am not sure, if it is something new, but I think I found serious >vulnerability in ARP implementation in WindowsNT/2000 (I checked it on >NT4 SP6 and Win2000 SP1). The problem is when somebody whant to use "man >in the middle" technik to evesdrop your traffic. This example was done >with ettercap. >To fill protect I use 'arp -s' to specify correct MAC for default >geteway. So I had : > 10.10.1.4 00-b0-64-49-1e-01 static > >then I use ettercap to capture my traffic to the gateway. Ofcourse I >could see my POP3 pass ;) Then I checked arp table once again: > > 10.10.1.4 00-01-02-23-85-e1 static > >The MAC is different (this is MAC of my linux box). I checked the same >on Solaris 2.7 and Linux 2.4.8 and they look unvulnerable. >Is this already known vulnerabilty (I found indication of similar >weakness, but that was on Windows 9x). > >Any suggestions how to get rid off that. > >Reagards
This archive was generated by hypermail 2b30 : Fri Nov 23 2001 - 18:02:03 PST