Re: ARP hole in Windows NT/2000

From: Gigi Sullivan (sullivanat_private)
Date: Sat Nov 24 2001 - 01:58:14 PST

Next message: Keith Simonsen: "Re: ARP hole in Windows NT/2000"

Previous message: vuln-dev: "Revised Advisory on Hewlett Packard Issue"
In reply to: Tomas Nybrand IT: "Re: ARP hole in Windows NT/2000"
Next in thread: Keith Simonsen: "Re: ARP hole in Windows NT/2000"
Next in thread: Chris Green: "Re: ARP hole in Windows NT/2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Aiee :)

   Hello!

On Fri, Nov 23, 2001 at 08:38:04AM +0100, Tomas Nybrand IT wrote:
> Well ARP poisoning can´t be considered as something new, and I would
> prefer to call it a vulnerability in the ARP protocol rather than a
> windows vulnerability.

   When you set up a static ARP entry, it shouldn't be possible to
   overwrite that by getting a new (maybe fake) ARP reply packet.

   So, IMHO, this is a WindowsNT/2000 vulnerability about ARP protocol
   implementation.

   I don't know how to fix that, maybe there're out some new SPs.

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  Tomas Nybrand - UNIX Administrator
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>     --   Bene qui latuit, bene vixit.   --

bye bye

                        -- gg sullivan

-- 
Lorenzo Cavallaro	`Gigi Sullivan' <sullivanat_private>

Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)

Next message: Keith Simonsen: "Re: ARP hole in Windows NT/2000"
Previous message: vuln-dev: "Revised Advisory on Hewlett Packard Issue"
In reply to: Tomas Nybrand IT: "Re: ARP hole in Windows NT/2000"
Next in thread: Keith Simonsen: "Re: ARP hole in Windows NT/2000"
Next in thread: Chris Green: "Re: ARP hole in Windows NT/2000"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 24 2001 - 15:19:21 PST