RE: ARP hole in Windows NT/2000

• Previous message: Grzegorz Flak: "RE: ARP hole in Windows NT/2000"
• In reply to: Keith Simonsen: "Re: ARP hole in Windows NT/2000"
• Next in thread: ALoR: "Re: ARP hole in Windows NT/2000"
• Next in thread: Nelson Brito: "Re: ARP hole in Windows NT/2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 24 Nov 2001 17:38:48 +0100, Grzegorz Flak wrote:
>Does anybody has access to XP to check if it is also vulnerable?

WinXP doesnt appear to be vulnerable..
It honours static arp entries, but can still be fooled if there is no 
static entry.

Regards
-- 
Chris, chrisbat_private on 25/11/2001


C:\>ver

Microsoft Windows XP [Version 5.1.2600]

C:\>arp -s 192.168.1.20 00-00-e8-a5-8c-ae

C:\>arp -a

Interface: 192.168.1.10 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-80-48-e8-3e-a7     dynamic
  192.168.1.20          00-00-e8-a5-8c-ae     static

Ran arpspoof..

C:\>arp -a

Interface: 192.168.1.10 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-80-48-e8-3e-a7     dynamic
  192.168.1.20          00-00-e8-a5-8c-ae     static

C:\>arp -d 192.168.1.20
C:\>arp -a

Interface: 192.168.1.10 --- 0x2
  Internet Address      Physical Address      Type
  192.168.1.1           00-80-48-e8-3e-a7     dynamic
  192.168.1.20          00-80-48-e8-3e-a7     dynamic

• Next message: alert7: "Re: [NetGuard Security] NSI Rwhoisd another Remote Format String Vulnerability"
• Previous message: Grzegorz Flak: "RE: ARP hole in Windows NT/2000"
• In reply to: Keith Simonsen: "Re: ARP hole in Windows NT/2000"
• Next in thread: ALoR: "Re: ARP hole in Windows NT/2000"
• Next in thread: Nelson Brito: "Re: ARP hole in Windows NT/2000"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Nov 24 2001 - 22:23:45 PST