Vulnerability Development: Re: ARP hole in Windows NT/2000

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Re: ARP hole in Windows NT/2000

From: ALoR <Alor () iol it>
Date: Sun, 25 Nov 2001 23:19:13 +0100

At 07.39 24-11-2001, Keith Simonsen wrote:

Awhile back, a friend and I tested many platforms against this bug, using
both spoofed arp replies and spoofed gratuitious arp requests. Unfortunately
I can't find our results, but I do remember that all versions of Windows
we tested were vulnerable to changing static arp entries w/ spoofed arp
replies.

this is due to the fact that under Window 2000 (XP not tested) the staticoption mean only that the arp entry is permanent (it doesn't timeout) andnot (as It should be) that is unmodificable...


so Windows system are always poisonable... ;)

bye


   --==> ALoR <==---------------------- -  -   -

 ettercap project : http://ettercap.sourceforge.net
 e-mail: alor (at) users (dot) sourceforge (dot) net

By Date By Thread

Current thread:

Re: ARP hole in Windows NT/2000, (continued)
- Re: ARP hole in Windows NT/2000 Tomas Nybrand IT (Nov 23)
  - Re: ARP hole in Windows NT/2000 Gigi Sullivan (Nov 24)
  - Re: ARP hole in Windows NT/2000 Keith Simonsen (Nov 24)
    - RE: ARP hole in Windows NT/2000 Grzegorz Flak (Nov 24)
    - RE: ARP hole in Windows NT/2000 Chris (Nov 24)
    - Re: ARP hole in Windows NT/2000 ALoR (Nov 25)
  - Re: ARP hole in Windows NT/2000 Nelson Brito (Nov 24)
- Re: ARP hole in Windows NT/2000 Chris Green (Nov 23)