Full Disclosure mailing list archives
Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 30 Mar 2006 14:07:59 +0400
Dear Marc SCHAEFER, --Thursday, March 30, 2006, 9:52:10 AM, you wrote to full-disclosure () lists grok org uk: MS> Testing pings and telnet on the remote tunnel address (e.g. MS> 192.168.1.2) and capturing data with the libre software Ethereal on the MS> real Ethernet interface did show me that the flow of data was MS> correctly routed through the tunnel. MS> However, accessing \\192.168.1.2\c$ did go through the Ethernet MS> interface, and *not the tunnel*, and strangely half-using the private MS> addresses! Make sure "Client for Microsoft Network" is bound to tunnel adapter. Microsoft's network filesystem works with NIC in "shorten" way: data is copied from the disk to the file cache (physical memory), and the same physical memory address is given to NIC to transfer data. And vice versa for network client. It eliminates copying file data from memory to memory using CPU. That's why there can be differences in the CIFS/SMB behavior comparing with the rest of TCP/IP stack. Also, this can lead to incompatibilities with "emulated" NICs. -- ~/ZARAZA http://www.security.nnov.ru/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment Marc SCHAEFER (Mar 29)
- Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment B3r3n (Mar 29)
- Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment 3APA3A (Mar 30)