Full Disclosure mailing list archives
Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment
From: TheGesus <thegesus () gmail com>
Date: Sat, 1 Apr 2006 11:17:17 -0500
On 3/30/06, Marc SCHAEFER <schaefer () alphanet ch> wrote:
However, accessing \\192.168.1.2\c$ did go through the Ethernet interface, and *not the tunnel*, and strangely half-using the private addresses!
As soon as you put an IP from a disjoint network on an XP box, XP starts multicasting the new route you have made available to it. Other XP boxes join the party. Since they are on the same segment it makes no difference to the stack which interface the data goes out. It knows two routes and it'll use any one it damn well pleases, thank you. Unless you shut this multicasting off (registry mod - there is no user interface), XP will rat you out to the rest of the network. I learned this the hard way after creating a (VERBOTEN!) ad hoc wireless network between my laptop and desktop at work. In minutes the network guys were on the phone asking about the multicast traffic and what it was doing (I feigned innocence & blamed it on Windows as I yanked the USB wireless NIC off the desktop box... that seemed to satisfy them). XP was telling the world it knew a route to 169.254.x.x (which it really shouldn't do, at least according to RFC 3927). If you want to run a covert Openvpn network from work to home, learn about this and KILL it because a knowledgable net admin will ferret you out. Luckily we don't have any of those where I work. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment TheGesus (Apr 01)