Re: Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment

[TheGesus <thegesus () gmail com>]

On 3/30/06, Marc SCHAEFER <schaefer () alphanet ch> wrote:

>    However, accessing \\192.168.1.2\c$ did go through the Ethernet
>    interface, and *not the tunnel*, and strangely half-using the private
>    addresses!

As soon as you put an IP from a disjoint network on an XP box, XP
starts multicasting the new route you have made available to it. 
Other XP boxes join the party.

Since they are on the same segment it makes no difference to the stack
which interface the data goes out.  It knows two routes and it'll use
any one it damn well pleases, thank you.

Unless you shut this multicasting off (registry mod - there is no user
interface), XP will rat you out to the rest of the network.  I learned
this the hard way after creating a (VERBOTEN!) ad hoc wireless network
between my laptop and desktop at work.  In minutes the network guys
were on the phone asking about the multicast traffic and what it was
doing (I feigned innocence & blamed it on Windows as I yanked the USB
wireless NIC off the desktop box... that seemed to satisfy them).  XP
was telling the world it knew a route to 169.254.x.x (which it really
shouldn't do, at least according to RFC 3927).

If you want to run a covert Openvpn network from work to home, learn
about this and KILL it because a knowledgable net admin will ferret
you out.  Luckily we don't have any of those where I work.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/