[Fwd: Re: Properly Arp Cache Poisoning]

[Leandro Quibem Magnabosco <leandro.magnabosco () fcdl-sc org br>]

Hi Chris Brenton,

Chris Brenton escreveu:
> What do you mean by "DoS'ed"? Does the OS become unresponsive? Does the
> OS report an IP conflict? If you check the interface, is it still using
> the correct IP address? What OS/version is on each system?
>
>   
I think you have nailed the question here.
I have not realized before that the interface was actually shutting down.
The OS used on both, the Laptop and Desktop, is Windows Vista 64.
I was using Backtrack on another laptop that I used to make t he attack.
> I've noticed Vista and later will sometimes shutdown if it detects
> another system advertising the IP address it is using (like during an
> ARP cache poisoning attack). This is your most likely root cause, but
> additional clarification as to what happens to the laptop would be
> helpful.
>   
I think that the Desktop OS is not updated since I use Windows only to 
play games.
On the other hand, the laptop OS is updated, which could be the reason 
why it reacted differently.


So I guess I learned something really valuable here with your observation.
Windows Vista sometimes shuts down it's interface to avoid ARP cache 
poisoning attack.

Very nice.

Thank you all for replies I've received.
--
Leandro Quibem Magnabosco.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------