Penetration Testing mailing list archives
[Fwd: Re: Properly Arp Cache Poisoning]
From: Leandro Quibem Magnabosco <leandro.magnabosco () fcdl-sc org br>
Date: Mon, 04 Jan 2010 14:01:46 -0200
Hi Chris Brenton, Chris Brenton escreveu:
What do you mean by "DoS'ed"? Does the OS become unresponsive? Does the OS report an IP conflict? If you check the interface, is it still using the correct IP address? What OS/version is on each system?
I think you have nailed the question here. I have not realized before that the interface was actually shutting down. The OS used on both, the Laptop and Desktop, is Windows Vista 64. I was using Backtrack on another laptop that I used to make t he attack.
I think that the Desktop OS is not updated since I use Windows only to play games. On the other hand, the laptop OS is updated, which could be the reason why it reacted differently.I've noticed Vista and later will sometimes shutdown if it detects another system advertising the IP address it is using (like during an ARP cache poisoning attack). This is your most likely root cause, but additional clarification as to what happens to the laptop would be helpful.
So I guess I learned something really valuable here with your observation.Windows Vista sometimes shuts down it's interface to avoid ARP cache poisoning attack.
Very nice. Thank you all for replies I've received. -- Leandro Quibem Magnabosco. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review BoardProve to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- [Fwd: Re: Properly Arp Cache Poisoning] Leandro Quibem Magnabosco (Jan 05)
- Re: [Fwd: Re: Properly Arp Cache Poisoning] Arjun Sambamoorthy (Jan 27)