Bugtraq mailing list archives
Buggy ARP handling in Windoze
From: paul () STARZETZ DE (Paul Starzetz)
Date: Thu, 29 Jun 2000 18:50:44 +0200
I discovered a strange bug in the ARP handling under Windows 98/latest Winsock patch (IGMP). Win98 (at almost Win95 as far as tested) would not handle static ARP entries correctly. Setting up an static ARP cache entry like: c:\windows\arp.exe -s host_ip host_mac do not immunise against spoofed ARP packet, if someone on the subnet is playing with ARP and regardless the opcode an ARP packet with arp_protocol_address == host_ip arrives, Windose will update the 'static' entry to the MAC whatever the ARP packet points to. So a 'static' entry means, the entry wouldn't be deleted and remains for ever in the cache. This is not really the behaviour we want :-) Note that Lunix will behave correctly (tested against 2.2.16 kernels), so setting an static ARP for a host protects your box from ARP spoofing. Of course, you may set up static ARP table and then run a firewall on each machine to filter further ARP....
Current thread:
- Re: WuFTPD: Providing *remote* root since at least1994, (continued)
- Re: WuFTPD: Providing *remote* root since at least1994 Kenn Humborg (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Hudin Lucian (Jun 29)
- Multiple vulnerabilities in Sybergen Secure Desktop anders.ingeborn () INFOSEC SE (Jun 30)
- SecureXpert Advisory [SX-20000620-2] SecureXpert DIRECT Sender (Jun 30)
- Re: WuFTPD: Providing *remote* root since at least1994 Bernd Luevelsmeyer (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Lars Mathiesen (Jun 28)
- Re: WuFTPD: Providing *remote* root since at least1994 Robert Bihlmeyer (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Ben Pfaff (Jun 29)
- Update to Integrity Protection Driver Available IPD (Jun 29)
- Re: WuFTPD: Providing *remote* root since at least1994 Theo de Raadt (Jun 29)
- Buggy ARP handling in Windoze Paul Starzetz (Jun 29)
- Re: Buggy ARP handling in Windoze Jurjen Oskam (Jun 29)
- Re: Buggy ARP handling in Windoze Steven Alexander (Jun 29)
- vpopmail-3.4.11 problems H D Moore (Jun 29)
- CONECTIVA LINUX SECURITY ANNOUNCEMENT - dump Conectiva Security (Jun 30)