Security Incidents mailing list archives
Re: A bit strange ARP queries
From: Jeff Kell <jeff-kell () utc edu>
Date: Sat, 17 Dec 2005 20:08:37 -0500
Tillmann Werner wrote:
It has been quite some time since I've seen it in action, but this sounds very much like reverse arp (RARP), RFC-903, but without the complete packet, I couldn't say for certain.Rea,that trace is more than a bit strange and should be really alarming. One can do lots of dirty things abusing ARP.Has anyone seen such ARP packets? I am a bit curious, because we have no strange hardware that will set the target hardware address in the who-has ARP packet. Are there any attacks that using such packets?
Jeff
Current thread:
- A bit strange ARP queries Eygene A. Ryabinkin (Dec 15)
- Re: A bit strange ARP queries incidents (Dec 17)
- RE: A bit strange ARP queries Jason Burton (Dec 17)
- Re: A bit strange ARP queries wayne dawson (Dec 17)
- Re: A bit strange ARP queries Eygene A. Ryabinkin (Dec 17)
- RE: A bit strange ARP queries Craig Skelton (Dec 17)
- RE: A bit strange ARP queries Jeroen van Meeuwen (Dec 17)
- Re: A bit strange ARP queries Samuel R. Baskinger (Dec 21)
- Re: A bit strange ARP queries Eygene A. Ryabinkin (Dec 17)
- Re: A bit strange ARP queries Tillmann Werner (Dec 17)
- Re: A bit strange ARP queries Jeff Kell (Dec 17)
- <Possible follow-ups>
- RE: A bit strange ARP queries Paul Farrington (Dec 17)
- RE: A bit strange ARP queries Dave Hawkins (Dec 19)
- RE: A bit strange ARP queries Koike, Rafael Marcelino (Dec 22)
- Re: A bit strange ARP queries Eygene A. Ryabinkin (Dec 22)