Penetration Testing mailing list archives
Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARPThrottled)
From: Michael Thumann <michael.thumann () SPARKASSE-SINGEN-RADOLFZELL DE>
Date: Thu, 22 Mar 2001 12:04:35 +0100
I've got the same problem some time ago. A Token Ring environment normally uses source route bridging and perhaps transparent bridging, if needed. Source route bridging almost needs a RIF Field in the network packets to work, otherwise you don't get responses. There are differnet reasons for this: On Windows machines there's a registry key for controlling ARP Request with source route support: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters -> ArpAlwaysSourceRoute; dword; 0=always without RIF; 1=always with RIF If the value doesn't exist, the first ARP Packet is sent without a RIF and if there's no answer another ARP Request is sent with RIF. This may result in a timeout problem of the application. Another Problem is when only transparent bridging is used to bridge from token ring to ethernet segments. The RIF will get lost. To prevent the whole packet from getting lost you have to reinsert the RIF into the packet when it is entering a token ring segment with only source route bridging again. On Cisco routers you can use the multiring command to do this job. I don't think that it is a problem of translational bridging because the main job of translational bridging is to convert the MAC addresse properly from token ring to ethernet format and do some resizing of the packets, so you can check easily if the MAC address look like they have to. Here's a link to Cisco where Mixed Media Bridging and possible Problems are described: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/mmbridge.htm If you can place a sniffer at some interessting points you can check the presence of the RIF where it is needed. Hope that helps ;-) Michael -- Michael Thumann Certified Internet Security Manager Sparkasse Singen-Radolfzell Sitz: 78224 Singen Registergericht:Singen HRA 943
Current thread:
- [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Mike Ahern (Mar 21)
- Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Jose Nazario (Mar 22)
- Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARPThrottled) Michael Thumann (Mar 22)
- Re: [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Marco (Mar 22)
- <Possible follow-ups>
- [PEN-TEST] Bizzare Network Errors Found During Pen Test (IP ARP Throttled) Mike Ahern (Mar 23)