Penetration Testing mailing list archives
Re: ARP Requests
From: "Jason Ross" <algorythm () gmail com>
Date: Tue, 7 Aug 2007 14:06:08 -0400
On 8/7/07, ilaiy <ilaiy.e () gmail com> wrote:
http://blogs.msdn.com/virtual_pc_guy/archive/2005/01/17/354971.aspx ./thanks ilaiy
I'm curious how you figured out that seeing packets being sprayed across the wire was somehow related to a Virtual PC startup error message? As I read the question, I was wondering whether the remote PC was configured for dhcp/bootp and if so, thought that perhaps it was caught in a loop attempting to get an address but was unable to do so. In that case, resetting the network connection to resolve the problem would make some sense. It would seem that I was way off though, based on the fact that Virtual PC gives an error matching that MAC if it's borked and refuses to start up. ./thanks indeed for that insightful help, I certainly learned something new today, and am most impressed with your deductive powers! As a side note, it may be worth noting that ARP requests, by their nature, generally will have a destination of 00:00:00:00:00:00. This is because they are broadcast to the entire network segment. I would venture a guess that the packet 'malformed-ness' is not due to the destination address, but to something else (data contained within the packet, incorrect header info, etc.) It may also be worth examining the source host closely to see if there is something running which is attempting to spoof ARP requests/replies in an effort to capture traffic. Since resetting the network connection "fixed" the issue, I think it's unlikely, but it never hurts to see. -- jason ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- ARP Requests Kevin (Aug 06)
- Re: ARP Requests ilaiy (Aug 06)
- RE: ARP Requests Nicolas villatte (Aug 07)
- Re: ARP Requests Jason Ross (Aug 07)
- Re: ARP Requests ilaiy (Aug 06)