Vulnerability Development mailing list archives
Re: Win XP IP address hijack?
From: Jarek Durak <jdk () tempus metal agh edu pl>
Date: Fri, 14 Dec 2001 21:35:02 +0100
Curt Wilson wrote:
I was doing some experimentation in my home lab recently and came across something I thought was interesting. I would enjoy any comments on this potential issue, which may be known already but is a new one for me. I was running a desktop with Win XP pro using a static IP address. I booted up a laptop running Win98 with a duplicate IP address; the duplicate IP address message appeared on the 98 box and the 98 interface was disabled. XP connectivitiy worked as normal. (this is standard operation so far). I shut down the win98 box. Next, I booted a RedHat 7.0 system using the same static IP address. XP lost it's IP, showing 0.0.0.0, did not display any message about this, and the Linux box hummed away happily, receiving connections destined for that IP. Perhaps the RH system implements it's ARP/duplicate IP address check in a different manner that is not recognized by XP, at least in this particular instance. I did not test this with any other version of windows but, having never tried this particular scenario, I was wondering if this is normal operation? If this is of any interest I'll grab a sniff of the traffic.
You have a switch in your network. I got 10 linux boxes running kernel 2.4.12 with the same IP (clons). All of them was able to ping my router with 80-95% packet lost J
Current thread:
- Win XP IP address hijack? Curt Wilson (Dec 14)
- RE: Win XP IP address hijack? Burton@SNS (Dec 14)
- Re: Win XP IP address hijack? Dimitry Andric (Dec 14)
- Re: Win XP IP address hijack? Jarek Durak (Dec 15)
- RE: Win XP IP address hijack? Burton@SNS (Dec 14)