Re: ARPNuke - 80 kb/s kills a whole subnet
From: Paul Starzetz (paul@starzetz.de)Date: 07/30/01
- Previous message: Dan Uscatu: "Re: URGENT MICROSOFT SECURITY ANNOUNCEMENT"
- In reply to: Paul Starzetz: "ARPNuke - 80 kb/s kills a whole subnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <3B65AB6E.858EBBB@starzetz.de> Date: Mon, 30 Jul 2001 20:46:06 +0200 From: Paul Starzetz <paul@starzetz.de> To: "bugtraq@securityfocus.com" <bugtraq@securityfocus.com> Subject: Re: ARPNuke - 80 kb/s kills a whole subnet
Hi folks,
even if it seems quite strange to answer to my own mail - there are two
another observations concerning the mentioned vulnerability:
1) after a successfull attack there is another lock up occuring after
the random MAC addresses are flushed from the ARP cache (it takes about
2 minutes) - the Windows machine locks for about 20 seconds, after that
all goes fine again.
2) again, after such a successfull attack, giving arp -a on the command
line results in 100% cpu utilization and nothings gets printed, however
the machine is still responding to ctrl-c.
Both, 1 and 2 are indicators for an ineffective arp table. It must be
emphasized that the mentioned machine lockup is not an artifact of very
high interrupt rates - 2000 packets per seconds should be easily
handled, even by Windows.
sincerly,
Ihq.
- Previous message: Dan Uscatu: "Re: URGENT MICROSOFT SECURITY ANNOUNCEMENT"
- In reply to: Paul Starzetz: "ARPNuke - 80 kb/s kills a whole subnet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
