Re: [Fwd: Re: Properly Arp Cache Poisoning]



Windows OS can be configured in the Registry settings not to accept
unsolicited(gratuitous) ARP reply packets. May be that's why your
laptop is not getting poisoned. There are ways to defeat this.

1) Using ICMP and ARP. Check last paragraph of the below link on how
to defeat it, http://ettercap.sourceforge.net/forum/viewtopic.php?t=2392.
This method worked for me.
2) ARP Request poisoning. [I think it doesn't work on Windows].

Hope this helps.

Arjun

On Mon, Jan 4, 2010 at 10:01 AM, Leandro Quibem Magnabosco
<leandro.magnabosco@xxxxxxxxxxxxxx> wrote:
Hi Chris Brenton,

Chris Brenton escreveu:

What do you mean by "DoS'ed"? Does the OS become unresponsive? Does the
OS report an IP conflict? If you check the interface, is it still using
the correct IP address? What OS/version is on each system?



I think you have nailed the question here.
I have not realized before that the interface was actually shutting down.
The OS used on both, the Laptop and Desktop, is Windows Vista 64.
I was using Backtrack on another laptop that I used to make t he attack.

I've noticed Vista and later will sometimes shutdown if it detects
another system advertising the IP address it is using (like during an
ARP cache poisoning attack). This is your most likely root cause, but
additional clarification as to what happens to the laptop would be
helpful.


I think that the Desktop OS is not updated since I use Windows only to play
games.
On the other hand, the laptop OS is updated, which could be the reason why
it reacted differently.


So I guess I learned something really valuable here with your observation.
Windows Vista sometimes shuts down it's interface to avoid ARP cache
poisoning attack.

Very nice.

Thank you all for replies I've received.
--
Leandro Quibem Magnabosco.


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually
do a proper penetration test. IACRB CPT and CEPT certs require a full
practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: [opensuse] Kate unusable in 12.3 via ssh remote login
    ... LAPTOP, but on the Windows machine I had previously tested from. ... Laptop running OpenSuse 12.3 and KDE. ... I launched Kate, to test out the reported problem. ...
    (SuSE)
  • Re: multilevel lists
    ... I don't want to download mail to the laptop because then it's virtually impossible to get the messages to my desktop for storage. ... "Stefan Blom" wrote in message ... Windows 7, I think, primarily because Windows Update works better and is more integrated with the operating system than the Windows Update site was in Windows XP. ... Microsoft Word MVP ...
    (microsoft.public.word.numbering)
  • Re: [opensuse] Kate unusable in 12.3 via ssh remote login
    ... LAPTOP, but on the Windows machine I had previously tested from. ... Laptop running OpenSuse 12.3 and KDE. ... I launched Kate, to test out the reported problem. ...
    (SuSE)
  • Re: multiple windows opening
    ... After uninstalling, one must download/run a removal tool to rid the machines of the "leftovers" and then reboot, preferably *before* installing another anti-virus application or security suite (e.g., OneCare). ... run Windows Update manually to make sure the machine's fully patched. ... Windows Firewall and Defender on its own. ... I have had windows live one care from the first setup of this laptop. ...
    (microsoft.public.security)
  • Re: another Windows nightmare
    ... after i hook this hdd up to the other laptop, will i be able to see contents ... of the windows directory. ... is that just because of the boot issue? ... You will need a computer with two cd drives, one of which is a cd/dvd-rw ...
    (microsoft.public.windowsxp.general)