From owner-freebsd-security  Mon Apr 19 12:56:24 1999
Delivered-To: freebsd-security@freebsd.org
Received: from speed.matrix.com.br (speed.matrix.com.br [200.202.17.241])
	by hub.freebsd.org (Postfix) with ESMTP id 45B57157B0
	for <security@FreeBSD.ORG>; Mon, 19 Apr 1999 12:56:11 -0700 (PDT)
	(envelope-from camposr@MATRIX.COM.BR)
Received: from localhost (speed@localhost)
	by speed.matrix.com.br (8.9.3/8.9.3) with ESMTP id QAA10125;
	Mon, 19 Apr 1999 16:51:57 -0300 (EST)
X-Authentication-Warning: speed.matrix.com.br: speed owned process doing -bs
Date: Mon, 19 Apr 1999 16:51:57 -0300 (EST)
From: Rodrigo Campos <camposr@MATRIX.COM.BR>
X-Sender: speed@speed.matrix.com.br
To: Nicole Harrington <nicole@ispchannel.net>
Cc: security@FreeBSD.ORG, Liam Slusser <liam@tiora.net>
Subject: Re: poink attack (was Re: ARP problem in Windows9X/NT)
In-Reply-To: <XFMail.990419122134.nicole@ispchannel.net>
Message-ID: <Pine.BSF.4.05.9904191643020.9049-100000@speed.matrix.com.br>
Organization: Matrix Network
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Mon, 19 Apr 1999, Nicole Harrington wrote:

> > I tested it against freebsd 2.2.8 stable, 3.0 stable and 3.1 stable, all
> > they are vulnerable, it's not a big threat anyway, as you have to be on
> > the same ethernet to use the exploit.
> > 
> > Regards,
> 
>  But what sort of access do you need. Can this be run on a shell acct without
> root privleges?
> 

As far as I know, you have to be root to run the exploit, as it uses raw
packets. But you can send these kind of packets with some kind of Windows
9x/NT network analisys tool, I can't remember the name right now, but of
course any user can do it from a Windows box, regardless of his
privileges (Well, Windows has no privilege control anyway).

I think it would be very simple for a Winsock programmer to port the
exploit, so any windows user could run it inside your network, hrmmm,
it could be dangerous... :/

I've tested the exploit against MacOS 8.5.1 and Solaris 7/i386, they both
are vulnerable. The Solaris box just couldn't access anything outside its
own network after that.

The Windows 9x/NT boxes rebooted with a heavy loaded attack.

Regards,

--
________________________
Rodrigo Albani de Campos
Matrix Internet - NOC  
- Be a "Glad I Did" instead of a "Wish I Had" -



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message