From owner-freebsd-security  Mon Apr 19 19:29:36 1999
Delivered-To: freebsd-security@freebsd.org
Received: from smtp1.andrew.cmu.edu (SMTP1.ANDREW.CMU.EDU [128.2.10.81])
	by hub.freebsd.org (Postfix) with ESMTP id 59E2814F83
	for <security@FreeBSD.ORG>; Mon, 19 Apr 1999 19:29:30 -0700 (PDT)
	(envelope-from Harry_M_Leitzell@cmu.edu)
Received: from unix48.andrew.cmu.edu (UNIX48.ANDREW.CMU.EDU [128.2.15.56]) by smtp1.andrew.cmu.edu (8.8.5/8.8.2) with SMTP id WAA08271; Mon, 19 Apr 1999 22:26:50 -0400 (EDT)
Date: Mon, 19 Apr 1999 22:26:49 -0400 (EDT)
From: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu>
X-Sender: Harry_M_Leitzell@unix48.andrew.cmu.edu
Reply-To: "Harry M. Leitzell" <Harry_M_Leitzell@cmu.edu>
To: "Frederick J Polsky v1.0" <fred@fredbox.com>
Cc: security@FreeBSD.ORG
Subject: Re: poink attack (was Re: ARP problem in Windows9X/NT)
In-Reply-To: <Pine.BSF.4.05.9904191804230.13349-100000@bogomatic.fredbox.com>
Message-ID: <Pine.LNX.3.96L.990419222013.8966A-100000@unix48.andrew.cmu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

	It also hits college campuses, which are a haven for misconfigured
Linux machines that provide easy quick root access on the Local network. 
Not to say that CMU has this problem or anything like that.

On Mon, 19 Apr 1999, Frederick J Polsky v1.0 wrote:

> Unfortunately in my case (and the case of others), I'm served with cable
> internet through GCI cable in Anchorage AK, which has its cable network
> set up such that it is just one large ethernet with some 1000+ users and
> no security whatsoever (most entertaining to connect a winbox to the
> network and click on Network Neighborhood and see all defined
> domains/workgroups...) I don't know about other cable internet providers
> but this would at least be a problem with mine.
> 
> > I tested it against freebsd 2.2.8 stable, 3.0 stable and 3.1 stable, all
> > they are vulnerable, it's not a big threat anyway, as you have to be on
> > the same ethernet to use the exploit.
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 

[-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-]
	Harry M. Leitzell - Harry_M_Leitzell@cmu.edu
		Carnegie Mellon University
		Finger for PGP Public Key
[-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-=--=-]




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message