Date: Mon, 19 Apr 1999 16:51:57 -0300 (EST) From: Rodrigo Campos <camposr@MATRIX.COM.BR> To: Nicole Harrington <nicole@ispchannel.net> Cc: security@FreeBSD.ORG, Liam Slusser <liam@tiora.net> Subject: Re: poink attack (was Re: ARP problem in Windows9X/NT) Message-ID: <Pine.BSF.4.05.9904191643020.9049-100000@speed.matrix.com.br> In-Reply-To: <XFMail.990419122134.nicole@ispchannel.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 19 Apr 1999, Nicole Harrington wrote: > > I tested it against freebsd 2.2.8 stable, 3.0 stable and 3.1 stable, all > > they are vulnerable, it's not a big threat anyway, as you have to be on > > the same ethernet to use the exploit. > > > > Regards, > > But what sort of access do you need. Can this be run on a shell acct without > root privleges? > As far as I know, you have to be root to run the exploit, as it uses raw packets. But you can send these kind of packets with some kind of Windows 9x/NT network analisys tool, I can't remember the name right now, but of course any user can do it from a Windows box, regardless of his privileges (Well, Windows has no privilege control anyway). I think it would be very simple for a Winsock programmer to port the exploit, so any windows user could run it inside your network, hrmmm, it could be dangerous... :/ I've tested the exploit against MacOS 8.5.1 and Solaris 7/i386, they both are vulnerable. The Solaris box just couldn't access anything outside its own network after that. The Windows 9x/NT boxes rebooted with a heavy loaded attack. Regards, -- ________________________ Rodrigo Albani de Campos Matrix Internet - NOC - Be a "Glad I Did" instead of a "Wish I Had" - To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904191643020.9049-100000>