Dari http://www.cisco.com/en/US/products/ps5887/products_user_guide_chapter09186a0080235835.html
IRDP Attack ICMP Router Discovery Protocol can be spoofed and cause fake routing entries to be entered into a Windows machine. IRDP has no authentication. Upon startup, a system running MS Windows95/98 will always send 3 ICMP Router Solicitation packets to the 224.0.0.2 multicast address. If the machine is NOT configured as a DHCP client, it ignores any Router Advertisements sent back to the host. However, if the Windows machine is configured as a DHCP client, any Router Advertisements sent to the machine will be accepted and processed. HTH, Fajar. On Saturday 27 November 2004 11:52 am, josh wrote: > On Sat, 27 Nov 2004 09:52:46 +0700, yahya/pusatlinux.com office > > <[EMAIL PROTECTED]> wrote: > > yth pakar linux, > > Berikut ini adalah sebuah paket ICMP yang dikeluarkan client komputer > > kami: > > > > File Version : 4.10.0.2222 > > File Description : Win32 Kernel core component (kernel32.dll) > > File Path : C:\MACROOS\SYSTEM\kernel32.dll > > Process ID : 0xFFEF888D (Heximal) 4293888141 (Decimal) > > > > Connection origin : local initiated > > Protocol : ICMP > > Local Address : 202.146.253.248 > > ICMP Type : 10 (Router Solicitation) > > ICMP Code : 0 > > Remote Name : > > Remote Address : 224.0.0.2 > > > > Ethernet packet details: > > Ethernet II (Packet Length: 44) > > Destination: 01-00-5e-00-00-02 > > Source: 44-45-53-54-00-00 > > Type: IP (0x0800) > > Internet Protocol > > Version: 4 > > Header Length: 20 bytes > > Flags: > > .0.. = Don't fragment: Not set > > ..0. = More fragments: Not set > > Fragment offset:0 > > Time to live: 128 > > Protocol: 0x1 (ICMP - Internet Control Message Protocol) > > Header checksum: 0x534a (Correct) > > Source: 202.146.253.248 > > Destination: 224.0.0.2 > > Internet Control Message Protocol > > Type: 10 (Router Solicitation) > > Code: 0 > > Data (4 bytes) > > > > Binary dump of the packet: > > 0000: 01 00 5E 00 00 02 44 45 : 53 54 00 00 08 00 45 00 | > > ..^...DEST....E. 0010: 00 1C 48 00 00 00 80 01 : 4A 53 CA 92 FD F8 E0 00 > > | ..H.....JS...... 0020: 00 02 0A 00 F5 FF 00 00 : 00 00 00 00 > > | ............ > > > > Pertanyaannya buat apa client win selalu mengirimkan paket ini ke > > 224.0.0.2? > > > > Thx. > > Yahya > > Tanya microsoft lah.. > Klo clientnya linux, baru tanya kesini :p > > -- > Regards, > [EMAIL PROTECTED] -- Fajar Priyanto | Reg'd Linux User #327841 | http://linux2.arinet.org 18:03:04 up 3:45, Mandrakelinux release 10.1 (Official) for i586 public key: https://www.arinet.org/fajar-pub.key -- Unsubscribe: kirim email kosong ke [EMAIL PROTECTED] Arsip, FAQ, dan info milis di http://linux.or.id/milis.php Tidak bisa posting? Baca: http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi http://linux.or.id/wiki/index.php?pagename=TataTertibMilis