Dari
http://www.cisco.com/en/US/products/ps5887/products_user_guide_chapter09186a0080235835.html
IRDP Attack
ICMP Router Discovery Protocol can be spoofed and cause fake routing entries
to be entered into a Windows machine. IRDP has no authentication. Upon
startup, a system running MS Windows95/98 will always send 3 ICMP Router
Solicitation packets to the 224.0.0.2 multicast address. If the machine is
NOT configured as a DHCP client, it ignores any Router Advertisements sent
back to the host. However, if the Windows machine is configured as a DHCP
client, any Router Advertisements sent to the machine will be accepted and
processed.
HTH,
Fajar.
On Saturday 27 November 2004 11:52 am, josh wrote:
> On Sat, 27 Nov 2004 09:52:46 +0700, yahya/pusatlinux.com office
>
> <[EMAIL PROTECTED]> wrote:
> > yth pakar linux,
> > Berikut ini adalah sebuah paket ICMP yang dikeluarkan client komputer
> > kami:
> >
> > File Version : 4.10.0.2222
> > File Description : Win32 Kernel core component (kernel32.dll)
> > File Path : C:\MACROOS\SYSTEM\kernel32.dll
> > Process ID : 0xFFEF888D (Heximal) 4293888141 (Decimal)
> >
> > Connection origin : local initiated
> > Protocol : ICMP
> > Local Address : 202.146.253.248
> > ICMP Type : 10 (Router Solicitation)
> > ICMP Code : 0
> > Remote Name :
> > Remote Address : 224.0.0.2
> >
> > Ethernet packet details:
> > Ethernet II (Packet Length: 44)
> > Destination: 01-00-5e-00-00-02
> > Source: 44-45-53-54-00-00
> > Type: IP (0x0800)
> > Internet Protocol
> > Version: 4
> > Header Length: 20 bytes
> > Flags:
> > .0.. = Don't fragment: Not set
> > ..0. = More fragments: Not set
> > Fragment offset:0
> > Time to live: 128
> > Protocol: 0x1 (ICMP - Internet Control Message Protocol)
> > Header checksum: 0x534a (Correct)
> > Source: 202.146.253.248
> > Destination: 224.0.0.2
> > Internet Control Message Protocol
> > Type: 10 (Router Solicitation)
> > Code: 0
> > Data (4 bytes)
> >
> > Binary dump of the packet:
> > 0000: 01 00 5E 00 00 02 44 45 : 53 54 00 00 08 00 45 00 |
> > ..^...DEST....E. 0010: 00 1C 48 00 00 00 80 01 : 4A 53 CA 92 FD F8 E0 00
> > | ..H.....JS...... 0020: 00 02 0A 00 F5 FF 00 00 : 00 00 00 00
> > | ............
> >
> > Pertanyaannya buat apa client win selalu mengirimkan paket ini ke
> > 224.0.0.2?
> >
> > Thx.
> > Yahya
>
> Tanya microsoft lah..
> Klo clientnya linux, baru tanya kesini :p
>
> --
> Regards,
> [EMAIL PROTECTED]
--
Fajar Priyanto | Reg'd Linux User #327841 | http://linux2.arinet.org
18:03:04 up 3:45, Mandrakelinux release 10.1 (Official) for i586
public key: https://www.arinet.org/fajar-pub.key
--
Unsubscribe: kirim email kosong ke [EMAIL PROTECTED]
Arsip, FAQ, dan info milis di http://linux.or.id/milis.php
Tidak bisa posting? Baca:
http://linux.or.id/wiki/index.php?pagename=ProblemMilisDanSolusi
http://linux.or.id/wiki/index.php?pagename=TataTertibMilis
