13 Mar
13 Mar
2:49 p.m.
Princeton has a piece of code that ARP bombs unregistered hosts. IPs that are broken get sent an ARP packet with the same IP and an ethernet address of 00:00:00:de:ad or something. This is usually enough to disable Windows 95 boxes (since they do a RARP call when they boot up to check for duplicates) and some other OSes too. This provides a quick filter before actually blocking things at the router level, which is more expensive. Of course the clueful can easily get around this, but hey. -Tung-Hui Hu / Arc Four / hhui@arcfour.com