Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Strange interactions between tunnelling and SMB un

from [3APA3A] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment
Date: Thu, 30 Mar 2006 14:07:59 +0400 
Dear Marc SCHAEFER,


--Thursday, March 30, 2006, 9:52:10 AM, you wrote to 
full-disclosure@lists.grok.org.uk:

MS>    Testing pings and telnet on the remote tunnel address (e.g.
MS>    192.168.1.2) and capturing data with the libre software Ethereal on the
MS>    real Ethernet interface did show me that the flow of data was
MS>    correctly routed through the tunnel.

MS>    However, accessing \\192.168.1.2\c$ did go through the Ethernet
MS>    interface, and *not the tunnel*, and strangely half-using the private
MS>    addresses!

Make sure "Client for Microsoft Network" is bound to tunnel adapter.

Microsoft's  network filesystem works with NIC in "shorten" way: data is
copied  from  the disk to the file cache (physical memory), and the same
physical memory address is given to NIC to transfer data. And vice versa
for  network  client.  It  eliminates  copying  file data from memory to
memory  using  CPU.  That's why there can be differences in the CIFS/SMB
behavior comparing with the rest of TCP/IP stack. Also, this can lead to
incompatibilities with "emulated" NICs.

-- 
~/ZARAZA
http://www.security.nnov.ru/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [Full-disclosure] What is the crap before SEH?, fd
Next by Date:  Re: [Full-disclosure] Hello everyone, coderman
Previous by Thread:  Re: [Full-disclosure] Strange interactions between tunnelling and SMB under the proprietary Microsoft Windows environment, B3r3n
Next by Thread:  [Full-disclosure] Fwd: how to get johnny to encrypt (his hard drive), coderman
Indexes:  [Date] [Thread] [Top] [All Lists]