Re: [fw-wiz] How to Secure Windows? was How to Save the World

• Previous message: David Lang: "Re: [fw-wiz] Defense in Depth to the Desktop"
• In reply to: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
• Reply: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Paul D. Robertson" <paul@compuwar.net>
Date: Sat, 25 Dec 2004 12:26:58 -0500

On Tue, 2004-12-21 at 16:25, Paul D. Robertson wrote:

> Any idea if you can make Windows *not* dynamically accept ARP entires and
> rely only on static entries in the table?
>
> Paul

Would it be enough to simply add a static arp entry on all your hosts
for the default gateway and any important hosts/servers on the local
subnet? Once you have a static entry, it won't broadcast for a mac
address to my knowledge. Something like this:
arp -s 10.0.0.1 aa-bb-cc-dd-11-22-33

It should be fairly simply to add the entries needed via login script or
whatnot. What about a script that deletes all cached entries first (arp
-d *) followed by the needed static entries? Not sure on the effects of
running that on a semi continuous basis. There are registry entries
controlling the default ttl of cached arp entries (default is 2 minutes,
wonder what setting it to 0 would do).

As far as NOT accepting dynamic arp entries... Disable TCP/IP. DOH!

Mark

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: David Lang: "Re: [fw-wiz] Defense in Depth to the Desktop"
• In reply to: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
• Next in thread: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
• Reply: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [fw-wiz] How to Secure Windows? was How to Save the World ... That's easy to work around- but it looks like ARP is in the driver and not ... > DOS arp command to set static arp entries for all the entries you ... Paul D. Robertson "My statements in this message are personal opinions ... (Firewall-Wizards) Re: disappearing ARP-Table ... entries disappear. ... You can change this behavior by disabling media sense. ... >>Static entries are only stored in RAM. ... >>> Why does all static entries in arp table disappear when I ... (microsoft.public.windowsxp.network_web) Re: WINS Entries ... > They should have date unless their static entries that you maintain manually and ... > Joe Richards Microsoft MVP Windows Server Directory Services ... I started perusing our wins entries and noticed ... >> about changing those entires from a specific date to an infinite time period? ... (microsoft.public.windows.server.active_directory) D-Link NIC Wont Talk To Bridge ... I have added the following to the beginning of my ipfw2 rules to verify ... ipfw add allow log ip from any to any via rl0 ... There may be a clue in the arp tables. ... I have entries like these in the arp tables: ... (freebsd-net) Re: ARP Poisoning ... Static ARP entries are not a viable solution in a dynamic environment. ... workstations and servers on an internal network space. ... ARP has no authentication or security built into it. ... (Security-Basics)