Re: [fw-wiz] How to Secure Windows? was How to Save the World

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 12/27/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
    To: Dave Piscitello <dave@corecom.com>
    Date: Mon, 27 Dec 2004 10:59:22 -0500 (EST)
    
    

    On Wed, 22 Dec 2004, Dave Piscitello wrote:

    > > Any idea if you can make Windows *not* dynamically accept ARP entires
    > > and rely only on static entries in the table?
    >
    > Not easily. Dynamic *and* static arp entries you create expire when
    > you reboot, so you have to work around this.

    That's easy to work around- but it looks like ARP is in the driver and not
    something you can control...

    >
    > If you want a hack, you could run a script at startup that uses the
    > DOS arp command to set static arp entries for all the entries you
    > really want on your subnet, and also sets the unused IPs to a non-
    > existent MAC or local MAC? Assuming you're on a "C" equivalent or
    > splinter, it's a modest number of lines of script, yes?

    If the netmask is small enough, however-- ARP is broken on some Windows
    systems and if they're not patched, then a dynamic ARP will overwrite the
    static one- I'm not sure that's good enough for me.

    > Anyway, if you take the trouble to write the script,
    > send me a copy:-)

    I'm actually wondering how difficult it would be to replace the driver
    with one that's static-only... I don't think i have the docs to get there
    though...

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"