Re: [fw-wiz] How to Secure Windows? was How to Save the World

From: Paul D. Robertson (
Date: 12/27/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
    To: Dave Piscitello <>
    Date: Mon, 27 Dec 2004 10:59:22 -0500 (EST)

    On Wed, 22 Dec 2004, Dave Piscitello wrote:

    > > Any idea if you can make Windows *not* dynamically accept ARP entires
    > > and rely only on static entries in the table?
    > Not easily. Dynamic *and* static arp entries you create expire when
    > you reboot, so you have to work around this.

    That's easy to work around- but it looks like ARP is in the driver and not
    something you can control...

    > If you want a hack, you could run a script at startup that uses the
    > DOS arp command to set static arp entries for all the entries you
    > really want on your subnet, and also sets the unused IPs to a non-
    > existent MAC or local MAC? Assuming you're on a "C" equivalent or
    > splinter, it's a modest number of lines of script, yes?

    If the netmask is small enough, however-- ARP is broken on some Windows
    systems and if they're not patched, then a dynamic ARP will overwrite the
    static one- I'm not sure that's good enough for me.

    > Anyway, if you take the trouble to write the script,
    > send me a copy:-)

    I'm actually wondering how difficult it would be to replace the driver
    with one that's static-only... I don't think i have the docs to get there

    Paul D. Robertson "My statements in this message are personal opinions which may have no basis whatsoever in fact."
    firewall-wizards mailing list

  • Next message: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"

    Relevant Pages

    • D-Link NIC Wont Talk To Bridge
      ... I have added the following to the beginning of my ipfw2 rules to verify ... ipfw add allow log ip from any to any via rl0 ... There may be a clue in the arp tables. ... I have entries like these in the arp tables: ...
    • Re: ARP Poisoning
      ... Static ARP entries are not a viable solution in a dynamic environment. ... workstations and servers on an internal network space. ... ARP has no authentication or security built into it. ...
    • Re: proxy-arp & mpd
      ... after some more tests here is what i came to (patch provided is for freebsd 6.3 but can be adapted for other versions): it is a dirty hack and might not be the right solution but it is working in the case i described earlier and i hope it will help discussing the issue. ... It seems that the process that block read all entries available in the PF_ROUTE socket, do not find the one it is looking for and ends blocked on the PF_ROUTE socket as no more entries are available after reading ... add a bunch of arp entries in your arp table. ... warn("writing to routing socket"); ...
    • clearing ARP cache
      ... ARP entries, and the "arp" command would not clear them up. ... due to letting magic smoke and magic sparks out of its power supply had ... the problems w/o a reboot. ...
    • Re: [fw-wiz] How to Secure Windows? was How to Save the World
      ... On Tue, 2004-12-21 at 16:25, Paul D. Robertson wrote: ... > rely only on static entries in the table? ... Would it be enough to simply add a static arp entry on all your hosts ... -d *) followed by the needed static entries? ...