Re: [fw-wiz] How to Secure Windows? was How to Save the World

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 12/27/04

Previous message: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
In reply to: Mark: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Mark <firewalladmin@bellsouth.net>
Date: Mon, 27 Dec 2004 11:09:14 -0500 (EST)

On Sat, 25 Dec 2004, Mark wrote:

>
> Would it be enough to simply add a static arp entry on all your hosts
> for the default gateway and any important hosts/servers on the local
> subnet? Once you have a static entry, it won't broadcast for a mac
> address to my knowledge. Something like this:
> arp -s 10.0.0.1 aa-bb-cc-dd-11-22-33
>

If they'd not mucked up the code and had bugs that let dynamic entries
overwrite static ones...

> It should be fairly simply to add the entries needed via login script or
> whatnot. What about a script that deletes all cached entries first (arp
> -d *) followed by the needed static entries? Not sure on the effects of
> running that on a semi continuous basis. There are registry entries
> controlling the default ttl of cached arp entries (default is 2 minutes,
> wonder what setting it to 0 would do).
>
> As far as NOT accepting dynamic arp entries... Disable TCP/IP. DOH!

I still want to talk TCP/IP, just to specific hosts. It's a relatively
easy thing to do in *nix.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
paul@compuwar.net which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Previous message: Paul D. Robertson: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
In reply to: Mark: "Re: [fw-wiz] How to Secure Windows? was How to Save the World"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Wireless (bg)scan and ARP
... that breaks the ARP table. ... The interface remains up, reassociates, ... keeps its IP address and the ARP table has entries for hosts on the ... until I delete all the entries in the ARP ...
(freebsd-current)
Re: mac to ip address tools
... networks (when deploying an IDS, to determine which hosts are up, what ... you can "force" traffic by doing a ping sweep of the network so ... you get both the ARP replies ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
D-Link NIC Wont Talk To Bridge
... I have added the following to the beginning of my ipfw2 rules to verify ... ipfw add allow log ip from any to any via rl0 ... There may be a clue in the arp tables. ... I have entries like these in the arp tables: ...
(freebsd-net)
ARP Complaints
... Downsizing my DMZ hosts onto one system and am having arp complaints ... But nothing would route to them until I made them singleton networks ... le0 by EtherAdrsA qe0 ...
(comp.unix.bsd.openbsd.misc)
Re: ARP chatter
... ARP is used to translate between the IP ... an ARP request - a broadcast asking what's the hardware address of IP ... That hosts responds and says "I'm here". ... Many worms try to spread to every host address. ...
(comp.security.firewalls)