Re: [fw-wiz] Windows dynamic ARP



Actually an easier way would be to use the requestedresponse filter in
Xarp. This only allows a response if your host generated a request.
If you are static mapping ip to mac you should never generate a
request.


Unfortunately XArp can't really 'filter' (drop) the packets, but alert you.

I am sure you will correct me Chris (You did write the tool after all
;-) but I was under the impression the requestedresponse filter
actually dropped a response to the host Xarp is running on if the host
didn't issue an arp request ?

I am currently working on a Linux port where writing a network driver for

wouldn't arptables
http://ebtables.sourceforge.net/arptables-man.html
be able to handle the linux side of things ?

If you want to get an overview of mechanisms available for ARP attack
detection, you can have a look at a (yet incomplete) presentation I once
started: http://www.chrismc.de/development/xarp/arp_security_tools.html
(http://www.chrismc.de/development/xarp/Securing_ARP_0_2_0.pdf)

You could also possibly include Cisco's Dynamic Arp Inspection (DAI)
in your line up of products. Sounds good on paper....


--
jac
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: [Full-disclosure] Java Applets can connect to other hosts using HTTP 302 redirection
    ... The temporary URI SHOULD be given by the Location field in the response. ... If the 302 status code is received in response to a request other than GET ... It seems that the java applet located on the host A is allowed to ...
    (Full-Disclosure)
  • Re: W2K3 IIS 6.0 ASP.NET Requests Per Second Limits?
    ... allow the page to tell ASP.Net "don't send a response yet until I tell ... this request is "leaked" and will never ... It is when the callback executes with both the async function call ... The thread executing code literally calls into Function1, execute code, ...
    (microsoft.public.inetserver.iis)
  • Log corruption on multiple webservers, log analyzers,...
    ... Related RFC´s about Internet Host Names convention: ... To succesfully attack a server with “ILLC” technique is mandatory that web ... a machine with a host name as "123.123.123.123" makes a request ... wouldn't appear in the access log file. ...
    (Bugtraq)
  • Re: Can extra processing threads help in this case?
    ... The child process is terminated if a timeout occurs or the client connection drops which can easily happen when users switch to new pages and/or clicking another link when the browser hour glass is active waiting for a response. ... Whether he realizes it or not, I lean on not, his Many Threads to 1 FIFO OCR thread design (he now says four, 1 for each type of request), requires a thread handle to send back a result to the request thread waiting for a response. ... 100 TPS ... 100 ms PPT (Processing time Per Transaction) ...
    (microsoft.public.vc.mfc)
  • Re: W2K3 IIS 6.0 ASP.NET Requests Per Second Limits?
    ... >> The way I understand async programming is if u need to do other ... >> request to webservice nothing more can be done until the result ... > The thread executing code literally calls into Function1, ... > the act of sending back the response using data that has been ...
    (microsoft.public.inetserver.iis)