Re: Windows 2000 Static arp not static
From: Bob Fleck (bob@securesoftware.com)
Date: 02/14/03
- Previous message: Blue Boar: "Re: Windows 2000 Static arp not static"
- In reply to: Tim Habex: "Windows 2000 Static arp not static"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Bob Fleck <bob@securesoftware.com> To: Tim Habex <tim.habex@eenderwat.be> Date: 14 Feb 2003 15:35:33 -0500
On Wed, 2003-02-12 at 18:53, Tim Habex wrote:
> When I looked at the arp cache of Linux, the static entry was there and
> working (?), but on the Windows machine, THE VALUE OF THE STATIC ARP WAS
> CHANGED. When ethercap was disabled, the static arp entry was returned to
> the original value.
As far as I can tell this comes from a difference in what 'static' is
taken to mean.
Linux, BSD, (Win XP): Won't time out. Won't change based on observed
ARP replies.
Win 2k and earlier: Won't time out.
So all static means to Windows is keep this value, use it, and don't
bother to double-check it on a regular basis. But if an update wanders
by somehow, update the cache.
> If this is a known problem, why hasn't this been fixed. If unknown ... is
> Microsoft reading this? ;o)
> Can some experienced securityadvisors perform more tests on this? eg. Other
> (Windows) OSes, other types of attacks.
This is a known issue. However, XP acts like Linux and other OSes.
Static keeps it from changing.
Bob
- Next message: Bill Martin: "RE: Unhappy face icon on NT 4 workstation"
- Previous message: Blue Boar: "Re: Windows 2000 Static arp not static"
- In reply to: Tim Habex: "Windows 2000 Static arp not static"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
