Home page logo

pauldotcom logo PaulDotCom mailing list archives

From: rd at rd1.net (Ralph Durkee)
Date: Wed, 10 Jun 2009 08:39:13 -0400


Great research on the netsh cmds! I have a question.  I did some brief 
research on static arp entries about 5 years back, and came to the 
conclusion they were rather useless on the Windows and Linux platform 
because although the static entries would not time-out  they were still 
allowed to change.  So the end result was that the arp cache poising was 
easier instead of more difficult with the static entries.  Solaris was 
an exception in that it had a settings which would not allow arp entries 
to change before their time, but as I remember it was NOT on by default, 
and there were strong warnings about it not being RFC / standards 
compliant.   Obviously a lot change change in sort of time frame, and 
I'm working from memory. so I'm happy to be corrected, but want to 
confirm that you had check for changes in the arp cache.

-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant

Don't miss SANS Fire Jun 13-22 http://www.sans.org/sansfire09/

Adrian Crenshaw wrote:
Hi all,
     As mentioned in another thread, I was going to work on a tool to 
make setting up static ARP tables in Windows easier. Here it is:


It may help someone in hardening a box against Man in the Middle 
attacks that use ARP poisoning.


Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/cb38b9fa/attachment.htm 

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]