Firewall Wizards mailing list archives

Re: Windows dynamic ARP

From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 26 Nov 2008 10:32:17 -0500 (EST)

On Wed, 26 Nov 2008, Darden, Patrick S. wrote:

Some possibilities you might have already thought of for doing this in a
roundabout fashion:

1.  If you are using advanced switches, you can implement this on them.  
Allow only certain MACs to connect to your network. 2.  If your switches


I can MAC-lock switch ports, however what I'm looking for is a host-level 
backup to MAC locking the network layer, so that if there's a network 
compromise, or a hub is introduced in to the physical topology the game is 
not immediately lost.

don't have the ability to do #1, perhaps your switches, core switches,
or core router can filter out ARP requests/replies. 3.  You can turn off


ARP won't cross a router- I'm specifically trying to shore up the host OS 
so that the host/network seperation still happens, but there's a layer of 
protection if the network layer or administrator is compromised.

ARP response in windows (not quite what you wanted, I think)
http://www.windowsreference.com/networking/enabledisable-response-to-arp-request-without-unicase-source-ethernet-address/


Hmm, that looks mostly like it's a unicast/multi-and-broadcast switch- 
maybe there's someone who's done enough firewall code who can point me to 
a good shim location?  The built-in firewall seems to be IP layer only.

I'm going to have a good play with /32ing the subnet mask and adding a 
routing table entry for each host, but I really think that's going to end 
up being sub-optimal- as is adding a null static entry for every IP 
address I don't want to communicate with in the subnet (I'm betting the 
ARP table is a linear search in most network stacks.)

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
           Art: http://PaulDRobertson.imagekind.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
  - Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
    - Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
    - Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
    - Re: Windows dynamic ARP John Mason Jr (Nov 26)
    - Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
- Re: Windows dynamic ARP Dave Love (Nov 26)
  - Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
  - Re: Windows dynamic ARP robbie . jacka (Nov 26)
    - Re: Windows dynamic ARP Mike O'Connor (Nov 26)