Firewall Wizards mailing list archives
Re: Windows dynamic ARP
From: "Paul D. Robertson" <paul () compuwar net>
Date: Wed, 26 Nov 2008 10:32:17 -0500 (EST)
On Wed, 26 Nov 2008, Darden, Patrick S. wrote:
Some possibilities you might have already thought of for doing this in a roundabout fashion: 1. If you are using advanced switches, you can implement this on them. Allow only certain MACs to connect to your network. 2. If your switches
I can MAC-lock switch ports, however what I'm looking for is a host-level backup to MAC locking the network layer, so that if there's a network compromise, or a hub is introduced in to the physical topology the game is not immediately lost.
don't have the ability to do #1, perhaps your switches, core switches, or core router can filter out ARP requests/replies. 3. You can turn off
ARP won't cross a router- I'm specifically trying to shore up the host OS so that the host/network seperation still happens, but there's a layer of protection if the network layer or administrator is compromised.
ARP response in windows (not quite what you wanted, I think) http://www.windowsreference.com/networking/enabledisable-response-to-arp-request-without-unicase-source-ethernet-address/
Hmm, that looks mostly like it's a unicast/multi-and-broadcast switch- maybe there's someone who's done enough firewall code who can point me to a good shim location? The built-in firewall seems to be IP layer only. I'm going to have a good play with /32ing the subnet mask and adding a routing table entry for each host, but I really think that's going to end up being sub-optimal- as is adding a null static entry for every IP address I don't want to communicate with in the subnet (I'm betting the ARP table is a linear search in most network stacks.) Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions paul () compuwar net which may have no basis whatsoever in fact." Art: http://PaulDRobertson.imagekind.com/ _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
- Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
- Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP John Mason Jr (Nov 26)
- Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
- Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
- Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP robbie . jacka (Nov 26)
- Re: Windows dynamic ARP Mike O'Connor (Nov 26)