Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows dynamic ARP

From: "Mike O'Connor" <mjo () dojo mi org>
Date: Wed, 26 Nov 2008 16:51:30 +0000
:Does anyone know a way to turn OFF dynamic ARP on Windows?  I'd like to
:set up a network where static ARP entries are the only way to
:communicate.

You might want to consider tweaking the StrictArpUpdate registry entry:
http://technet.microsoft.com/en-us/library/cc739819.aspx

        Description: Specifies whether TCP/IP in Windows Server 2003 SP1 will
        store in the ARP cache the MAC address of the last ARP reply received
        (StrictARPUpdate=0) or the MAC address of the first ARP reply received
        (StrictARPUpdate=1). With StrictARPUpdate set to 1, TCP/IP will not
        update the MAC address of an existing ARP cache entry if it receives
        additional unsolicited ARP replies.

This won't -quite- prevent dynamic ARP entries for new nodes, but with
StrictArpUpdate, you should just be able to add static arp entries for
the rest of the IPs on your subnet without them being overwritten, then
remove and allow them to learn the new arp entry as you introduce new
hosts on the subnet.

--
 Michael J. O'Connor         mjo () dojo mi org         http://dojo.mi.org/~mjo/
 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--=
"Kiss my Converse!"                    -Master Sho'nuff, the Shogun of Harlem
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: