Buggy ARP handling in Windoze

[paul () STARZETZ DE (Paul Starzetz)]

I discovered a strange bug in the ARP handling under Windows 98/latest
Winsock patch (IGMP). Win98 (at almost Win95 as far as tested) would not
handle static ARP entries correctly. Setting up an static ARP cache
entry like:

c:\windows\arp.exe -s host_ip host_mac

do not immunise against spoofed ARP packet, if someone on the subnet is
playing with ARP and regardless the opcode an ARP packet with
arp_protocol_address == host_ip arrives, Windose will update the
'static' entry to the MAC whatever the ARP packet points to. So a
'static' entry means, the entry wouldn't be deleted  and remains for
ever in the cache. This is not really the behaviour we want :-)

Note that Lunix will behave correctly (tested against 2.2.16 kernels),
so setting an static ARP for a host protects your box from ARP spoofing.

Of course, you may set up static ARP table and then run a firewall on
each machine to filter further ARP....