Re: How to Secure Windows? was How to Save the World

["Paul D. Robertson" <paul () compuwar net>]

On Wed, 22 Dec 2004, Dave Piscitello wrote:

> > Any idea if you can make Windows *not* dynamically accept ARP entires
> > and rely only on static entries in the table?
>
> Not easily. Dynamic *and* static arp entries you create expire when
> you reboot, so you have to work around this.

That's easy to work around- but it looks like ARP is in the driver and not
something you can control...

> If you want a hack, you could run a script at startup that uses the
> DOS arp command to set static arp entries for all the entries you
> really want on your subnet, and also sets the unused IPs to a non-
> existent MAC or local MAC? Assuming you're on a "C" equivalent or
> splinter, it's a modest number of lines of script, yes?

If the netmask is small enough, however-- ARP is broken on some Windows
systems and if they're not patched, then a dynamic ARP will overwrite the
static one- I'm not sure that's good enough for me.

> Anyway, if you take the trouble to write the script,
> send me a copy:-)

I'm actually wondering how difficult it would be to replace the driver
with one that's static-only...  I don't think i have the docs to get there
though...

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards