Re: How to Secure Windows? was How to Save the World

["Paul D. Robertson" <paul () compuwar net>]

On Sat, 25 Dec 2004, Mark wrote:

> Would it be enough to simply add a static arp entry on all your hosts
> for the default gateway and any important hosts/servers on the local
> subnet? Once you have a static entry, it won't broadcast for a mac
> address to my knowledge. Something like this:
> arp -s 10.0.0.1 aa-bb-cc-dd-11-22-33

If they'd not mucked up the code and had bugs that let dynamic entries
overwrite static ones...

> It should be fairly simply to add the entries needed via login script or
> whatnot. What about a script that deletes all cached entries first (arp
> -d *) followed by the needed static entries? Not sure on the effects of
> running that on a semi continuous basis. There are registry entries
> controlling the default ttl of cached arp entries (default is 2 minutes,
> wonder what setting it to 0 would do).
>
> As far as NOT accepting dynamic arp entries... Disable TCP/IP. DOH!

I still want to talk TCP/IP, just to specific hosts.  It's a relatively
easy thing to do in *nix.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards