PaulDotCom mailing list archives
ARPFreeze
From: rd at rd1.net (Ralph Durkee)
Date: Wed, 10 Jun 2009 08:39:13 -0400
Adrian, Great research on the netsh cmds! I have a question. I did some brief research on static arp entries about 5 years back, and came to the conclusion they were rather useless on the Windows and Linux platform because although the static entries would not time-out they were still allowed to change. So the end result was that the arp cache poising was easier instead of more difficult with the static entries. Solaris was an exception in that it had a settings which would not allow arp entries to change before their time, but as I remember it was NOT on by default, and there were strong warnings about it not being RFC / standards compliant. Obviously a lot change change in sort of time frame, and I'm working from memory. so I'm happy to be corrected, but want to confirm that you had check for changes in the arp cache. -- -- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN Principal Security Consultant Don't miss SANS Fire Jun 13-22 http://www.sans.org/sansfire09/ Adrian Crenshaw wrote:
Hi all, As mentioned in another thread, I was going to work on a tool to make setting up static ARP tables in Windows easier. Here it is: http://www.irongeek.com/i.php?page=security/arpfreeze-static-arp-poisoning It may help someone in hardening a box against Man in the Middle attacks that use ARP poisoning. Adrian ------------------------------------------------------------------------ _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/cb38b9fa/attachment.htm