ARPFreeze

[rd at rd1.net (Ralph Durkee)]

Adrian,

Great research on the netsh cmds! I have a question.  I did some brief 
research on static arp entries about 5 years back, and came to the 
conclusion they were rather useless on the Windows and Linux platform 
because although the static entries would not time-out  they were still 
allowed to change.  So the end result was that the arp cache poising was 
easier instead of more difficult with the static entries.  Solaris was 
an exception in that it had a settings which would not allow arp entries 
to change before their time, but as I remember it was NOT on by default, 
and there were strong warnings about it not being RFC / standards 
compliant.   Obviously a lot change change in sort of time frame, and 
I'm working from memory. so I'm happy to be corrected, but want to 
confirm that you had check for changes in the arp cache.

-- 
-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant

Don't miss SANS Fire Jun 13-22 http://www.sans.org/sansfire09/


Adrian Crenshaw wrote:
> Hi all,
>      As mentioned in another thread, I was going to work on a tool to 
> make setting up static ARP tables in Windows easier. Here it is:
>
> http://www.irongeek.com/i.php?page=security/arpfreeze-static-arp-poisoning
>
> It may help someone in hardening a box against Man in the Middle 
> attacks that use ARP poisoning.
>
> Adrian
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090610/cb38b9fa/attachment.htm