Vulnerability Development mailing list archives
Re: Windows 2000 Static arp not static
From: Bob Fleck <bob () securesoftware com>
Date: 14 Feb 2003 15:35:33 -0500
On Wed, 2003-02-12 at 18:53, Tim Habex wrote:
When I looked at the arp cache of Linux, the static entry was there and working (?), but on the Windows machine, THE VALUE OF THE STATIC ARP WAS CHANGED. When ethercap was disabled, the static arp entry was returned to the original value.
As far as I can tell this comes from a difference in what 'static' is taken to mean. Linux, BSD, (Win XP): Won't time out. Won't change based on observed ARP replies. Win 2k and earlier: Won't time out. So all static means to Windows is keep this value, use it, and don't bother to double-check it on a regular basis. But if an update wanders by somehow, update the cache.
If this is a known problem, why hasn't this been fixed. If unknown ... is Microsoft reading this? ;o) Can some experienced securityadvisors perform more tests on this? eg. Other (Windows) OSes, other types of attacks.
This is a known issue. However, XP acts like Linux and other OSes. Static keeps it from changing. Bob
Current thread:
- Windows 2000 Static arp not static Tim Habex (Feb 14)
- Re: Windows 2000 Static arp not static Blue Boar (Feb 14)
- Re: Windows 2000 Static arp not static Bob Fleck (Feb 14)