Adrian,
Great research on the netsh cmds! I have a question. I did some brief
research on static arp entries about 5 years back, and came to the
conclusion they were rather useless on the Windows and Linux platform
because although the static entries would not time-out they were still
allowed to change. So the end result was that the arp cache poising was
easier instead of more difficult with the static entries. Solaris was
an exception in that it had a settings which would not allow arp entries
to change before their time, but as I remember it was NOT on by default,
and there were strong warnings about it not being RFC / standards
compliant. Obviously a lot change change in sort of time frame, and
I'm working from memory. so I'm happy to be corrected, but want to
confirm that you had check for changes in the arp cache.
--
-- Ralph Durkee, CISSP, GSEC, GCIH, GSNA, GPEN
Principal Security Consultant
Don't miss SANS Fire Jun 13-22 http://www.sans.org/sansfire09/
Adrian Crenshaw wrote:
Hi all,
As mentioned in another thread, I was going to work on a tool to
make setting up static ARP tables in Windows easier. Here it is:
http://www.irongeek.com/i.php?page=security/arpfreeze-static-arp-poisoning
It may help someone in hardening a box against Man in the Middle
attacks that use ARP poisoning.
Adrian
------------------------------------------------------------------------
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
