Firewall Wizards mailing list archives

Re: Windows dynamic ARP

From: John Mason Jr <john.mason.jr () cox net>
Date: Wed, 26 Nov 2008 11:33:24 -0500

Paul D. Robertson wrote:

On Wed, 26 Nov 2008, Darden, Patrick S. wrote:
Some possibilities you might have already thought of for doing this in a
roundabout fashion:
1. If you are using advanced switches, you can implement this on them.Allow only certain MACs to connect to your network. 2. If your switches
I can MAC-lock switch ports, however what I'm looking for is a host-levelbackup to MAC locking the network layer, so that if there's a networkcompromise, or a hub is introduced in to the physical topology the game isnot immediately lost.
don't have the ability to do #1, perhaps your switches, core switches,
or core router can filter out ARP requests/replies. 3.  You can turn off
ARP won't cross a router- I'm specifically trying to shore up the host OSso that the host/network seperation still happens, but there's a layer ofprotection if the network layer or administrator is compromised.
ARP response in windows (not quite what you wanted, I think)
http://www.windowsreference.com/networking/enabledisable-response-to-arp-request-without-unicase-source-ethernet-address/
Hmm, that looks mostly like it's a unicast/multi-and-broadcast switch-maybe there's someone who's done enough firewall code who can point me toa good shim location? The built-in firewall seems to be IP layer only.
I'm going to have a good play with /32ing the subnet mask and adding arouting table entry for each host, but I really think that's going to endup being sub-optimal- as is adding a null static entry for every IPaddress I don't want to communicate with in the subnet (I'm betting theARP table is a linear search in most network stacks.)
Paul

How about this:

<http://www.windowsreference.com/windows-vista/set-gratuitous-arp-requests-in-windows-server-2008-and-windows-vista/>



John

_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Windows dynamic ARP Paul D. Robertson (Nov 26)
- Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
  - Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
    - Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
    - Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
    - Re: Windows dynamic ARP John Mason Jr (Nov 26)
    - Re: Windows dynamic ARP Darden, Patrick S. (Nov 26)
- Re: Windows dynamic ARP Dave Love (Nov 26)
  - Re: Windows dynamic ARP Paul D. Robertson (Nov 26)
  - Re: Windows dynamic ARP robbie . jacka (Nov 26)
    - Re: Windows dynamic ARP Mike O'Connor (Nov 26)