Re: Windows 2000 Static arp not static

From: Bob Fleck (bobat_private)
Date: Fri Feb 14 2003 - 12:35:33 PST

Next message: Blue Boar: "Re: Windows 2000 Static arp not static"

Previous message: Tim Habex: "Windows 2000 Static arp not static"
In reply to: Tim Habex: "Windows 2000 Static arp not static"
Next in thread: Blue Boar: "Re: Windows 2000 Static arp not static"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2003-02-12 at 18:53, Tim Habex wrote:
> When I looked at the arp cache of Linux, the static entry was there and
> working (?), but on the Windows machine, THE VALUE OF THE STATIC ARP WAS
> CHANGED. When ethercap was disabled, the static arp entry was returned to
> the original value.
As far as I can tell this comes from a difference in what 'static' is
taken to mean.

Linux, BSD, (Win XP):  Won't time out.  Won't change based on observed
ARP replies.

Win 2k and earlier:  Won't time out.

So all static means to Windows is keep this value, use it, and don't
bother to double-check it on a regular basis.  But if an update wanders
by somehow, update the cache.

> If this is a known problem, why hasn't this been fixed. If unknown ... is
> Microsoft reading this? ;o)
> Can some experienced securityadvisors perform more tests on this? eg. Other
> (Windows) OSes, other types of attacks.
This is a known issue. However, XP acts like Linux and other OSes. 
Static keeps it from changing.

Bob

Next message: Blue Boar: "Re: Windows 2000 Static arp not static"
Previous message: Tim Habex: "Windows 2000 Static arp not static"
In reply to: Tim Habex: "Windows 2000 Static arp not static"
Next in thread: Blue Boar: "Re: Windows 2000 Static arp not static"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 14:42:45 PST