On Wed, 2003-02-12 at 18:53, Tim Habex wrote: > When I looked at the arp cache of Linux, the static entry was there and > working (?), but on the Windows machine, THE VALUE OF THE STATIC ARP WAS > CHANGED. When ethercap was disabled, the static arp entry was returned to > the original value. As far as I can tell this comes from a difference in what 'static' is taken to mean. Linux, BSD, (Win XP): Won't time out. Won't change based on observed ARP replies. Win 2k and earlier: Won't time out. So all static means to Windows is keep this value, use it, and don't bother to double-check it on a regular basis. But if an update wanders by somehow, update the cache. > If this is a known problem, why hasn't this been fixed. If unknown ... is > Microsoft reading this? ;o) > Can some experienced securityadvisors perform more tests on this? eg. Other > (Windows) OSes, other types of attacks. This is a known issue. However, XP acts like Linux and other OSes. Static keeps it from changing. Bob
This archive was generated by hypermail 2b30 : Fri Feb 14 2003 - 14:42:45 PST