Announcement

Collapse
No announcement yet.

Force win2k to use arp server

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Force win2k to use arp server

    As a measure to reduce spoofing, I would like to force my windows clients to use an arp server rather than broadcasting an arp request. Doing this with my unix servers is easy -- I can use YP to either serve on demand, run arpd on a server, or for critical ones, distribute a static table with scp.

    I don't understand the windows TCP stack at all, so I don't even know if this is possible.

    Ideas?

  • #2
    Re: Force win2k to use arp server

    Originally posted by sgbotsford View Post
    As a measure to reduce spoofing, I would like to force my windows clients to use an arp server rather than broadcasting an arp request. Doing this with my unix servers is easy -- I can use YP to either serve on demand, run arpd on a server, or for critical ones, distribute a static table with scp.

    I don't understand the windows TCP stack at all, so I don't even know if this is possible.

    Ideas?
    I've done a little work around this. Apparently Windows (Lord bless 'im) maintains ONLY a DYNAMIC ARP table in RAM. That's IT. You can add static entries to this table, but they too are stored in RAM, and therefore gone once you switch off. ARP resolution is always done via broadcast.

    By the way, most of the Windows TCP/IP stack is pretty much OSI; but I don't understand "how it works" as in which DLL talks to which EXE and which process feeds which with info... but yeah, the model it uses is pretty much OSI7 compatible.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Force win2k to use arp server

      I've nailed this problem in a different way:
      I installed kerio personal firewall on all clients, and added packet filter rules:

      1. allow client computers to send anything to servers.
      2. block client computers from sending anything to clients.
      3. block clients from receiving broadcasts from clients.

      When I did this, of course browsing broke.

      So: DHCP tells computers to use WINS only.
      DHCP tells computers to use my main samba server for WINS.

      This allowed everything but logins to work, where the login was not cached on the local machine.

      Add lmhosts file to each client with two lines for my two primary servers.

      Everything works. Logins are much faster now.

      Comment


      • #4
        Re: Force win2k to use arp server

        As a measure to reduce spoofing, you want to disable arp????
        Why? what's wrong with the "windows" Arp?
        Where did you see spoofing?

        Arp is just a broadcast, to find the correct ipadress. It has nothing to do with wins. AFAIK i know, arp belongs to the layer 2 of the osimodel. Wins belongs afaik to layer 4.

        for more info about arp:
        http://www.juniper.net/techpubs/soft...p-config8.html
        http://www.tildefrugal.net/tech/arp.php
        http://www.freesoft.org/CIE/Topics/61.htm

        Normally, to reduce the "shouting" on a network, you need to be using Vlans on you're switches.
        Vlans can break broadcast domains, which is exactly you want.
        Personally i cant find one good reason what should be wrong with arp.
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Re: Force win2k to use arp server

          Originally posted by Dumber View Post
          As a measure to reduce spoofing, you want to disable arp????
          Why? what's wrong with the "windows" Arp?
          Where did you see spoofing?

          In Windows, Arp is just a broadcast, to find the correct MAC adress. It has nothing to do with wins. AFAIK i know, arp belongs to the layer 2 of the osimodel. Wins belongs afaik to layer 4.
          .......

          Personally i cant find one good reason what should be wrong with arp.
          **fixed**

          One thing wrong with ARP is that you cannot control it. It is in RAM and therefore is gone when you reboot. If you're having trouble resolving an IP address to a MAC address you can add a static route; but it too is gone when you reboot. With a lot of UNIX ARP implementations (and other IP-capable OS's), there is a specific service available on the network to do ARP resolution. This means that if there are problems you can add ARP entries which stay there once added - far better from the POV of the administrator.


          Tom
          For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

          Anything you say will be misquoted and used against you

          Comment


          • #6
            Re: Force win2k to use arp server

            Thnx for fixing it
            I wans't completely awake this morning

            I agree that it can be usefull, but i've never seen this before. I also never seen before that ARP can give strange issues (exept flooding)
            Marcel
            Technical Consultant
            Netherlands
            http://www.phetios.com
            http://blog.nessus.nl

            MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
            "No matter how secure, there is always the human factor."

            "Enjoy life today, tomorrow may never come."
            "If you're going through hell, keep going. ~Winston Churchill"

            Comment

            Working...
            X