This article describes how to create a static ARP entry on Linux and Windows. Static ARP entries for important network components in the same Layer 2 segment provide some protection against ARP spoofing.
Ubuntu / Debian
In the following example we assume a gateway with the IP address 192.0.2.1 and the MAC address 00: XX: 0C: XX: DD: C1. The network interface used is eth0.
To create a static entry for this gateway, a file must be /etc/network/if-up.d/created in. This must be created as root user.
/etc/network/if-up.d/add-my-static-arp
#! / Bin / sh arp -i eth0 -s 192.0.2.1 00: XX: 0C: XX: DD: C1
After that the executable bit has to be set for this file.
chmod + x /etc/network/if-up.d/add-my-static-arp
ifupThe static entry is active from the next network interface.
Windows
In the following example we assume a gateway with the IP address 192.0.2.1 and the MAC address 00: XX: 0C: XX: DD: C1. The network interface is “Local Area Connection”.
In Windows Server 2008, the tool can be used netshfor configuration. This keeps the entries even after a reboot.
To do this, start the command line and log in as administrator:
runas / user: Administrator netsh netsh> interface netsh interface> ipv4 netsh interface ipv4> add neighbors "Local Area Connection" "192.0.2.1" "00-XX-0C-XX-DD-C1" store = persistent netsh interface ipv4> show neighbors Interface 1: Loopback Pseudo-Interface 1 Internet Address Physical Address Type -------------------------------------------- ------ ----------- ----------- 224.0.0.22 Permanent Interface 11: Local Area Connection Internet Address Physical Address Type -------------------------------------------- ------ ----------- ----------- 192.0.2.1 00-xx-0c-xx-dd-c1 Permanent ...
0 Comments