Алгоритмы защиты ARP

Algorithm 1 update arp cache

1: if DHCP packet is received then

2:   if message type is DHCPACK then

3:       IP ← ‘your IP address’ field value

4:       if IP != server’s IP then

5:          MAC ← ‘client’s hardware address’ field value

6:          Add (IP, MAC) to server’s ARP cache

7:          Add (IP, MAC) to backup file

8:       end if

9:    else if message type is DHCPRELEASE then

10:      IP ← ‘your IP address’ field value

11:      if IP != server’s IP then

12:         Remove (IP, ?) from server’s ARP cache

13:         Remove (IP, ?) from backup file

14:      end if

15:   else if message type is DHCPDECLINE then

16:      IP ← ‘requested IP address’ options field value

17:      if IP != server’s IP then

18:         Remove (IP, ?) from server’s ARP cache

19:         Remove (IP, ?) from backup file

20:      end if

21:   else

22:      NOOP

23:   end if



24:end if


Algorithm 2 send arp reply

1: if ARP message is received then

2:    if operation field = REQUEST then

3:       TPA ← Target Protocol Address field value

4:       Create an ARP REPLY message

5:       Sender Protocol Address field ← TPA

6:       if TPA = server’s IP address then

7:          SHA ← server’s MAC address

8:       else

9:          Find (TPA, MAC) mapping in ARP cache

10:         if (TPA, MAC) does not exist then

11:            return //No response is sent

12:         end if

13:         SHA ← MAC address in (TPA, MAC)

14:      end if

15:      Sender Hardware Address field ← SHA

16:      Send ARP response to requesting host

17:   end if

18:end if

—————————————————————–
Дальнейшее – за гуру скриптинга. Скрипткидди, проходьте мимо!

 

Алгоритмы защиты ARP

Отключаем программу улучшения качества MS Windows. :-)

Более подробную информацию о программе улучшения качества MS Windows вы можете получить по прямой ссылке: Более подробную информацию о программе улучшения качества MS Windows вы можете получить по прямой ссылке:

Несколько вариантов:
1. Отключается данная шпионка довольно просто, достаточно в строке поиска (“Пуск”–>”Поиск”) вбить слово “программа улуч”, после чего будет выведен список найденных программ, из которого выбираем программу улучшения качества, запускаем ее и отключаем отправку отчетов.
2. 1) В строке поиска меню Пуск введите команду gpedit.msc и нажмите Enter.
2) Перейдите до папки: Конфигурация компьютера->Административные шаблоны->Система->Управление связью через Интернет->Параметры связи через Интернет
3) Щелкните правой кнопкой мыши на Отключить программу по улучшению качества программного обеспечения Windows и выберите пункт Изменить.
4) Установите переключатель в значение Включить и нажмите кнопку OK.
3. Запускаем regedit.exe и правим ключ реестра HKLM\Registry\Machine\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable с 1 на 0. Более подробно описывается здесь: http://support.microsoft.com/kb/951282/ru.


https://nikitushkinandrey.wordpress.com/2012/05/11/%d0%be%d1%82%d0%ba%d0%bb%d1%8e%d1%87%d0%b0%d0%b5%d0%bc-%d0%bf%d1%80%d0%be%d0%b3%d1%80%d0%b0%d0%bc%d0%bc%d1%83-%d1%83%d0%bb%d1%83%d1%87%d1%88%d0%b5%d0%bd%d0%b8%d1%8f-%d0%ba%d0%b0%d1%87%d0%b5%d1%81/

We disconnect the program of improvement of quality of MS Windows. :-)

You can receive more detailed information on the program of improvement of quality of MS Windows on a direct reference: http://www.microsoft.com/products/ceip/ru-ru/default.mspx

Some options:
1. This spy quite simply is disconnected, there is enough in a line of search (“Start-up”–> “Search”) to hammer word “program улуч” then the list of the found programs from which we choose the program of improvement of quality will be deduced, start it and we disconnect sending of reports.
2. 1) In a line of search of the Start-up menu enter the gpedit.msc team and press Enter.
2) Pass to the folder: A computer configuration-> Administrative templates-> System-> Management of communication through Internet> communication Parameters on the Internet
3) Right-click on to Disconnect the program on improvement of quality of the software of Windows and choose the Change point.
4) Establish the switch in value to Include and press the OK button.
3. We start regedit.exe and we rule a key of the register of HKLM\Registry\Machine\Software\Policies\Microsoft\SQMClient\Windows\CEIPEnable with 1 on 0. It is in more detail described here: http://support.microsoft.com/kb/951282/ru


<a href='http://nikitushkinandrey.wordpress.com/2012/07/17/we-disconnect-the-program-of-improvement-of-quality-of-ms-windows/'>Источник статьи</a>

Isolation of domains on the MS Windows Server platforms and not only ;-).

For a better understanding about this technology I advise to address on the following references:

http://technet.microsoft.com/ru-ru/library/cc755490%28WS.10%29.aspx

http://technet.microsoft.com/ru-ru/library/cc755490%28WS.10%29.aspx


I want to add a little to this information.
In view of that there is a possibility of isolation not only domains, servers, the computers which are not entering into the domain. There is also a possibility on isolation of the computers entering into the existing MS Windows domain. Tell, and for what it can be necessary? For example, for isolation of the kopyyuter entering into the MS Windows domain which appeared are infected with a network virus (worm) but for which access to some resources of the domain is necessary. Not absolutely safely, truth? But, we will protect other computers of a network from direct interaction with the infected workplace. Besides, always there is a possibility to protect this computer and physically, having forced it to work through the allocated station of safety, for example, as through a lock which, in turn, will begin to block an undesirable traffic. All this quite flexibly can be adjusted for rainy day by means of AD (GPO) security policies, and then, as required, to add in this policy the hosts needing isolation. It is worth to remember also and about possibility of a filtration of a traffic on ports with IPSec use since it can protect from some types of network viruses which use not system ports for the work. But, unfortunately, such possibilities modern viruses leave ever less. And everywhere IT services divisions still use the NetBIOS protocol for the publication of the general resources in a network that harmful influences security of hosts in a local network. And it was possible to use AD possibilities for the publication in the AD catalog, then the quantity used system ports on hosts in a network was reduced a little, system resources from refusal of use of superfluous services would increase, there would be impossible an infection with some network viruses and would make impossible attacks to the NetBIOS protocol. Yes, for critics, in such policy of the organization of the domain it is possible to add and exceptions to the rules, for print servers, for example.
I will add from myself still that the present possibilities already were present from the MS Windows 2000 platform, but nobody paid to them attention, or didn’t want to study new possibilities on improvement of level of safety in the MS Windows network and whether a little still why. And still the present possibilities of very few people uses.
The author of these lines already used possibilities on isolation of domains in the work in 2004, but then to me the organizations which would like to improve information security didn’t meet and to simplify response to these or those инцинденты information security though offers were brought by me and I acquainted the management with this technology. And it is a pity! It is not necessary to mark time, it is necessary to develop infrastructure and completely to use the possibilities offered by the producer of these platforms – Microsoft, instead of to look for not certificated and doubtful decisions of foreign producers which, as a rule, aren’t free and demand additional financial allocations.
Small addition to this article. Isolation of domains can be realized with IPSec use, without installation of additional components as it advises Microsoft, will work without problems. It is a pity, what about it there is no mention on a site of technical support of Microsoft, probably, they and didn’t think of such possibility? Good luck!


https://nikitushkinandrey.wordpress.com/2012/07/17/isolation-of-domains-on-the-ms-windows-server-platforms-and-not-only/