This article describes how to create a static ARP entry on Linux and Windows. Static ARP entries for important network components in the same Layer 2 segment provide some protection against ARP spoofing.

Ubuntu / Debian

In the following example we assume a gateway with the IP address 192.0.2.1 and the MAC address 00: XX: 0C: XX: DD: C1. The network interface used is eth0.

To create a static entry for this gateway, a file must be /etc/network/if-up.d/created in. This must be created as root user.

/etc/network/if-up.d/add-my-static-arp

#! / Bin / sh
arp -i eth0 -s 192.0.2.1 00: XX: 0C: XX: DD: C1

After that the executable bit has to be set for this file.

chmod + x /etc/network/if-up.d/add-my-static-arp

ifupThe static entry is active from the next network interface.

Windows

In the following example we assume a gateway with the IP address 192.0.2.1 and the MAC address 00: XX: 0C: XX: DD: C1. The network interface is “Local Area Connection”.

In Windows Server 2008, the tool can be used netshfor configuration. This keeps the entries even after a reboot.

To do this, start the command line and log in as administrator:

runas / user: Administrator netsh

netsh> interface
netsh interface> ipv4
netsh interface ipv4> add neighbors "Local Area Connection" "192.0.2.1" "00-XX-0C-XX-DD-C1" store = persistent

netsh interface ipv4> show neighbors

Interface 1: Loopback Pseudo-Interface 1


Internet Address Physical Address Type
-------------------------------------------- ------ ----------- -----------
224.0.0.22 Permanent

Interface 11: Local Area Connection


Internet Address Physical Address Type
-------------------------------------------- ------ ----------- -----------
192.0.2.1 00-xx-0c-xx-dd-c1 Permanent
...
Categories: Tutorials

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: