Hi!
I looked today into the log section of my router, and I found some strange listing about some sort of ARP attack.
I didn't know who are these source IP addresses come from. They are unknown to me.
Should I take any action?
Thanks.
Your router stopped any attack so you don't have to worry about your log file, It's the ones you may not see that are troubling most routers if not all are setup to block any unsolicited request so you are usually safe.
there are literally millions of hackers and script kiddies trying to find way to make money on the net every second of the day.
Fun fact --Determined hackers can scan and enumerate services on the entire IPv4 address range in less than an hour.
Years ago I used to go threw my router logs every month or two, My ISP recently replaced my router and it does not have this feature.
I took the liberty of looking up those IP's in your log, If your interested I posted it to pastebin since it is a large wall of text. I also included at the end how I used Windows WSL Ubuntu in powershell to do it.
IP-info.txt - Pastebin.com
@EOF
If you want to do some investigation first step is to note down known hosts on same segment.
Then run:
And make sure all IP entries match correct MAC entry that you gathered.Code:arp -a
You could write a simple script that would compare ARP cache output against it's own list of dynamically mapped entries and report any IP\MAC discrepancies.
And if that happens, you could launch your own ARP discovery against bad entry to learn more about target host.
You could also simply block specific hosts in router or in case of wireless change WI-FI password.
Last edited by zebal; 11 Apr 2021 at 03:40.
No point stopping there might as well go all in.
Check for an added DHCP server
Another added gateway
A change of DNS servers
I would imagine that a good security suite would include all and more though
I just use Windows defender which as far as I know can't do any of that but Windows firewall may be able to force your present router as the gateway and force the DNS server of your choice I'm not sure though
DL:
Thank you for such of info, and the best part for me is the PasteBin site with your PS script.
Pastbin is new to me.
I'm familiar with scripting on some level and I can interpret your script well.
Now I used it to target infos from another log.
Where I found really nice infos and IP's
Thank you.
It's actually bash terminal command's, Although I was using powershell it's the new version in preview release right now and I was using Linux commands. I have WSL 2 installed but I think WSL 1 would work too
GitHub - microsoft/terminal: The new Windows Terminal and the original Windows console host, all in the same place!
Releases . microsoft/terminal . GitHub
Quote
