I believe my router is infected since I recently had malware on my PC. I have since reinstalled Windows 7. After getting rid of the malware/virus from my PC, my network is acting weird (certain pages loading slowly or not at all on all computers) and I notice that the gateway mac address I am connected to does not match the mac address on my router. It is off by one number. Is this normal? Also, Xarp has warned me that ARP attacks have been detected, but I don't the next step from there. Can someone point me in the right direction. This is driving me crazy. Thanks. asked 10 Apr '15, 15:38 billyunaire edited 10 Apr '15, 15:39 |
2 Answers:
I don't know if that's normal (could be a result of your router firmware). Anyway, you can figure out if there is ARP spoofing on the network, by doing this:
If so, there is either something broken in your network (like one system having the same IP address as your default gateway) or there is really some ARP spoofing going on. In either case: switch off all your systems one by one and repeat the test until the duplicate ARP replies stop. Now you know which system caused them and you can further investigate what's wrong with that system. Regards answered 11 Apr '15, 05:51 Kurt Knochner ♦ |
Is this a modem or wireless router? If it's a wireless router I think someone is logged onto your your wifi and is doing a man in the middle attack on your network. I would change your wifi password and make it stronger, WPA2 over 20 chars and turn off WPS, plus make sure the firmware is up to date. answered 10 Apr '15, 15:53 zer0day edited 10 Apr '15, 16:03 It is a 2wire 3801HGV Router/Modem from ATT. I am currently using default settings for it. I will change the Password. Would it help to clear devices connected to the router and enable mac filtering? (10 Apr '15, 16:26) billyunaire Would it help to clear devices connected to the router and enable mac filtering? No it wouldn't. (4) important things, all of them are important....All
(10 Apr '15, 19:57) zer0day |
You make some assumptions without much evidence. How are you determining the "gateway mac address"?
You state you have a "network of computers", how large is this, how are they connected to your internet router, and what type of internet connection do you have?