![]() Somehow there's an host on IP 172.31.32.33 with the same MAC-address as my work router (e8:bd:d1:0d:48:12): I opened XARP sometime later to check for ARP poisoning attacks. Then, my own laptop is constantly sending ARP packets like this: There's seems to be another device doing the same, which is "unreachable": When I try to ping this it says it's "unreachable": Then there is an unknown device that appears to be arp storming the private network: This transmissions seem to be mainly between the router and my laptop (HuaweiTe_0d:48:12 - router, HonHaiPr_31:87:75 - laptop) and many public IPs, some unknown. I uploaded the capture and a few more files, please feel free to check:įrom the capture we can see there's a big number of TCP out-of-order segments coming and going mainly from/to ports 443/3220 and, likewise, there's a huge number of Duplicate ACK(#1) and errors: The office is in the 2nd floor of a building where there are many other small companies located, like ours. Notice that only me and my boss are working together at the office (max 4 devices connected at a time. Maybe a botnet/spam/DDOS attack, I don't know. So, I ran Wireshark again today (v.3.2.3) during part of my work schedule (about 5h) and noticed there's a repetition of behaviour (packets transmitted/types) from certain devices on my local network(s)(router, laptop, other devices) from previous scans I did that seems to indicate that something is off. I hope someone can help me here with a possible issue on my private networks (work and home):
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |