View previous topic :: View next topic |
Author |
Message |
evoweiss Veteran
Joined: 07 Sep 2003 Posts: 1678 Location: Edinburgh, UK
|
Posted: Sun Aug 14, 2016 8:59 am Post subject: ARP spoofing? |
|
|
Hi all,
I recently used arp -a and got some weird results (I forgot to copy them) involving a .ru domain. A reboot and everything is fine again. I have been good about using a passwordless ssh set-up to get into my work computer, disabling the ability to ssh in as root, checking for rootkits, etc.
There are two windows computers (updated, etc.) that are also connected to the home network. Is there a good (and straightforward) way to prevent this from happening in the future?
Best,
Alex |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9679 Location: almost Mile High in the USA
|
Posted: Sun Aug 14, 2016 2:41 pm Post subject: |
|
|
arp should be local collision domain only. It should be impossible for you to get a .ru domain unless your domain is in .ru and even if you got one somehow, I'm not sure how someone could exploit it as the packets would end up on your home network and get dropped (if you're on a firewalled subnet).
Getting that data you got is probably the only way we can get any suggestions on what you should do, else you're probably at a dead end here. Your machine somehow requested a machine on your network that somehow got a reverse lookup that's in .ru. Is your home network on a private network or is this machine on the public network? _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Sun Aug 14, 2016 3:57 pm Post subject: |
|
|
You could first limit ssh to your country ip range, people generally don't really change country everyday. |
|
Back to top |
|
|
|