ynwa 0 Posted January 15, 2022 Share Posted January 15, 2022 Hello guys. I was using my Oculus Quest 2 via air link. If you're not familiar, airlink allows to connect the the quest 2 vr headset to my pc and play wirelessly. I noticed some stuttering and decided to go into router and change wifi channel. Like 10 seconds after changing it I got 6 notifications from ESET...network threat blocked, arp cache poisoning attack. I was thinking that maybe it's a false positive because it happened exactly when I changed the wifi channel so I tried to change the channel again, and it happened again. If i put my cursor on "Computer" in the eset notification, it shows my the ip of the device and the device is the oculus quest 2. Did i get some malware on the quest 2 or should i ignore those notifications? I can't scan the quest if i connect it to pc although it shows up as a removable device. Thanks. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 15, 2022 Administrators Share Posted January 15, 2022 It's typically a result of having adapters with identical IP addresses in the network. Check your firewall log if it contains records about detected identical IP addresses. ynwa 1 Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 15, 2022 Author Share Posted January 15, 2022 (edited) I didn't find any record about identical ip adresses. But looking in the logs the source ip is not always the quest 2 as i thought, i also get 192.168.1.1 which is the router. Besides my router, I have added a 2nd router in my parents kitchen and i use it as an extender so they have better range in their room. Could that cause this problem ? Edited January 15, 2022 by ynwa Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 15, 2022 Author Share Posted January 15, 2022 I powered off the router that i use as extender and changed wifi channel to try replicate the issue and see if that extender was the cause. I didn't get that notification anymore. I thought i solved the problem. But after i plugged the extender back in and changed wifi channel im not receiving that ARP attack notification anymore. I can't replicate anymore. Do you still think that 2nd router that i use as extender can be the cause? Thanks. Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 16, 2022 Author Share Posted January 16, 2022 17 hours ago, Marcos said: It's typically a result of having adapters with identical IP addresses in the network. Check your firewall log if it contains records about detected identical IP addresses. I forgot to quote you in my replies. Can you please help me solve this problem? Do you think the 2nd router is the cause? Thank you. Link to comment Share on other sites More sharing options...
itman 1,786 Posted January 16, 2022 Share Posted January 16, 2022 On 1/15/2022 at 3:39 AM, ynwa said: I didn't find any record about identical ip adresses. But looking in the logs the source ip is not always the quest 2 as i thought, i also get 192.168.1.1 which is the router. Besides my router, I have added a 2nd router in my parents kitchen and i use it as an extender so they have better range in their room. Could that cause this problem ? Verify that you have configured the main router properly. I'm assuming both routers are set up in Wi-Fi mode. In that case, you want to set the main router to "repeater mode" as shown in this article: https://www.lifewire.com/use-router-as-wifi-extender-5190828 . Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 16, 2022 Author Share Posted January 16, 2022 55 minutes ago, itman said: Verify that you have configured the main router properly. I'm assuming both routers are set up in Wi-Fi mode. In that case, you want to set the main router to "repeater mode" as shown in this article: https://www.lifewire.com/use-router-as-wifi-extender-5190828 . Hello. I think I did it correctly the first time but to be sure i resetted the 2nd router and configured it again. I've set the 2nd router as repeater and changed the ip address from 192.168.1.1 to 192.168.1.33 otherwise i cant access the interface because the routers have same ip. And then I connected the 2nd router to the 1st router's wifi. I will have to wait and see if i get that arp attack notification again. Do you think it's some conflict or attacker ? I dont understand what you mean by configuring the main router properly..i didnt have to do anything to it. I've followed the steps in the article, the repeater steps Link to comment Share on other sites More sharing options...
itman 1,786 Posted January 16, 2022 Share Posted January 16, 2022 1 minute ago, ynwa said: I've set the 2nd router as repeater According to the linked Livewire article, you set the existing; i.e. "old,' router to repeater mode: Quote Locate the old router’s wireless settings and select Repeating Mode. Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 16, 2022 Author Share Posted January 16, 2022 (edited) I call 2nd router aka a spare router that i wasnt using anymore...thats the one i've put in repeating mode, to extend the range of my main router. Is this correct ? Edited January 16, 2022 by ynwa Link to comment Share on other sites More sharing options...
itman 1,786 Posted January 16, 2022 Share Posted January 16, 2022 46 minutes ago, ynwa said: I call 2nd router aka a spare router that i wasnt using anymore...thats the one i've put in repeating mode, to extend the range of my main router. Is this correct ? Correct. Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 30, 2022 Author Share Posted January 30, 2022 (edited) Guys, after 12 days it has started again...what can I do ? Is someone really trying to steal information from me or is it a false positive ? I have 1000 network protection logs now with ARP cache poison attack. Again the IP is of the Quest 2. This time I didn't get any notification, I manually checked. I still have a suspicion it may have to do something with that 2nd router that I use as an extender but I dont know... Edited January 30, 2022 by ynwa Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted January 31, 2022 Most Valued Members Share Posted January 31, 2022 If I am not mistaken , there are 2 devices on your network that are trying to obtain the same IP Address , that is why you are getting detections of it. ynwa 1 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 31, 2022 Administrators Share Posted January 31, 2022 You can create an IDS exception for the detection / IP address if you intentionally use more devices with the same IP address. Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 31, 2022 Author Share Posted January 31, 2022 3 hours ago, Marcos said: You can create an IDS exception for the detection / IP address if you intentionally use more devices with the same IP address. But im not intentionally using more devices with the same ip. I didn't had this problem until I plugged that 2nd router which as far as I know is configured correctly. How can I know if someone is attacking me or if its just a duplicate ip ? Thank you. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,399 Posted January 31, 2022 Administrators Share Posted January 31, 2022 Maybe the router supports mesh networks in which the IP address of the router is shared? Link to comment Share on other sites More sharing options...
Most Valued Members Nightowl 206 Posted January 31, 2022 Most Valued Members Share Posted January 31, 2022 8 minutes ago, ynwa said: But im not intentionally using more devices with the same ip. I didn't had this problem until I plugged that 2nd router which as far as I know is configured correctly. How can I know if someone is attacking me or if its just a duplicate ip ? Thank you. You could make the second router with a different subnet , then it won't have duplicate IPs , or the device that is trying to take the already taken IP Address , Manually give it a new address that isn't taken by another device in the network, but that won't prevent another device from trying and take it again. Link to comment Share on other sites More sharing options...
ynwa 0 Posted January 31, 2022 Author Share Posted January 31, 2022 I have no idea on how to do all that. it's a bit too advanced for my networking knowledge I will do some research... I don't know if this helps in any way but Im able to replicate the arp poisoning attack notification. If i switch the wi fi network that my quest 2 is connected to, to the 2nd router(the extender) i get the notification again... I will try some research thanks for taking the time to assist me. Link to comment Share on other sites More sharing options...
Recommended Posts