Jump to content

ARP Cache Poisoning Attack


Recommended Posts

Hello guys. I was using my Oculus Quest 2 via air link. If you're not familiar, airlink allows to connect the the quest 2 vr headset to my pc and play wirelessly. I noticed some stuttering and decided to go into router and change wifi channel. Like 10 seconds after changing it I got 6 notifications from ESET...network threat blocked, arp cache poisoning attack. I was thinking that maybe it's a false positive because it happened exactly when I changed the wifi channel so I tried to change the channel again, and it happened again. If i put my cursor on "Computer" in the eset notification, it shows my the ip of the device and the device is the oculus quest 2. Did i get some malware on the quest 2 or should i ignore those notifications? I can't scan the quest if i connect it to pc although it shows up as a removable device. Thanks.

k.jpg

Link to comment
Share on other sites

  • Administrators

It's typically a result of having adapters with identical IP addresses in the network. Check your firewall log if it contains records about detected identical IP addresses.

Link to comment
Share on other sites

I didn't find any record about identical ip adresses. But looking in the logs the source ip is not always the quest 2 as i thought, i also get 192.168.1.1 which is the router. 

Besides my router, I have added a 2nd router in my parents kitchen and i use it as an extender so they have better range in their room. Could that cause this problem ?

z.jpg

Edited by ynwa
Link to comment
Share on other sites

I powered off the router that i use as extender and changed wifi channel to try replicate the issue and see if that extender was the cause. I didn't get that notification anymore. I thought i solved the problem. But after i plugged the extender back in and changed wifi channel im not receiving that ARP attack notification anymore. I can't replicate anymore. Do you still think that 2nd router that i use as extender can be the cause? Thanks.

Link to comment
Share on other sites

17 hours ago, Marcos said:

It's typically a result of having adapters with identical IP addresses in the network. Check your firewall log if it contains records about detected identical IP addresses.

I forgot to quote you in my replies. Can you please help me solve this problem? Do you think the 2nd router is the cause? Thank you.

Link to comment
Share on other sites

On 1/15/2022 at 3:39 AM, ynwa said:

I didn't find any record about identical ip adresses. But looking in the logs the source ip is not always the quest 2 as i thought, i also get 192.168.1.1 which is the router. 

Besides my router, I have added a 2nd router in my parents kitchen and i use it as an extender so they have better range in their room. Could that cause this problem ?

Verify that you have configured the main router properly.

I'm assuming both routers are set up in Wi-Fi mode. In that case, you want to set the main router to "repeater mode" as shown in this article: https://www.lifewire.com/use-router-as-wifi-extender-5190828 .

Link to comment
Share on other sites

55 minutes ago, itman said:

Verify that you have configured the main router properly.

I'm assuming both routers are set up in Wi-Fi mode. In that case, you want to set the main router to "repeater mode" as shown in this article: https://www.lifewire.com/use-router-as-wifi-extender-5190828 .

Hello. I think I did it correctly the first time but to be sure i resetted the 2nd router and configured it again. I've set the 2nd router as repeater and changed the ip address from 192.168.1.1 to 192.168.1.33 otherwise i cant access the interface because the routers have same ip. And then I connected the 2nd router to the 1st router's wifi. I will have to wait and see if i get that arp attack notification again. Do you think it's some conflict or attacker ? I dont understand what you mean by configuring the main router properly..i didnt have to do anything to it. I've followed the steps in the article, the repeater steps

Link to comment
Share on other sites

1 minute ago, ynwa said:

I've set the 2nd router as repeater

According to the linked Livewire article, you set the existing; i.e. "old,' router to repeater mode:

Quote

Locate the old router’s wireless settings and select Repeating Mode.

 

Link to comment
Share on other sites

I call 2nd router aka a spare router that i wasnt using anymore...thats the one i've put in repeating mode, to extend the range of my main router.  Is this correct ?

Edited by ynwa
Link to comment
Share on other sites

46 minutes ago, ynwa said:

I call 2nd router aka a spare router that i wasnt using anymore...thats the one i've put in repeating mode, to extend the range of my main router.  Is this correct ?

Correct.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...