i use RouterBOARD 941-2nD for Local Network
my mac table is full of 00:00:00:00:00:00 MAC addresses ,
where is the problem from ?
Has my router been hacked?
ARP Table is 00:00:00:00:00:00
Hi all
i use RouterBOARD 941-2nD for Local Network
my mac table is full of 00:00:00:00:00:00 MAC addresses ,
where is the problem from ?
Has my router been hacked?
i use RouterBOARD 941-2nD for Local Network
my mac table is full of 00:00:00:00:00:00 MAC addresses ,
where is the problem from ?
Has my router been hacked?
Re: ARP Table is 00:00:00:00:00:00
Possibly. I'm trying to think of a legit use of all zeroes as a MAC and I don't know of one. Hopefully someone knows.
To me that looks like some kind of a DDoS attack on that subnet. I would sniff it. If a machine is sending out gratuitous arps with all zeroes for all addresses in the subnet, then you found the problem.
Seems likely to me that it's one machine that's doing that.
To me that looks like some kind of a DDoS attack on that subnet. I would sniff it. If a machine is sending out gratuitous arps with all zeroes for all addresses in the subnet, then you found the problem.
Seems likely to me that it's one machine that's doing that.
Re: ARP Table is 00:00:00:00:00:00
thank a lotPossibly. I'm trying to think of a legit use of all zeroes as a MAC and I don't know of one. Hopefully someone knows.
To me that looks like some kind of a DDoS attack on that subnet. I would sniff it. If a machine is sending out gratuitous arps with all zeroes for all addresses in the subnet, then you found the problem.
Seems likely to me that it's one machine that's doing that.
how block this attack ?
Re: ARP Table is 00:00:00:00:00:00
It is not a problem. You can ignore this.
Only when the left column would show DC instead of D it would be a problem!
Only when the left column would show DC instead of D it would be a problem!
Re: ARP Table is 00:00:00:00:00:00
Have you seen this before? What is doing that?
I didn't pick up on the D vs DC, good call.
Still, it seems like a single machine trolling the subnet space for something... It's annoying if nothing else.
If this was my network I would be looking at packet sniffer traces to see what is doing this and why. The answer might not be malicious but it's not polite.
I didn't pick up on the D vs DC, good call.
Still, it seems like a single machine trolling the subnet space for something... It's annoying if nothing else.
If this was my network I would be looking at packet sniffer traces to see what is doing this and why. The answer might not be malicious but it's not polite.
Re: ARP Table is 00:00:00:00:00:00
Depending on RouterOS version (which he does not reveal) the situation of a pending ARP entry is either
not displayed at all, displayed as blanks, or displayed as 00:00:00:00:00:00
Apparently the latter in his case.
Something is scanning the network causing the router to ARP to all addresses, and there is apparently nothing
on those addresses so you see the result shown in the screenshot.
You are right, it would be a good idea to check what is doing this and if this is normal.
But it is not a fault of the MikroTik. Well, that is not completely excluded: the same thing is shown during
or just after use of the function tools->IP scan.
not displayed at all, displayed as blanks, or displayed as 00:00:00:00:00:00
Apparently the latter in his case.
Something is scanning the network causing the router to ARP to all addresses, and there is apparently nothing
on those addresses so you see the result shown in the screenshot.
You are right, it would be a good idea to check what is doing this and if this is normal.
But it is not a fault of the MikroTik. Well, that is not completely excluded: the same thing is shown during
or just after use of the function tools->IP scan.
Who is online
Users browsing this forum: benonet, Bing [Bot] and 20 guests