Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange ARP broadcasts


  • Please log in to reply
No replies to this topic

#1 Freegman

Freegman

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 13 May 2009 - 07:50 AM

Hey all.

I've recently noticed when I run wireshark that I'm continually getting strange ARP broadcasts. When connected to my router, the source is my physical address MAC, and broadcast asks: Who has 10.59.0.184? Tell 192.168.10.1. Broadcasts are quite consistent but sporadic (a few times a minute, usually in 4-5 packets at a time). If I plug my cable modem directly into my computer, the source is my default gateway MAC and the broadcast asks: Who has 72.53.79.129? Tell 72.53.79.148. It seems when I do this the broadcasts are much less frequent and come in just one packet at a time.

Google says that IP belongs to Cybercorp.inc / 3web corp (my ISP is Rogers). Not sure if that's useful information or not. I'm about 99% sure my machine is not infected with any sort of malware, and just to be safe, I've scanned it with the following: AVG, Avira, Spybot, Malwarebytes, SUPERantispyware, Kaspersky online scan - all of which showed no infection. This wasn't happening about two weeks ago and I can't think of anything I did that might have caused it. Although, this did start around the same time that my download speed doubled (I figured they upgraded their hi-speed "lite" service which is what I'm subscribed to), so maybe it's something my ISP changed.

I have a feeling that this is going to end up being something stupid and make me look like a newbie, which I am, but I just need peace of mind! Any help would be greatly appreciated.

Edit: Ok so after doing a bunch of random stuff like rebooting everything and disconnecting/connecting etc.. it finally seemed to resolve itself, but now I'm getting spammed with a different ARP broadcast message. This one is being broadcast from a different computer connected to the same network and it's spamming me about every two seconds, constantly. Using wireshark on that computer, it shows the source as that computers MAC, the broadcast is asking for the router IP, then the router replies appearing to communicate successfully, except it loops over and over again. Something is definitely screwed up but I think I can rule malware out.

Edited by Freegman, 13 May 2009 - 01:45 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users