Host spreads wrong MAC Adress of router on the WIFI

Posted by JavaIsMyIsland on Server Fault See other posts from Server Fault or by JavaIsMyIsland
Published on 2012-10-08T11:27:56Z Indexed on 2012/10/08 15:41 UTC
Read the original article Hit count: 374

Strange things are going on our network. Since yesterday a host which is actually not on our subnet spreads wrong ARP Replys on our network. To be precise, only on the WIFI. If I connect my Laptop to the cable ethernet, it gets the right MAC adress of the router. Also my Android phone and my Ubuntu system do get the right MAC Adress. So I took a look at wireshark. When I clear the ARP cache of the windows machine, the first ARP response is correct and comes from the router. But like 10 ms later another ARP response comes from another host in the WIFI. The host changes its IP Adresses from time to time and they look like they are not on our subnet. So I can not use the internet because DNS is not working anymore. Sometimes the router wins the race condition and the mac adress is set correctly in the arp cache. I first thought, this is an arp-poisoning mitm attack but it does not make sense if the packets get not routed correctly?! I restarted the router but it didn't help. I have no access to the router, else I would change the shared key to make sure there is no intruder on the wifi.

Screenshot - Second ARP Response is wrong!

© Server Fault or respective owner

Related posts about wireless-networking

Related posts about mac-address