Ask Your Question
0

Gateway keeps flooding the network with arp requests

asked 2018-01-12 19:22:10 +0000

rgb89 gravatar image

I have a small home network consisting of the gateway from the ISP, and less than 15 wireless clients. I noticed the network slowed down alot, even when there was only 1 client connected. I downloaded wireshark and captured with only 1 pc connected via ethernet, disabled the wifi and disconnected the telephone line that feeds the gate way. Every few seconds, i see the gateway sending out arp requests to sequential ip addresses that dont even exist on the network. See the image and file below. Capture: https://drive.google.com/file/d/1hBoD... Capture file: https://drive.google.com/file/d/1hf4I...

Im sure this is not normal behavior. There is alot of lag on the network at the moment its hard to get any work done.What could be causing this? Is it possible for the gate to be poisoned in this way? Any guidance provided would be greatly appreciated. Thank you!

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-01-12 19:45:32 +0000

sindy gravatar image

By itself, 100 arp requests every 5 seconds can not cause any network lag. What causes the router do that, and what happens if it gets a response, is a much more important question.

Is it possible for the gate to be poisoned in this way?

The sad answer is yes, home gateways can get infected by malware, with vulnerabilities ranging from vendor's backdoors through default WiFi passphrases deductible from MAC address which is broadcasted in the beacon frames combined with easy administrator passwords used "because the WPA2 is unbreakable so who cares about admin password" down to management ports open at WAN interface. Also an infected PC in the home LAN can silently keep trying to log as administrator to the gateway router using vocabularies of popular passwords.

So if re-flashing the router firmware, using TFTP during boot if supported in order to minimize chances for survival of the malware, helps, there is a high probability that your box got exploited.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-01-12 19:22:10 +0000

Seen: 1,556 times

Last updated: Jan 12 '18

Related questions

how to measure network and server latency

Monitoring UDP data on wireshark shows ARP packet

Why am I not seeing unique traffic

Detect network issue

display ARP and ICMP only

How to exclude "network cards" packets?

Is this source malicious?

long time to connect http device

How to correct Mobile Network Code

Microsoft Network Monitor cap file can be opened by Wireshark but save as function is disabled

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2