I am currently using a TalkTalk router to access my home network. I've had issues previously with my connection being either slow or cutting out fully (not a common issue).
I download XARP previously - a tool used to identify ARP spoofing attacks - The tool detected my network for a possible attack. I read somewhere in order to avoid this, you should make all ARP entries static. Even when doing so, the entry would revert back to dynamic when running arp -a
via cmd.
In the process of testing, I inputted the following command to show all neighbors on my network interface (in this case my Ethernet connection):
netsh interface ipv4 show neighbors "Ethernet"
Results can be seen here
However, I noticed an odd IP here (169.254.93.156) with the physical address as 00-00-00-00-00-00 (I'm assuming this is the MAC address) and the type set to unreachable. There are also many other IP's with this MAC address.
When I execute netstat -ano
via cmd to check for all connections and listening ports, I notice something weird with the local addresses showing 0.0.0.0 here and here.
What could I do in the worst scenario? Lets say someone has all the details to my router and my devices connected on it. I know I can detect using XARP but how would I prevent possible spoofing attacks?
Could the above be an indication of a possible MAC spoofing attack?
Bit of a rookie with this so any advise will be appreciated.