Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1487
Views
4
Helpful
1
Replies

ARP Table - Potential Hacker's IP?

expat1111
Level 1
Level 1

‎01-05-2014 12:45 PM - edited ‎03-10-2019 06:07 AM

Hi,

I am hoping someone might point me in the right direction in regards to data I am seeing in my ARP/RARP table, and potential hackers. I won’t get into the details of why this going on, but I can tell you that I hired a internet security forensics team while living in Singapore, and they did identify all of my data being leaked. The only problem was that the leaks were all occurring though my username on the computer, on hidden software I had put on myself. So there was not much I could do as the hacker had essentially set everything up so I was theoretically “leaking” all my info to myself. It was all very advanced according to the security firm, and I’m fairly certain hackers have been paid to do this.

I am back living in Canada now and the problems continue. However, I have found a bit of information that I feel may be useful, as it shows 1 lone static IP that ties into a small ISP located in the exact area I have always believed the hacker(s) to be in.  I am very suspicious of this as I have reset my router and plugged a brand new PC in, with nothing installed except Windows 8, and this IP address still appears.  I simply cannot imagine any program is being needed or run on a brand new PC from this area, and this dodgy ISP reseller who appears to be a 1-2 man operation. It could be someone who has bought this static IP address through them to use.  It certainly would make sense to me for a hacker to get his internet service from a tiny operation like this, rather than a large one.

The IP address in question is appearing in my Cisco DPC3825 router/modem ARP/RARP table.   The table shows a column of IP addresses tied into a MAC address. The problem is that I can’t link this MAC address to any device I have. Every IP address in this ARP table is tied into this unknown Mac address. The suspicious IP address only appears once, while the others all appear several times and appear to belong to my ISP (Shaw Cable), whio are a huge company in Canada.   When I do a search for MAC address device type, it appears to be a CISCO device.   I have read somewhere that “virtual devices” can be created in your system. Could this potentially be my own router with a virtual router of sorts configured with this MAC address, that is being controlled from the outside and leaking information?

Thanks for any information that can be given to me. I am on the verge of calling a professional IT security team in who might be able to link this static IP address into a person (with the law), but just want to try and really get an idea first of what this is all about.

thanks,

G

Labels:
0 Helpful
1 Reply 1

kaaftab
Level 4
Level 4

‎02-26-2014 03:18 AM

Hello Matt

  I would suggest that you  take consultation with an Forensics expert to trace the details and try vpn solution to secure your communitcation .There are many services avaiable.

Note:

  Kindle rate the reply if you find it helpful.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card