How can I stop my computer from doing arp poisoning attacks?
I don't see any sort of "spoofing" or "poisoning" here.
The first part consists entirely of query packets. Some routers periodically send ARP queries to the entire subnet in order to refresh their "Connected computers" list, but although I have never seen a Windows 7 computer do this, it isn't harmful by itself – unless it reaches thousands of requests per second; your capture only shows ~256 packets. Do check "Network Discovery" settings, though.
The second part is just normal ARP queries and replies. Your router is asking for your computer's address every 30 seconds, which is fairly normal for ARP – and the computer's replies contain legitimate information.
Azurewav stands for "AzureWave Technologies" according to /usr/share/wireshark/manuf. It manufactures Atheros WiFi adapters commonly found in laptops.
Note: ARP is not related to the "DHCP" vs "Static IP" setting; ARP requests will be sent in either case.
Related videos on Youtube
11 : 35
07 : 22
19 : 52
20 : 06
02 : 19
umutto
Someone who is passionate about experimenting with innovative, state of the art technologies. Usually working with Microsoft .NET technologies, but recently in love with simplicity of python. Currently working as a software engineer, developing machine learning solutions.
Updated on September 18, 2022Comments
-
umutto over 1 year
I have a small LAN in my home about 4 - 5 computers. The problem is that when there are usually 3 or more pc's online we keep losing the Internet access randomly about every 2 minutes.
So we took a look with the wireshark and it seems like my computer is infected with something that keeps asking my IP to modem. It is something called "Azurewav" (I don't have any hardware or software that is related to neither Azurewav nor Azurwave)
Although its not broadcasting all the time, the thing that its asking modem every second about my mac address seems to be the problem about our connection lost. I'm not very experienced about this but pushing too many requests to modem may cause this (if other computers are infected too) IMHO.
Here is a screenshot from wireshark. I've put the known IP's as static but it keeps continuing somehow.
I'm using Windows 7 - 64 bit Ultimate. And connecting through wireless.
To sum up, my computer is doing some arp spoofing attacks without my will. How can I stop it? If it must be done with a software please share a free one. If it can be solved by deleting the malware by some scans or etc.. It would be much appreciated
-
Daniel R Hicks about 12 yearsYou can afford a W7-64 computer, but you can't afford decent antivirus software? (AzureWave is the brand of your wireless adapter, BTW.)
-
umutto about 12 yearsYes about that, I'm a student so W7-64 comes free. Azurewave is not the brand I did have a look for it but I couldn't find anything related to that company. That's why I noted (I don't have any hardware or software that is related to neither Azurewav nor Azurwave). Thanks for the reply!
-
Daniel R Hicks about 12 yearsOdd, it was at the top of the list when I Googled it. They make wireless adapters for laptops.
-
umutto about 12 yearsYes, I did & thought the exact same thing too but I couldn't even found their brand name on my hardware when I opened it up. The thing is if you search for "Azurewav" on google you can see some people also suffered. Maybe I accidentally installed their drivers?
-
Daniel R Hicks about 12 yearsOpen Device Manager and look at your Network Adapters. What's your wireless (WIFI) adapter called?
-
user1686 about 12 years@umutto, which IP address of
192.168.1.1and192.168.1.2belongs to your router, and which belongs to your computer? -
umutto about 12 years@grawity 192.168.2.1 is my router and 192.168.2.2 is my PC.
-
Daniel R Hicks about 12 yearsA quick Google shows that Atheros and AzureWare are one and the same and use many of the same drivers.
-
danorton over 9 yearsChromecast uses an AzureWave AW-NH387
-
-
umutto about 12 yearsThank you! Actually I've seen the first part only today, I thought it was interesting and wanted to share. Will check the "Network Discovery". And about the second part, I've checked with one of the other computers in my network and it didn't do that every 30sec or faster. So I was pretty sure it was ARP poisoning. Thanks for the info. So to sum up can we say I'm clean?
-
umutto about 12 yearsThank you for the answer again! I've changed my network discovery settings in anycase. First part was temporary I've been monitoring for 2days and its the first time I saw it, It was interesting so I put that also. Thank you!
