# Solved: ARP cache poisoning attack



## DexterDave (May 10, 2011)

Hi All

ESET Nod32 is picking up an ARP cache poisoning attack as well as a Port scanning attack from one of the other Windows PC on my home LAN. The other PC, like mine is a Windows 7 PC, both Home Premium.

Is that possibly malware or a virus on the other PC that is doing this? Does this affect my internet speeds, cause I've been really getting slow internet speeds since these message started appearing first.

Any suggestion on how I should handle this?

Thanks


----------



## lunarlander (Sep 22, 2007)

If I am not mistaken, ARP cache poisoning can lead to man-in-the-middle attacks, such that the attacker can intercept all of your network traffic. So it can read what you do online, like banking, buying stuff with credit cards etc. I think ARP cache poisoning is rarely used by malware or viruses, I would guess you have a hacker. 

I would shutdown all other PCs in the network, and attempt to fix the PC identified by ESET.


----------



## DexterDave (May 10, 2011)

Thank You Lunarlander. Appreciate. Problem is that the network is small, and I can assure you the person who's PC is doing the attacks knows nothing about hacking...Unless the hacker is getting access via the VPN he is connected to. Is that a possibility? Thing is, he is not always connected to the VPN...


----------



## lunarlander (Sep 22, 2007)

Is that person's PC a laptop ? If so, he may have been attacked while he was at a coffee shop not using his VPN. 
Does that person keep updating his Windows and software? If not, then there could be security vulnerabilities and is presenting the hacker with low hanging fruit. 
Does that person do peer to peer downloads like Bittorrent and Limewire? Tainted downloads could contain backdoors and botnet clients. Hackers seed downloads waiting for a bite.
There a many ways and reasons one can get hacked. Just visiting a compromised web site will start downloading and executing things on the hacker's behalf. And if the hacker is careful, like not using the machine to send out tons of spam mail, then there may be no performance degradation, and the user will never know unless he does security maintenance like comparing baselines, reviewing logfiles and checking for abnormal activity.


----------



## DexterDave (May 10, 2011)

Ok thanks Lunarlander. Appreciate. What do you suggest I do with the infected PC? Virus and Malware scan? what exactly do I look for? Is it some kind of executable file?


----------



## lunarlander (Sep 22, 2007)

I would start a thread in the malware removal forum, following the directions here : http://forums.techguy.org/virus-other-malware-removal/943214-everyone-must-read-before-posting.html

I don't know if a virus or malware scan would show anything, but it doesn't hurt to try.

There is a tool by TrendMicro called R U Botted, that identifies botnet infections, found here: http://free.antivirus.com/rubotted/


----------



## DexterDave (May 10, 2011)

thank You!


----------

