Spoof Attack?

Status
Not open for further replies.

Nightwish

Solid State Member
Messages
19
I have 2 computers hooked up to my D-Link Router and noticed that my main pc froze a couple of times followed by a loud noise coming from the modem i think. Then my other pc suddently doesnt connect to the internet. While this one does. I looked at the status log for my router and it has this.

Oct/17/2004 19:50:38 DHCP lease IP 192.168.0.100 to Computer 00-10-B5-85-F1-B5
Oct/17/2004 19:50:38 Target IP(255.255.255.255), Target Port(67) Packet Dropped
Oct/17/2004 19:50:38 Spoof IP(0.0.0.0), Spoof Port(68)
Oct/17/2004 19:50:38 Spoof Attack fromd MAC(00-10-B5-85-F1-B5) Detect,
Oct/17/2004 19:22:07 DHCP lease IP 192.168.0.101 to your-c8bh3jaglt 00-11-2F-13-64-AC
Oct/17/2004 19:22:04 DHCP lease IP 192.168.0.100 to Computer 00-10-B5-85-F1-B5
Oct/17/2004 19:09:28 DHCP lease IP 192.168.0.100 to Computer 00-10-B5-85-F1-B5
Oct/17/2004 19:09:28 Target IP(255.255.255.255), Target Port(67) Packet Dropped
Oct/17/2004 19:09:28 Spoof IP(0.0.0.0), Spoof Port(68)
Oct/17/2004 19:09:28 Spoof Attack fromd MAC(00-10-B5-85-F1-B5) Detect,

Does anybody know what that means? Please help. I hope nobody hijacked my network or something.
 
You have the MAC address (00-10-B5-85-F1-B5)find a program to convert it to IP address. (they are many)

And see what IP will show. then then write it here...
 
I get the same problem. I have all D-Link components.

A DI-624 router hooked up to the main computer with internet access. Firmware v2.70

A DWL-G520 internal card on PC-2. Firmware v4.20

When that's it, all works fine except I get "Very Low" signal strength at PC-2. So, I bought a range extender. DWL-G710. Firmware v1.04.

With the range extender, the DI-624 logs show spoof attacks every 6 minutes. Exactly the same error as the first entry to this thread. The MAC address in the logs for the "attacker" is the range extender. The IP address in the logs is PC-2.

So, what I believe is happening is the router thinks the range extender is pretending to be PC-2. It sees the range extender having the same IP address as PC-2 and thinks it's a spoof.

Does this make any sense? How do I stop this from happening.

The end result, is the router drops PC-2 off the network everytime this happens. So PC2 is on/off the network every 6 minutes or so.

I finally unplugged the range extender and all is back to normal but I still have my dead spot!!
 
Do you know which of the two computers have the 00-10-B5-85-F1-B5 MAC address? You can find out by going to Control Panel/Network Connections. Right click on the computer's network card and select status, and then select support tab then select detail.

If this MAC address has IP 192.168.1.100, it's likely that the DHCP failed because of the security feature you put in place on your router like MAC filtering, port security, etc.

If you could state the model of the router, I can look into it.
 
Main computer (with router and cable modem): IP 192.168.0.100, MAC 00-0c-a1-e4-93-c5
Second computer (wireless, the one getting dropped): IP 192.168.0.101, MAC 00-0d-88-b2-90-f8
Router: IP 192.168.0.1, MAC 00-0d-d8-b7-ae-a2
Range Extender: IP 192.168.0.30, MAC 00-15-e9-c4-aa-a4

The router is D-Link model DI-624, with firmware upgrade to version 2.70
 
Oh, I'm sorry JimP, but I was talking to Nightwish.

JimP: Are you having the same problem too? Add the MAC address of your range extender to the Access List. You should add every computer or network device MAC address to that list except of course for the router. Anything network device connected to it.
 
Status
Not open for further replies.
Back
Top Bottom