All of a sudden - seeing a new thing on Comodo logs -
if my PC LAN IP is 192.168.0.XXX, log shows incoming ARP from myself (i.e.192.168.0.XXX) to 0.0.0.0
This should show as outgoing - why is this showing as incoming?
am I ARPing myself or is someone forging packets via MITM attacks.
I’m on shared network.
Just want to know whats happening, its risk implications and how to mitigate - screens shared.
BTW, as said before COMODO CIS needs an ARP protection overhaul - I still get disconnected via ARP attacks every now & then inspite of ARP protection enabled.
ARP has changed over the years. After Vista, ARP was changed so that it “sort of” doesn’t use SPA (sender Protocol Address). The source address is set to 0.0.0.0 so all other ARP caches on the same network segment don’t have to refresh. It does, however, send it’s MAC address.
