Need Help - PC ARP issue

All of a sudden - seeing a new thing on Comodo logs -

  • if my PC LAN IP is 192.168.0.XXX, log shows incoming ARP from myself (i.e.192.168.0.XXX) to

  • This should show as outgoing - why is this showing as incoming?

  • am I ARPing myself or is someone forging packets via MITM attacks.

  • I’m on shared network.

Just want to know whats happening, its risk implications and how to mitigate - screens shared.

BTW, as said before COMODO CIS needs an ARP protection overhaul - I still get disconnected via ARP attacks every now & then inspite of ARP protection enabled.

ARP has changed over the years. After Vista, ARP was changed so that it “sort of” doesn’t use SPA (sender Protocol Address). The source address is set to so all other ARP caches on the same network segment don’t have to refresh. It does, however, send it’s MAC address.

For a far better explanation, see Network Device sending ARP request (opcode 1) but with Source IP - Network Engineering Stack Exchange - scroll to the bottom to read the reply from Patrick Mackey.

Hope this helps,
Ewen :slight_smile:

Thanks for the details.

Hope Comodo listens to my ARP upgradation request.