| Funny IPs in my router's 'ARP Cache Table' I got notice from my cable internet provider that I went over 60 GB monthly limit and I started looking inside my router for internet usage and found some suspicious entries in the ARP Cache Table...
I only have limited understanding of networking when it comes to this technical stuff and I thought I'd ask here.
Most entries are the the house 192.168.1.x network but there is a bunch of entries that look like public IPs.
216.58.121.193 - 00-05-00-E2-1A-26
184.175.45.129 - 00-05-00-E2-1A-26
206.188.78.1 --- 00-05-00-E2-1A-26
184.175.45.193 - 00-05-00-E2-1A-26
209.141.181.225 -00-05-00-E2-1A-26
184.175.45.65 ---00-05-00-E2-1A-26
184.175.45.161 - 00-05-00-E2-1A-26
216.58.48.193 -- 00-05-00-E2-1A-26
69.165.245.225 -- 00-05-00-E2-1A-26
216.58.48.225 - 00-05-00-E2-1A-26
184.175.45.33 -- 00-05-00-E2-1A-26
184.175.45.97 -- 00-05-00-E2-1A-26
192.168.100.1 -- 00-18-C0-C6-1F-07
99.225.112.1 --- 00-05-00-E2-1A-26
Does it mean I got hacked and somebody used my network somehow?
I am on Rogers cable- two accounts hooked up to DrayTek Vigor 2910 double WAN router.
The usage over monthly limit happened on the account that most of the house is on. The second acct is used for administration and for failover purpose only.
I suspect a computer in the house might have some 'backdoor' or is otherwise compromised. But still I don't get how could I get those IPs apparently behind router, where to my understanding only the private range 192.168.x.x should be showing... but I don't rightly know what ARP table is, so I am asking what you guys think. |
|
Reviews:
 ·VOIPo
 ·Windstream
·BroadVoice
| Those are IP's on the WAN side of your router, and are normal for them to be in the ARP table on a Cable Network, just as LAN devices will be, you router needs to know both since it is plugged in to both.
The Cable network on the WAN side act pretty similar to a simple switched network like your LAN.
--
ASUS M4A79T Deluxe | AMD Phenom II x3 720 BE AM3 w/4 Cores @ 3.41Ghz(OC) | 4Gb DDR3 Memory @ 1600mhz | Sapphire ATI HD4870 1GB 800mhz/1000mhz(OC) | 2x500GB HDD's Raid 0 | Windows 7 Ultimate x64 Build 7600 (RTM) | Windstream DSL 12m (14.9m Sync)/766k |
|
| Thanks, maybe the pointer are the last two entries
192.168.100.1 -- 00-18-C0-C6-1F-07
99.225.112.1 --- 00-05-00-E2-1A-26
where the first one likely comes from VMWare Workstation and the second 99.225.112.1 is on rogers network - IP of one of the interfaces is 99.225.112.X
So far then I don't see anything nefarious going on, I have some 8 Wireless Access Points around the house but traffic on each one of them is low, about 0.2 GB in upload per month (mostly as computers - Macintoshes - keep connected to APs I suppose and ask for websites. The bulk of the traffic comes from wired LAN PCs and likely from heavy use of Youtube I think.
Draytek router setup allows me only to either use either WAN 1 or 2 but not using both. Was thinking that house PCs would automatically split load between the two accts and get 2x 60GB usage per month. Looks like I may have to switch them manually in the router setting when the limit 60 GB is reached. |
|
|
|
Reviews:
·Verizon Online DSL
| said by VanDivX:... Draytek router setup allows me only to either use either WAN 1 or 2 but not using both. Was thinking that house PCs would automatically split load between the two accts and get 2x 60GB usage per month. Looks like I may have to switch them manually in the router setting when the limit 60 GB is reached.
It depends on how you configure the router. I found this in a spec page for your router:
"The second interface can be used as backup failover for the primary WAN port, load balancing or for bandwidth aggregation. This allows you to use two Internet feeds simulataneously to provide higher total capacity (aggregation), or rule-based routing over two feeds (load balancing). "
Is your router configured to do load balancing? If so, then the rules may need to be adjusted to help balance the load more evenly. |
|
| Well, on the page "WAN >> Load-Balance Policy " it allows me me to choose Protocol and WAN in drop down menus and specify 'Source IP Start' and 'Source IP End'
(plus also Destination IP Start and End and Destination Port Start and End - but I leave destination empty which defaults to any destination I believe).
I choose Protocol ANY, WAN either WAN1 or WAN2 and the Source IP I input either one computer's IP for Source Start and Source End (or the range of IPs for including more computers).
Now since the choice is only either WAN1 or WAN2 on any single entry line, then to make a given computer send traffic via both WAN 1 & 2 interfaces I don't see any other way but making another entry line with the same IP and choosing the other WAN on that line.
But its up to anybody's guess if that would work as intended. I am going to look it up in the manual for the router but don't have much faith in the manual beforehand - you know how it is with these korean manuals or what the nationality is. They are either confusing with their English or just describe what you see but don't explain how what works. Still I will have a peep, on the premise that you never know. I do have pdf manual someplace here.
Other reasons why I didn't look into balancing loads before is that some Macs in the house sometimes keep asking for mail server password. I think the problem was having active wireless interface on the Mac as well as wired LAN one which I think confused the mail server. I understand that with double WAN routers load balancing mode one needs then to tie mail server port querry to a given single WAN interface which is one more bother. Not sure though if that is really needed. |
|
| OK looking at the basic WAN setup "WAN >> General Setup" I see that I have chosen the setting 'Active Mode:' in drop down menu as 'Always ON' for both WAN 1 and WAN 2
The other choice is 'Active on Demand' in which case I am allowed to do additional selection below: first choice is 'WAN 2 Fail' (we are in setting for WAN 1) and the second choice is:
WAN2 Upload speed exceed [0] Kbps
WAN2 Download speed exceed [0] Kbps
Now I am not really much concerned with Failover, after all we are talking about home setting.
Originally I set the router's 'Active Mode:' as 'Always ON' because I thought it would otherwise disconnect the internet connection to the provider when there is no demand from computers which could lead to delays before relogging with the service... however now I think that was mistaken notion. 'Always ON' basically means that only that interface will be used no matter what load is on it.
But the switching to second interface when download speed is over certain treshold really doesn't fit my purpose too much which is to split the load evenly between WAN1 & 2 so that if the mothly traffic would be say 90 GB it would split roughly between the two interfaces (as ~ 45 and 45 GB)
But then again maybe it would do more or less just that. I talk about 6MB or more 'extreme speed' Rogers cable, I remember real world download speeds on large files from some good servers sometimes reaching 1.1 MB/s or a bit more which gives 1.1 MB * 1024 = 1126.4 KBps *8 = 9011.2 kbps or '9MB' internet service... right? I think the Rogers extreme is rated something like that.
BUT what if the monthly 60 GB limit was racked up by using lots of Youtube video watching? That's realatively small trickle over long periods which may not trigger the usage of the other WAN interface at all and at the end of the month the limit on the one interface will be overdrawn anyway and the router will give a damn about it LOL
Problem is that we talk about LOAD, about line saturation, while I would need to split the total traffic. Don't really know if some roters do that, perhaps the commercial grade ones do? But that's accademic. |
|
| On further looking into WAN >> General Setup I see there is another setting which precedes the setting I described in previous post.
Load Balance Mode: and the two choices are: 'Auto Weight' & 'According to Line Speed'
I have is set to 'Auto Weight' setting since both lines (accts) have the same speed. |
|
