Hello,
Just noticed strange IP's in my ARP list. See attached.
Any ideas how these could get into ARP table? Some sort of attack? Or malware inside LAN? Or maybe that's fine at all. But I haven't seen this before.
A bit worried if I am hacked somehow through the router.
The firewall looks like this:
/ip firewall address-list
add address=0.0.0.0/8 comment=RFC6890 list=bogon
add address=172.16.0.0/12 comment=RFC6890 list=bogon
add address=192.168.0.0/16 comment=RFC6890 list=bogon
add address=10.0.0.0/8 comment=RFC6890 list=bogon
add address=169.254.0.0/16 comment=RFC6890 list=bogon
add address=127.0.0.0/8 comment=RFC6890 list=bogon
add address=224.0.0.0/4 comment=Multicast list=bogon
add address=198.18.0.0/15 comment=RFC6890 list=bogon
add address=192.0.0.0/24 comment=RFC6890 list=bogon
add address=192.0.2.0/24 comment=RFC6890 list=bogon
add address=198.51.100.0/24 comment=RFC6890 list=bogon
add address=203.0.113.0/24 comment=RFC6890 list=bogon
add address=100.64.0.0/10 comment=RFC6890 list=bogon
add address=240.0.0.0/4 comment=RFC6890 list=bogon
add address=192.88.99.0/24 list=bogon
/ip firewall filter
add action=accept chain=forward comment="Accept estabilished, related, untracked" connection-state=established,related,untracked
add action=accept chain=forward comment="Accept new from LAN" connection-state=new dst-address-list=!bogon in-interface-list=LAN out-interface-list=WAN
add action=accept chain=forward comment="Allow VPN to access LAN" in-interface-list=LAN log-prefix="dyn if" out-interface-list=LAN
add action=accept chain=forward comment="Accept port forwarding" connection-nat-state=dstnat connection-state=new in-interface-list=WAN log=yes log-prefix=allow
add action=drop chain=forward comment="Drop the rest" log-prefix=drop
add action=accept chain=input comment="Accept estabilished, related, untracked" connection-state=established,related,untracked
add action=accept chain=input comment="Accept all from LAN" in-interface-list=LAN
add action=accept chain=input log=yes log-prefix=ipsec protocol=ipsec-esp
add action=accept chain=input dst-port=1701 ipsec-policy=in,ipsec log=yes log-prefix=ipsec protocol=udp
add action=accept chain=input dst-port=500 log=yes log-prefix=ipsec protocol=udp
add action=accept chain=input dst-port=4500 log=yes log-prefix=ipsec protocol=udp
add action=jump chain=input comment="Run ICMP filters" jump-target=icmp protocol=icmp
add action=drop chain=input comment="Drop the rest" log=yes log-prefix=drop
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 protocol=icmp
add action=accept chain=icmp comment="host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 protocol=icmp
add action=drop chain=icmp comment="deny all other types"
add action=accept chain=output connection-nat-state="" connection-state=new
/ip firewall nat
add action=masquerade chain=srcnat out-interface-list=WAN
/ip firewall service-port
set ftp disabled=yes
set tftp disabled=yes
set irc disabled=yes
set h323 disabled=yes
set sip disabled=yes
set pptp disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
Thanks.