Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ARP Table - Potential Hacker's IP?


I am hoping someone might point me in the right direction in regards to data I am seeing in my ARP/RARP table, and potential hackers. I won’t get into the details of why this going on, but I can tell you that I hired a internet security forensics team while living in Singapore, and they did identify all of my data being leaked. The only problem was that the leaks were all occurring though my username on the computer, on hidden software I had put on myself. So there was not much I could do as the hacker had essentially set everything up so I was theoretically “leaking” all my info to myself. It was all very advanced according to the security firm, and I’m fairly certain hackers have been paid to do this.

I am back living in Canada now and the problems continue. However, I have found a bit of information that I feel may be useful, as it shows 1 lone static IP that ties into a small ISP located in the exact area I have always believed the hacker(s) to be in.  I am very suspicious of this as I have reset my router and plugged a brand new PC in, with nothing installed except Windows 8, and this IP address still appears.  I simply cannot imagine any program is being needed or run on a brand new PC from this area, and this dodgy ISP reseller who appears to be a 1-2 man operation. It could be someone who has bought this static IP address through them to use.  It certainly would make sense to me for a hacker to get his internet service from a tiny operation like this, rather than a large one.

The IP address in question is appearing in my Cisco DPC3825 router/modem ARP/RARP table.   The table shows a column of IP addresses tied into a MAC address. The problem is that I can’t link this MAC address to any device I have. Every IP address in this ARP table is tied into this unknown Mac address. The suspicious IP address only appears once, while the others all appear several times and appear to belong to my ISP (Shaw Cable), whio are a huge company in Canada.   When I do a search for MAC address device type, it appears to be a CISCO device.   I have read somewhere that “virtual devices” can be created in your system. Could this potentially be my own router with a virtual router of sorts configured with this MAC address, that is being controlled from the outside and leaking information?

Thanks for any information that can be given to me. I am on the verge of calling a professional IT security team in who might be able to link this static IP address into a person (with the law), but just want to try and really get an idea first of what this is all about.




Re: ARP Table - Potential Hacker's IP?

Hello Matt

  I would suggest that you  take consultation with an Forensics expert to trace the details and try vpn solution to secure your communitcation .There are many services avaiable.


  Kindle rate the reply if you find it helpful.

CreatePlease to create content