Using unmanaged Switch after a recent network attack
So, 4 or so days ago, I was testing out an arp spoof attack on my own network, and what happened after that cost me 4 days of fixing all the issues, simply because I decided I would be an absolute idiot that day. What happened exactly was the following: I had two VMs set up on VirtualBox. One was Kali Linux and one was Windows 10, and my host machine is Windows 10 as well. Due to not having a wireless adapter, I set up my VMs through a NAT network, which was 100% safe and I tried all my "attacks" without any issues.
Now here's the fuckup, I decided to connect my host through Ethernet directly to the router, and set up my Kali's internet to be a Bridged Network. So it worked, and I connected to my actual network through Kali. Mind you, I left the default "toor" password as well, I don't know what I was thinking. So I ran the arp spoof program that I wrote in python, and told my gateway that I'm my phone (a Samsung device) and told my phone that I'm the gateway. After that I ran my packet sniffer program and everything worked as expected. A bit later, I noticed my router restarted by itself. I got suspicious and started monitoring my network through WireShark and XArp and witnessed my network (most likely) being hacked. I BELIEVE we got arp spoofed and then DDoSed. Because lots of unrecognized IPs and MAC addresses kept changing MAC addresses like crazy and sending about 500 ARP requests/replies a second. A short while later, my network got sluggish and not long after I lost my internet connection.
I called my ISP and he told me my servers MAC Address got blocked by the system, which is a security they use. Only thing he could help me with was to unblock it. After days of researching and leaving my host machine off and disconnected from the network 99% of the time, I formatted all my hard disks and installed a clean install of Windows 10, and changed my router password and my Wifi password to something more complex (they aren't the same pass, of course). It finally stopped after these steps and my network is (at least I think) working fine now.
The whole point of this story is that I'm getting an unmanaged switch from work soon, probably a TP-LINK SG1008D Gigabit switch. I want to use it to connect the devices in my room to ethernet since the router is too far. I will be connecting them through the repeater I'll set up in my room. (Ethernet from repeater to port 1 in switch, and rest of ports to my devices.) What I wanna ask is, is this safe? After the attacks I've got? I don't wanna troubleshoot any more, so if there's even a little doubt about the switch being unsecure and potentially ruining my network again, I simply won't use it.
Sorry for the long ass post, but I honestly don't know where else to ask for help. Any advice is truly appreciated! Oh, and if any more info is needed I'll provide it ASAP. Thanks.
submitted by Shiny-Jolteon
Help with ARP spoofing
Some outsider is in my router. I could see Arp attacks using XArp. I tried changing the Mac address using ARP -a but XArp showed 'StaticPreserveFilter'... Which changed the Mac address to attacker supplied. Any way to throw him out? I tried using VPN but still ARP spoofing was detected for my IP. I just have a basic router.
submitted by Street-Clue