# ARP spoofing?

## evoweiss

Hi all,

I recently used arp -a and got some weird results (I forgot to copy them) involving a .ru domain. A reboot and everything is fine again. I have been good about using a passwordless ssh set-up to get into my work computer, disabling the ability to ssh in as root, checking for rootkits, etc.

There are two windows computers (updated, etc.) that are also connected to the home network. Is there a good (and straightforward) way to prevent this from happening in the future? 

Best,

Alex

----------

## eccerr0r

arp should be local collision domain only.  It should be impossible for you to get a .ru domain unless your domain is in .ru and even if you got one somehow, I'm not sure how someone could exploit it as the packets would end up on your home network and get dropped (if you're on a firewalled subnet).

Getting that data you got is probably the only way we can get any suggestions on what you should do, else you're probably at a dead end here. Your machine somehow requested a machine on your network that somehow got a reverse lookup that's in .ru.  Is your home network on a private network or is this machine on the public network?

----------

## krinn

You could first limit ssh to your country ip range, people generally don't really change country everyday.

----------

