# arp attack?

## jesnow

My desktop system appears to be under attack by arp flood:

With all user programs shut down, cup0 is maxed and nettop shows 51mb/s of arp trsffic, squaring with xosview, which shows 6.6MB/s.

Naturally nothing else is working. 

How can I detect the source? 

Any help appreciated. I guess I will shut down eth0 and disconnect it from the network for now and hope that the attacker goes away.  restarting eth0 does nothing. 

#$%^&*&!

----------

## BradN

Originating from your network segment?  If you're on coax, short out the line and see how they like them apples.  Or try changing your mac address if you're on a network that doesn't authenticate using it.  If you find the source, suggest using a length of rubber hose to correct the problem.

----------

## whig

That is strange. Use wireshark to see where packets are going to and from. As said may be a hardware or software loop.

----------

## jesnow

All quiet now. It's the wild west on an open campus network.

----------

## rockdragon

you can be sure of that  :Wink: 

I'm in one myself and have unsecure https connections and other strange stuff all the time :/

----------

