Jump to content

Recommended Posts

Using Glasswire i was warned that the MAC Address of my Dahua doorbell (similar to RING), had a new MAC Address in my ARP table. To the best of my very limited knowledge, the MAC Address is assigned to hardware and should never change. If this presumption is true, i have to believe i have a problem.

Is there anything MWB can do to further determine intrusion?

Can anyone advise me on if i, in fact, do appear to have a problem? If so, how to proceed?

 

MANY THANKS!!! And i do mean that in all caps!

Link to post
Share on other sites

Sometimes software messages alarm the viewer.  In this case a new MAC Address in a PC ARP table.  Instead of trying to interpret such messages I suggest making sure the LAN infrastructure is secured.  If you are worried about MITM attacks, I suggest you be proactive on prevention.  The Dahua doorbell is a hardware appliance.  Makes sure it is secured.  If it communicates withing your LAN, makes sure the hardware appliance is properly secured.  I don't know it and I won't pretend to know it.  But if it gets a LAN IP and has some form of administrative management, makes sure that the physical MAC address of the hardware appliance is known and is ALLOWED to obtain a DHCP Lease from your Router.

Implementing MAC Authentication may be an option.  That is only known MAC addresses are allowed to obtain an IP and communicate on the LAN.

Suggestions:

  • Disable acceptance of ICMP Pings
  • Change the Default Router password using a Strong Password
  • Use a Strong WiFi password on WPA2 using AES encryption or Enable WPA3 if it is an option.
  • Disable Remote Management
  • Create separate WiFi networks for groups of devices with similar purposes to prevent an entire network of devices from being compromised if a malicious actor is able to gain unauthorized access to one device or network. Example: Keep IoT devices on one network and mobile devices on another.
  • Change the network name (SSID).  Do not use your; Name, Postal address or other personal information.  Make it unique or whimsical and known to your family/group.
  • Is the Router Firmware up-to-date ?  Updating the firmware mitigates exploitable vulnerabilities.
  • Specifically set Firewall rules to BLOCK;   TCP and UDP ports 135 ~ 139, 445, 1234, 3389, 5555 and 9034
  • Document passwords created and store them in a safe but accessible location.

 

  • Like 1
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.