I’ve been trying to understand what’s going on for a while and finally managed to narrow the problem down to a specific firmware version being used. The problem exists in RUT2_ branch (RUT240 model specifically) and cannot be reproduced in RUT9_. Different SIM cards, default and clean configuration. Nothing on the ISP side as far as I can tell.
The problem is that the ARP table gets polluted with public IPs once the modem gets online. The corresponding MAC address is random and changes every reboot, which makes me thinking this could be a memory-related issue of some component. The public IP addresses are mostly related to mass scanning and DNS requests, the interface is not meant for the public. Looking at the dumped traffic, it seems the source of the problem is somewhere around ICMPv6. Anyone observed similar things? Kind of scared to keep this device up 24/7 until I fully understand the source of these entries and how it may affect security.
