smuggler.ie

Calm down. I appreciate you recommendations First, i am not "trying to establish" anything - that TV power up > ESET start "yelling" on PC's. Same time i have another Samsung TV(well, all 4x are Samsung, different models) on Eth .60(see arp -a tables above) and there is no single beep about it. Only one connection is available on TV at the time - you are right here - both addresses on ARP only says that table has "time out period"(purge does clean it) For clearance, so i know what connection is in use, i have Eth and WiFi IP's different (is there something wrong with that?) as these are separate NIC's with different MAC's (unless i am wrong here, however MAC's read different). Same i could say about laptop that has Eth and Wifi - different NIC's > different IP's > separate entries in ARP table > no entries in ESET. As far i understand, ARP should list IP-to-MAC providing request/respond. After purge, ARP should populate only what is on the network replying to request, there should be all fresh entries - then why ESET still read "duplicate IP" and only from this one TV? I don't say it is ESET's fault as it reports this one TV, on different PC's , no matter on what IP and what way i set it up. Other possibility i could think of - if some other devise "echo" reply "on behalf" to request about that IP(TV). Lets say router, same time replay: "i know that device on this MAC". But to my logic it should be : "shut up, i didn't ask you!" ☺️ I'm not willing to "throw blanket over" it as there is issue with TV or my network setup or lack of my knowledge. But it feels like all this is stressing you. Relax and ...forget about it. Thanks all for advice

Again - arp -a show "clean" table, but ESET yelling... Note: intervals in 20min . ???

Yesterday and before reset ARP tables were "clean", but after... this was surprise to me. Today i ran arp -a and TV came back with Eth .12(dynamic) address as it was yesterday. Reset that TV to factory def. TV notified that will reset all except network setting. Well, OK Ran arp -a again and TV came back with Eth .12(dynamic) address as it was before. ESET notifications popped on both 100 and 200 PC's. I decided to give TV static IP's for Eth(.70) and WiFi(.71) After running arp -a on both PC's discovery was "something". Don't even know what to say. I have purged ARP table on PC's and it came back with normal readings, no ESET "yelling" so far

Well, you see ... i can hide notifications from IP and keep blocking it(available option in ESET), but now i got determined to find out actual cause. Wonder if this could be some dodgy app. TV used by child(13) and very possible, or should i say most likely, it was "explored" in and out. Might be at some point something/some app was enabled/started. Internet browsing was also involved. As TV (to my understanding) has no protection whatsoever it might catch some "dirt"(hmmm...router firewall should prevent this) Who knows. I never liked "pre-loaded" apps and no option to control /delete them. While ago i read online - someone selling 5 day old Smart TV. To question "Why? Whats wrong?" answer was : "To smart" ? I might reset TV to factory defaults and see if this would change behavior.

You got me here... I know how to spoof MAC on virtual adapter in Hyper-V or VMware, but how to do this on TV network card...? Please do tell. Assigning MAC-to-IP within PC with arp -s doesn't make sense as arp -a from both PC's return same MAC for IP 192.168.1.12(and all other IP's for this matter). Router also confirm same IP/MAC in client list. "2." not an option til i figure out cause of it - network functioning OK so far, only annoying notifications and personal concern about "possible threat" or device misbehavior. I'm not that guy removing warning light bulb from dashboard just to mask failed airbag notification in the car. Thanks for your patience.

Let me provide more detail... 1. arp - a list has no duplicates 2. MAC of router match listed on arp -a 3. pay attention to screenshot i attached - source IP 192.168.1.12 (dynamic)is TV, notifications on ALL computers with ESET(four) start ONLY when TV is powered ON and stop as soon its OFF 4. no other network issues(if I'm right, usually, duplicate IP causes devices not being able to communicate, access resources or internet) 5. If "Eset detects that the MAC address associated with an IP address in the ARP catch doesn't match its actual physically assigned network adapter MAC address..", would it be correct to think that offending device is TV as it is TV that show up on all ESET installs. @Macros Thank you for offer, will get back to you on this.

Not quite...there is some thing else and i want to find out what that is, with experts help of course? This TV, same as other, has required access to "file server" PC and shares on it, but I'm getting "ARP poisoning attack" and "duplicate address" notifications from that specific one. Furthermore, notifications are on other PC's - screenshot above is not from "file server" PC. In regard IPv6 - my consumer grade router doesn't even support IPv6. And i have disabled IPv6 protocol on all computers were avail(extra unnecessary traffic) By source IP it is that one TV not router

Thanks Macros. Not sure what you mean "different MAC" - could it be possible for TV able to spoof/change MAC? Doubt that. Any way, it comes from same IP(whatever IP i set on TV - DHCP or static) and IP resolves to same MAC. I know option to "stop blocking" or "stop notifications" options, but this brings us back to my original question: " What cause of it, and is it safe to "kill" this with exclusion rule? What possible consequences by creating exclusion rule - its Samsung smart TV with cr*p apps preinstalled on it? Is it safe? " I could accept that this ARP calling could be beacon to see if network shares available or some in these lines, but how to be sure? And where is "Duplicate IP addresses on network" coming from - router, that act as DHCP server, have no logs about duplicate IP addresses and no other network issues?

Thank you folks, but... ESET Endpoint Security v7.2073.1 has no " firewall log " in log drop-down menu and interface completely different than the one in link. "Network protection" might be?

HI Macros, Sorry for late comeback. I hope you can still help me to resolve this... Currently updated to ESET Endpoint Security 7.0.2073.1 Where about do i "-clear firewall log" ?

Hi, As per title getting, "ARP Cache Poisoning attack" from local IP to my PC. Thing is that this comes from TV. Along with this "Duplicate IP address" from same IP(TV) Further detail: There is other Samsung smart TV's and no reports from them. All TV's set with static IP's there is shared folder(media files) on PC that TV's have access over DLNA Main question: What cause of it, and is it safe to "kill" this with exclusion rule? What possible consequences by creating exclusion rule - its Samsung smart TV with cr*p apps preinstalled on it? Is it safe? Thank you