Duplicate IP addresses detected and ICMP Flooding

[mlottgie 0]

We have recently started deploying ESET Endpoint Security 6.4.2014.0 in a corporate setting of around 500 machines.  For many of our laptop clients, we are now receiving the following alerts:

Duplicate IP addresses detected in network

Detected ICMP Flooding attack

However, I am certain that there are not any duplicate ip addresses.  If the problem were this widespread, we would have found it by now.  I have been here for over 5 years.

Could this have something to do with users who do not disable the WIFI when hard wired?  Possible, but we are also seeing this for remote VPN clients as well.  For what it's worth, we have a high-end SonicWALL firewall.

[Marcos 5,074]

Most likely an ARP response with the same IP address was received from multiple network adapters with different MAC addresses.

[mlottgie 0]

Most if not all of the machines showing this error are VPN clients (SonicWALL Global VPN).  This includes my home machine which is not on the domain and where I run my own independent copy of the consumer version of ESET.

[Marcos 5,074]

You can create a firewall pcapng log for further analysis as follows:

1, In the advanced setup -> Tools -> Diagnostics enable advanced personal firewall logging.
2, Restart the computer.
3. After you've received a notification about a duplicate IP address, stop logging.
4, Compress the log and attach it to a personal message for me. Also it may be useful to provide me with the output from ESET Log Collector from that machine (see my signature for instructions).