Jump to content

Duplicate IP addresses detected and ICMP Flooding


Recommended Posts

We have recently started deploying ESET Endpoint Security 6.4.2014.0 in a corporate setting of around 500 machines.  For many of our laptop clients, we are now receiving the following alerts:

Duplicate IP addresses detected in network

Detected ICMP Flooding attack

However, I am certain that there are not any duplicate ip addresses.  If the problem were this widespread, we would have found it by now.  I have been here for over 5 years.

Could this have something to do with users who do not disable the WIFI when hard wired?  Possible, but we are also seeing this for remote VPN clients as well.  For what it's worth, we have a high-end SonicWALL firewall.

Link to comment
Share on other sites

  • 3 weeks later...

Most if not all of the machines showing this error are VPN clients (SonicWALL Global VPN).  This includes my home machine which is not on the domain and where I run my own independent copy of the consumer version of ESET.

Link to comment
Share on other sites

  • Administrators

You can create a firewall pcapng log for further analysis as follows:

1, In the advanced setup -> Tools -> Diagnostics enable advanced personal firewall logging.
2, Restart the computer.
3. After you've received a notification about a duplicate IP address, stop logging.
4, Compress the log and attach it to a personal message for me. Also it may be useful to provide me with the output from ESET Log Collector from that machine (see my signature for instructions).

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...