Sign in to follow this  
ScottWStewart

Initiated an IP scan on my LAN and it was detected by ESET Endpoint Security

Recommended Posts

 

Initiated an IP scan on my LAN and it was detected by  ESET Endpoint Security:

Detected ARP cache poisoning attack while scanning for IP's on my LAN. 

IPScanner_Setoff these detections.jpg

Share this post


Link to post
Share on other sites

this is a false positive from the ESET intrusion detection system. You will need to add these IP's into the Trusted zone and addresses excluded from IDS.  You can use this KB for a guide  >> https://support.eset.com/kb2933/?page=content&id=SOLN2933 which is similar to what you will see locally with ESET ENDPOINT SECURITY or via policy. In the policy it will just say "Firewall" instead of personal firewall.  I usually just add the whole network like >>  192.168.0.0/24  but you can just do those specific ip's if you want. Any ARP attack coming from the internet will be flagged regardless of the internal exclusions you are putting into ZONES. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.