ScottWStewart 2 Posted October 30, 2017 Share Posted October 30, 2017 Initiated an IP scan on my LAN and it was detected by ESET Endpoint Security: Detected ARP cache poisoning attack while scanning for IP's on my LAN. Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted October 31, 2017 Share Posted October 31, 2017 this is a false positive from the ESET intrusion detection system. You will need to add these IP's into the Trusted zone and addresses excluded from IDS. You can use this KB for a guide >> https://support.eset.com/kb2933/?page=content&id=SOLN2933 which is similar to what you will see locally with ESET ENDPOINT SECURITY or via policy. In the policy it will just say "Firewall" instead of personal firewall. I usually just add the whole network like >> 192.168.0.0/24 but you can just do those specific ip's if you want. Any ARP attack coming from the internet will be flagged regardless of the internal exclusions you are putting into ZONES. Link to comment Share on other sites More sharing options...
ScottWStewart 2 Posted November 2, 2017 Author Share Posted November 2, 2017 Thanks tmiuster2k. Link to comment Share on other sites More sharing options...
tmuster2k 22 Posted November 14, 2017 Share Posted November 14, 2017 no problemo. Link to comment Share on other sites More sharing options...
Recommended Posts