ScottWStewart 2 Posted November 14, 2017 Share Posted November 14, 2017 One computer on my network is being detected by other PCs as sending an ARP cache poisoning attack. The computer that is being detected as sending an ARP attack has the latest ESET Endpoint Security and defs. One note, the user that uses this workstation complains about the PC being slow. How to I stop the computer doing the attacking to stop? Below is details and screenshot from ESET Remote Administrator. Thanks in advance Computer Name accounting3-pc COMPUTER DESCRIPTION THREAT NAME RULE NAME RULE ID OCCURRED 2017 Nov 13 10:33:39 EVENT Detected ARP cache poisoning attack SOURCE ADDRESS 10.19.67.96 SOURCE PORT 0 TARGET ADDRESS 10.19.67.75 TARGET PORT 0 PROTOCOL ARP INBOUND Yes PROCESS NAME ACCOUNT COUNT 3 Any help would be much appreciated. Link to comment Share on other sites More sharing options...
ESET Moderators foneil 342 Posted November 14, 2017 ESET Moderators Share Posted November 14, 2017 See Solution 1 in this KB article https://support.eset.com/kb2933/, apply the same settings in Solution 1 to an ERA policy. To do this using ERA, see https://support.eset.com/kb3478/ Link to comment Share on other sites More sharing options...
Administrators Marcos 5,242 Posted November 15, 2017 Administrators Share Posted November 15, 2017 Duplicate IP addresses were detected in the network. Make sure that each computer has a unique IP address. Do you have a server with two or more network adapters for redundancy in the network? Link to comment Share on other sites More sharing options...
Recommended Posts