Jump to content

Detected ARP cache poisoning attack


ScottWStewart
 Share

Recommended Posts

One computer on my network is being detected by other PCs as sending an  ARP cache poisoning attack. The computer that is being detected as sending an ARP attack has the latest ESET Endpoint Security and defs. One note, the user that uses this workstation complains about the PC being slow. How to I stop the computer doing the attacking to stop? Below is details and screenshot from ESET Remote Administrator. Thanks in advance

  • Computer Name accounting3-pc
     
     
  • COMPUTER DESCRIPTION
     
     
     
  • THREAT NAME
     
     
     
  • RULE NAME
     
     
     
  • RULE ID
     
     
     
  • OCCURRED
    2017 Nov 13 10:33:39
     
     
  • EVENT
    Detected ARP cache poisoning attack
     
     
  • SOURCE ADDRESS
    10.19.67.96
     
     
  • SOURCE PORT
    0
     
     
  • TARGET ADDRESS
    10.19.67.75
     
     
  • TARGET PORT
    0
     
     
  • PROTOCOL
    ARP
     
     
  • INBOUND
    Yes
     
     
  • PROCESS NAME
     
     
     
  • ACCOUNT
     
     
     
  • COUNT
    3

Any help would be much appreciated.

ARP.jpg

Link to comment
Share on other sites

  • Administrators

Duplicate IP addresses were detected in the network. Make sure that each computer has a unique IP address.

Do you have a server with two or more network adapters for redundancy in the network?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...