ScottWStewart

Detected ARP cache poisoning attack

Recommended Posts

One computer on my network is being detected by other PCs as sending an  ARP cache poisoning attack. The computer that is being detected as sending an ARP attack has the latest ESET Endpoint Security and defs. One note, the user that uses this workstation complains about the PC being slow. How to I stop the computer doing the attacking to stop? Below is details and screenshot from ESET Remote Administrator. Thanks in advance

  • Computer Name accounting3-pc
     
     
  • COMPUTER DESCRIPTION
     
     
     
  • THREAT NAME
     
     
     
  • RULE NAME
     
     
     
  • RULE ID
     
     
     
  • OCCURRED
    2017 Nov 13 10:33:39
     
     
  • EVENT
    Detected ARP cache poisoning attack
     
     
  • SOURCE ADDRESS
    10.19.67.96
     
     
  • SOURCE PORT
    0
     
     
  • TARGET ADDRESS
    10.19.67.75
     
     
  • TARGET PORT
    0
     
     
  • PROTOCOL
    ARP
     
     
  • INBOUND
    Yes
     
     
  • PROCESS NAME
     
     
     
  • ACCOUNT
     
     
     
  • COUNT
    3

Any help would be much appreciated.

ARP.jpg

Share this post


Link to post
Share on other sites

Duplicate IP addresses were detected in the network. Make sure that each computer has a unique IP address.

Do you have a server with two or more network adapters for redundancy in the network?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Recently Browsing   0 members

    No registered users viewing this page.