ARP Poisoning Attack

[CDuarte 0]

Good morning all,

 

Recently I keep getting a message when I log into my system.

 

"Detected ARP cache poisoning attack" and shows me the IP address for my Backup Drive

 

All the computers on my environment are using windows 7 and some use windows 8. But as for the backup drive, it is just that.

 

Can anyone give me a hand please.

 

Thank you,

 

Carlos

[Janus 210]

Hello CDuarte

 

Try to see this link from Eset's archives : DNS Cache Poisoning Attack

 

Regards Janus :-))

[CDuarte 0]

Thank you very much for the reply. I will try that and see if that fixes my problem.

[Marcos 5,070]

With v7 excluding trusted IP addresses from IDS is much easier. When an attack is detected, you should be able to open a dialog allowing you to stop blocking attacks from the particular trusted IP address as follows:

 

 

 

 

[Janus 210]

Hello Marcos

 

"Question", this opportunity to interact with a dialog window, does it not only counts for when the firewall is set to be interactive. I mean, you will not see this opportunity if the firewall is set to automatic filtering? ( If I have understood it correctly, you could swift to interactive firewall to resolve a situation , regarding a poisoning attack, and in those cases, where it is a know and trusted ip, for then to set your firewall in automatic mode with exceptions, if necessary.

 

Regards Janus

[TomFace 539]

Janus, when I was having my internet connection issues, I do believe I saw that dialog window pop up (hey, this is new) when I was busy changing out modems. I do not believe I was in interactive mode (as I try to use automatic-less thinking involved), but I could be mistaken.  

[Marcos 5,070]

No, the option to set an IP address as trusted upon attack detection shows up regardless of what firewall mode is used.

[Janus 210]

Hello

 

TomFace and Marcos, thanks for the feedback on my post . Have a nice weekend,  to both of you :-))

 

Regards Janus