Ricky Martin 1 Posted March 8, 2020 Share Posted March 8, 2020 Hi, Our current network is running on class C "192.168.10.x/24" and few of my clients receiving "ARP Cache Poisoning attack" when cross check it found out that the source and target within the trusted network which is 10.x/24 network. Steps taken: Have added our trusted network (given above) under IDS but seems not resolve. Kindly advice further Link to comment Share on other sites More sharing options...
itman 1,659 Posted March 8, 2020 Share Posted March 8, 2020 (edited) Did you follow the steps given here depending on what EES version you have installed: https://support.eset.com/en/kb7052-create-ids-exclusions-on-client-workstations-in-your-eset-endpoint-product-6x Or, at the ERA level: https://support.eset.com/en/kb6624-create-ids-exclusions-in-eset-remote-administrator-6x https://support.eset.com/en/kb7053-create-ids-exclusions-on-client-workstations-in-your-eset-endpoint-product-7x Or, at the EMSC level: https://support.eset.com/en/kb7054-create-ids-exclusions-for-client-workstations-in-eset-security-management-center-7x In reference to IDS exclusion details, you would be selecting the alert for ARP cache poisoning attack. The Remote IP address entered would be 10.x.x.0/24. Edited March 8, 2020 by itman Link to comment Share on other sites More sharing options...
Recommended Posts