Ricky Martin 1 Posted March 8, 2020 Posted March 8, 2020 Hi, Our current network is running on class C "192.168.10.x/24" and few of my clients receiving "ARP Cache Poisoning attack" when cross check it found out that the source and target within the trusted network which is 10.x/24 network. Steps taken: Have added our trusted network (given above) under IDS but seems not resolve. Kindly advice further
itman 1,799 Posted March 8, 2020 Posted March 8, 2020 (edited) Did you follow the steps given here depending on what EES version you have installed: https://support.eset.com/en/kb7052-create-ids-exclusions-on-client-workstations-in-your-eset-endpoint-product-6x Or, at the ERA level: https://support.eset.com/en/kb6624-create-ids-exclusions-in-eset-remote-administrator-6x https://support.eset.com/en/kb7053-create-ids-exclusions-on-client-workstations-in-your-eset-endpoint-product-7x Or, at the EMSC level: https://support.eset.com/en/kb7054-create-ids-exclusions-for-client-workstations-in-eset-security-management-center-7x In reference to IDS exclusion details, you would be selecting the alert for ARP cache poisoning attack. The Remote IP address entered would be 10.x.x.0/24. Edited March 8, 2020 by itman
Recommended Posts