Getting "ARP Cache Poisoning Attack" messages all day!

[Mariska73 0]

I'm getting the "ARP Cache Posioning Attack" Error the whole time today, if I look at the IP it's my Samsung Smart TV that's on my network. Can you please assist how to handle this.

 

[Marcos 5,074]

It looks like your Samsung TV was responding with different MAC addresses to ARP queries. Since the TV is basically a trusted device, you can create an IDS exception for the detection.

[itman 1,659]

38 minutes ago, Marcos said:

Since the TV is basically a trusted device, you can create an IDS exception for the detection.

There really is no such thing in regards to MAC spoofing:

Quote

In another scenario, some people may still be using WEP encryption for their wireless network because some old devices don’t support WPA. WEP encryption is very weak and can be cracked in less than 5 minutes using BackTrack Linux. Most of the time they’d also enable a second line of defense which is the MAC address filtering to only allow authorized devices to connect to their wireless network but they’re wrong. A hacker can easily find out the authorized MAC address, change their network card’s MAC address to the authorized ones and poison the ARP cache to prevent the owner’s machine from connecting to it. Here’s an example of Belkin Play Max F7D4401 v1 router. It has a MAC Address Filtering feature where you can set up a list of allowed clients and use the wireless connection.

https://www.raymond.cc/blog/hacking-knowledge-importance-of-spoofing-your-mac-address/

[Marcos 5,074]

I meant this

[itman 1,659]

42 minutes ago, Marcos said:

I meant this

I should have been more specific in my reply. Spoofing of an IoT device MAC address is a distinct possibility. More so if the ARP poisoning alerts just suddenly started from a network connected device that had been in place for some time.