Jump to content

ARP Cache Poisoning


GreggG
 Share

Recommended Posts

We have Endpoint Security installed on our laptop users out in the field.  Today, he received the alert:
ARP Cache Poisoning blocked source 10.0.0.154  and target 10.0.0.154.  I'm not sure how to tell if its legit
or if its a false positive.  Any help appreciated.

Gregg

network log.txt

Link to comment
Share on other sites

  • Administrators

The machine has received the same IP address in the response to an ARP request from network adapters 0e:02:8e:98:6b:ff and 0e:02:8e:98:6b:fd. Why it happened we can't tell since we don't know what network adapters the MAC addresses belong to.

Link to comment
Share on other sites

Thanks Marcos...so it its its not an attack and everything is happening on the internal network.  Should i create a rule to ignore the local traffic.

 

Edited by GreggG
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...