GreggG 0 Posted July 20, 2020 Share Posted July 20, 2020 We have Endpoint Security installed on our laptop users out in the field. Today, he received the alert: ARP Cache Poisoning blocked source 10.0.0.154 and target 10.0.0.154. I'm not sure how to tell if its legit or if its a false positive. Any help appreciated. Gregg network log.txt Link to comment Share on other sites More sharing options...
Administrators Marcos 5,257 Posted July 20, 2020 Administrators Share Posted July 20, 2020 The machine has received the same IP address in the response to an ARP request from network adapters 0e:02:8e:98:6b:ff and 0e:02:8e:98:6b:fd. Why it happened we can't tell since we don't know what network adapters the MAC addresses belong to. Link to comment Share on other sites More sharing options...
GreggG 0 Posted July 20, 2020 Author Share Posted July 20, 2020 (edited) Thanks Marcos...so it its its not an attack and everything is happening on the internal network. Should i create a rule to ignore the local traffic. Edited July 21, 2020 by GreggG Link to comment Share on other sites More sharing options...
Recommended Posts