Jump to content

ARP Cache Poisoning

GreggG

By GreggG
in ESET Endpoint Products

 Share

Recommended Posts

GreggG

GreggG 0

Posted
Posted

We have Endpoint Security installed on our laptop users out in the field.  Today, he received the alert:
ARP Cache Poisoning blocked source 10.0.0.154  and target 10.0.0.154.  I'm not sure how to tell if its legit
or if its a false positive.  Any help appreciated.

Gregg

network log.txt

Link to comment
Share on other sites
  • Administrators
Marcos

Marcos 5,070

Posted
  • Administrators
Posted

The machine has received the same IP address in the response to an ARP request from network adapters 0e:02:8e:98:6b:ff and 0e:02:8e:98:6b:fd. Why it happened we can't tell since we don't know what network adapters the MAC addresses belong to.

Link to comment
Share on other sites
GreggG

GreggG 0

Posted
  • Author
Posted (edited)

Thanks Marcos...so it its its not an attack and everything is happening on the internal network.  Should i create a rule to ignore the local traffic.

 

Edited by GreggG
Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...