fairPM 0 Posted April 26, 2022 Share Posted April 26, 2022 I've been receiving these notices lately (several in one day, like i was being bombarded). far from a techie but i did do some research on this. When I first received these notifications, I did the 'arp -a' in Windows powershell and did find duplicate physical addresses. I thought perhaps my wifi extender got compromised. I have since removed it about a week or so ago. I have since started to use my NordVPN on startup for my desktop. Previously, I just used my vpn when on ublic networks. today, I received another series of ARP cache poisoning notifications (about 7 total). I was on my VPN, and I had already disconnected the wifi extender. interestingly, it says this device accessed the network 1 day ago but it's been sitting on the floor for days. Finally, I have a screenshot of my current results from Windows powershell. one when on wifi, the other when on ethernet. any suggestions on what to do? thank you in advance Link to comment Share on other sites More sharing options...
fairPM 0 Posted April 26, 2022 Author Share Posted April 26, 2022 oh, i forgot to say: 1) my wife has also received this cache poisoning attack on her laptop. (mine was on my desktop) Link to comment Share on other sites More sharing options...
Administrators Marcos 4,909 Posted April 26, 2022 Administrators Share Posted April 26, 2022 Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ELC. Link to comment Share on other sites More sharing options...
itman 1,627 Posted April 26, 2022 Share Posted April 26, 2022 1 hour ago, fairPM said: I thought perhaps my wifi extender got compromised. I have since removed it about a week or so ago. Did you remove the device entry in the router GUI interface? Link to comment Share on other sites More sharing options...
fairPM 0 Posted April 26, 2022 Author Share Posted April 26, 2022 2 hours ago, Marcos said: Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ESET Log Collector. confirming that I should send the report to ESET tech support? categorize as "Other virus or malware problem"? please advise. Link to comment Share on other sites More sharing options...
fairPM 0 Posted April 26, 2022 Author Share Posted April 26, 2022 56 minutes ago, itman said: Did you remove the device entry in the router GUI interface? no. not familiar with how to do that. I could call my service provider. I was surprised to see it last accessed the network 1 day ago... mirrored and copied perhaps? Link to comment Share on other sites More sharing options...
fairPM 0 Posted April 26, 2022 Author Share Posted April 26, 2022 2 hours ago, Marcos said: Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ESET Log Collector. I also just tried submitting the file to tech support but it limits it to 21M. My zipped log file is 63.4 Megs.... who and how do i send it to? thank you Link to comment Share on other sites More sharing options...
New_Style_xd 68 Posted April 27, 2022 Share Posted April 27, 2022 3 hours ago, fairPM said: Também tentei enviar o arquivo para o suporte técnico, mas ele o limita a 21M. Meu arquivo de log com zíper é 63,4 Megs.... para quem e como eu o envio? obrigado If the limit is higher, you put it somewhere and pass the link here to @Marcos Link to comment Share on other sites More sharing options...
Recommended Posts