Jump to content

ARP Cache Poisoning Attacks


Recommended Posts

I've been receiving these notices lately (several in one day, like i was being bombarded).  far from a techie but i did do some research on this.  When I first received these notifications, I did the 'arp -a' in Windows powershell and did find duplicate physical addresses.   I thought perhaps my wifi extender got compromised. I have since removed it about a week or so ago. I have since started to use my NordVPN on startup for my desktop.  Previously, I just used my vpn when on ublic networks.

today, I received another series of ARP cache poisoning notifications (about 7 total). I was on my VPN, and I had already disconnected the wifi extender.

interestingly, it says this device accessed the network 1 day ago but it's been sitting on the floor for days.

Finally, I have a screenshot of my current results from Windows powershell.   one when on wifi, the other when on ethernet.  

 

any suggestions on what to do?

 

thank you in advance

2022-04-11_10-00-24.jpg

2022-04-26_11-42-23.jpg

2022-04-26_11-41-36.jpg

2022-04-26_11-34-46.jpg

Link to comment
Share on other sites

oh, i forgot to say:

 

1) my wife has also received this cache poisoning attack on her laptop. (mine was on my desktop)

 

Link to comment
Share on other sites

  • Administrators

Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ELC.

Link to comment
Share on other sites

1 hour ago, fairPM said:

I thought perhaps my wifi extender got compromised. I have since removed it about a week or so ago.

Did you remove the device entry in the router GUI interface?

Link to comment
Share on other sites

2 hours ago, Marcos said:

Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ESET Log Collector.

confirming that I should send the report to ESET tech support? categorize as "Other virus or malware problem"?

please advise.

Link to comment
Share on other sites

56 minutes ago, itman said:

Did you remove the device entry in the router GUI interface?

no. not familiar with how to do that. I could call my service provider. I was surprised to see it last accessed the network 1 day ago... mirrored and copied perhaps?  

Link to comment
Share on other sites

2 hours ago, Marcos said:

Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ESET Log Collector.

I also just tried submitting the file to tech support but it limits it to 21M. My zipped log file is 63.4 Megs.... who and how do i send it to?

 

thank you

Link to comment
Share on other sites

3 hours ago, fairPM said:

Também tentei enviar o arquivo para o suporte técnico, mas ele o limita a 21M. Meu arquivo de log com zíper é 63,4 Megs.... para quem e como eu o envio?

 

obrigado

If the limit is higher, you put it somewhere and pass the link here to @Marcos

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...