Jump to content

ARP Cache Poisoning Attacks


Recommended Posts

I've been receiving these notices lately (several in one day, like i was being bombarded).  far from a techie but i did do some research on this.  When I first received these notifications, I did the 'arp -a' in Windows powershell and did find duplicate physical addresses.   I thought perhaps my wifi extender got compromised. I have since removed it about a week or so ago. I have since started to use my NordVPN on startup for my desktop.  Previously, I just used my vpn when on ublic networks.

today, I received another series of ARP cache poisoning notifications (about 7 total). I was on my VPN, and I had already disconnected the wifi extender.

interestingly, it says this device accessed the network 1 day ago but it's been sitting on the floor for days.

Finally, I have a screenshot of my current results from Windows powershell.   one when on wifi, the other when on ethernet.  

 

any suggestions on what to do?

 

thank you in advance

2022-04-11_10-00-24.jpg

2022-04-26_11-42-23.jpg

2022-04-26_11-41-36.jpg

2022-04-26_11-34-46.jpg

Link to comment
Share on other sites

oh, i forgot to say:

 

1) my wife has also received this cache poisoning attack on her laptop. (mine was on my desktop)

 

Link to comment
Share on other sites

  • Administrators

Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ELC.

Link to comment
Share on other sites

1 hour ago, fairPM said:

I thought perhaps my wifi extender got compromised. I have since removed it about a week or so ago.

Did you remove the device entry in the router GUI interface?

Link to comment
Share on other sites

2 hours ago, Marcos said:

Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ESET Log Collector.

confirming that I should send the report to ESET tech support? categorize as "Other virus or malware problem"?

please advise.

Link to comment
Share on other sites

56 minutes ago, itman said:

Did you remove the device entry in the router GUI interface?

no. not familiar with how to do that. I could call my service provider. I was surprised to see it last accessed the network 1 day ago... mirrored and copied perhaps?  

Link to comment
Share on other sites

2 hours ago, Marcos said:

Please provide logs collected with ESET Log Collector. If you can reproduce the detection, enable advanced logging under Help and support -> Technical support, reproduce the detection, disable logging and collect logs with ESET Log Collector.

I also just tried submitting the file to tech support but it limits it to 21M. My zipped log file is 63.4 Megs.... who and how do i send it to?

 

thank you

Link to comment
Share on other sites

3 hours ago, fairPM said:

Também tentei enviar o arquivo para o suporte técnico, mas ele o limita a 21M. Meu arquivo de log com zíper é 63,4 Megs.... para quem e como eu o envio?

 

obrigado

If the limit is higher, you put it somewhere and pass the link here to @Marcos

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...