Jump to content

ARP Cache Poisoning Attack


Recommended Posts

I am getting Firewall Detections only on a couple of the 250 PC in my environment - ARP Cache Poisoning Attack.  The problem lies with the ESET server is doing it.  It is a Linux VIrtual server (deployed from the OVA provided by ESET).  How can I create a policy or rule to stop this?

  • Infringing socket
    10.xxx.##242:0  (THIS IS THE IP ADDRESS OF THE ESET PROTECT SERVER)
  • Old MAC address
    ##-##-##-80-2E-04  (THIS IS THE MAC THAT IS ON THE VIRTUAL INTERFACE)
  • New MAC address
    ##-##-##-38-32-30 (THIS IS THE MAC OF THE ESX SERVER IN OUR CLUSTER THAT THE ESET SERVER IS CURRENTLY ON)
Link to comment
Share on other sites

  • Administrators

You could create a policy with an IDS rule for ARP cache poisoning attack detection:

image.png

Set the actions to No and add the IP address of the server to confine the exception to the server only.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...