Jump to content

I can not verify if an ARP cache poisoning attack in occuring on my computer.

Recommended Posts

Earlier today I recieved a notification from eset stating that there was a duplictate ip on my network, I looked it up and followed instructions from eset to put a filter of some sort to block the communication. Maybe an hour or two later I, had recieved notifications from eset stating that an ARP cache poisoning attack had occurd. I went to the logs and it had stated that the event had been blocked. The ip adresses from the source and target were the same, and the mac adress was the same exept for the last two letters/digits. I did research and I am getting mixed solutions on what to do. Some say the if the mac adress is the same then its bad or somthing about the ip being the same but I can not find a difinitive solution. There was an eset article on what to do but it said to use the DNS Flush to but only if I know that a arp poisoning attack had occurd, the eset logs says one has occurd but other articles and sites say that it must be verified by the mac adress. I have checked arp -a and netsh int ipv6 show neigh and havent found any identical physical adresses. 

With all of the information on what to do and what to check, I am quite confused. I dont know if an actual poisoning attack has occurd, if there is still somthing that I need to do or if eset had taken care of it by blocking it. Any infomation/help on the matter would be very helpful, thank you.

Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...