Edd 0 Posted October 22 Share Posted October 22 ORIGINALLY POSTED IN THE GUEST FORUM: Hi, For the last few weeks I've been receiving way too much notificationes abour ARP Cache Poisoning / Duplicate IP Addresses (about to reach 10,000 combined). This happens at intervals of 30-60min, typically once a day although there are days when it doesn' happen at all. During such an interval I get a notification every second and some websites become unreachable. For example, I can use all Google related sites and some other sites not related to Google at all, but I can't use Skype, the Eset site, etc. I searched the forums and the Eset site. The IP address in the notifications is in the 192. 168.x.x safe range, so I tried making an IDS exception as instructed, but the problem wasn't solved at all. I'm wondering if this is an actual attack. I would appreciate if I could get some ideas about what is going on and how to go about it. Thank you. ACKNOWLEDGEMENT: Marcos, thanks for your reply in the guest forum. UPDATE: I cannot assert that all machines in the network are configured to get their IP address from a DHCP server (I don't have access to all of them). However, I ran ipconfig /all and it turns out that a) my machine does use a DHCP server b) The IP address of the DHCP server is precisley the same that appears in the ARP Cache Poisoning / Duplicate IP Addresses notifications. Could this be a clue to solve the problem? I also have observed the following: a) whenever I start getting a stream of ARP cache poisioning notifications, the problem goes away if I set the IDS exception in "real-time" i.e. at the moment the "attack" is occurring. b) This technique doesn't help with the duplicate IP address situation. Any further help would be much appreciated, thanks. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,935 Posted October 23 Administrators Share Posted October 23 Are all devices in your local network configured to obtain the IP address from a DHCP server instead having the IP address set manually? Do you have DHCP server enabled on your router? Quote Link to comment Share on other sites More sharing options...
itman 1,630 Posted October 23 Share Posted October 23 For starters, I recommended you reset your router. They might be an issue with the router. LesRMed 1 Quote Link to comment Share on other sites More sharing options...
Edd 0 Posted October 23 Author Share Posted October 23 @Marcos: I cannot assert all devices get their IP address from a DHCP server, since multiple people with multiple devices use the network. However, the issue presented itself today and I'm completely sure everyone in the property was away so that my device was the only one working. @itman. I'll try resetting the router as soon as the property owner is back on town. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.