Jump to content

ARP Cache Poisoning attack


eornate

Recommended Posts

Hi everyone,

Hope you're doing well.

On my logs endpoint, i received many alert about "ARP Cache Poisoning attack " :

image.thumb.png.204bf99a855a4da22922e50fa514f229.png

Ip 172.16.2.100 is static ip.

image.thumb.png.42c7290644f2af7dbb973c6d144bd9c1.png

 

I've checked on this ip 172.16.2.100 , it just have 1 mac-address as SOURCE [00:0c:29:94:7b:98]

image.png.cfe705bbd7fbaa225c68340f2650f662.png

 

And on my endpoint , which is alert ARP Cache Poisoning attack 

image.png.ea7ddab27409f933017a0521fe81321d.png

So , how do i can resolve this problem ?

 

Link to comment
Share on other sites

Link to comment
Share on other sites

2 minutes ago, itman said:

Hi itman,

Thanks your response.

How to can i know this alert is false positive or true positive ? I mean that may be one of my endpoints has infected and it try scan or poisioning my local network ?

Link to comment
Share on other sites

Again, the problem is with your router configuration;

Quote

This issue can also occur if a device is configured to utilize a static IP address without that address being reserved in your router. Your router will eventually attempt to assign that address to a different device, resulting in an IP conflict.

https://medium.com/@jamescuban99_23577/how-do-you-resolve-an-ip-conflict-and-what-is-it-6d4f651a3508

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...