eornate 4 Posted December 6, 2023 Share Posted December 6, 2023 Hi everyone, Hope you're doing well. On my logs endpoint, i received many alert about "ARP Cache Poisoning attack " : Ip 172.16.2.100 is static ip. I've checked on this ip 172.16.2.100 , it just have 1 mac-address as SOURCE [00:0c:29:94:7b:98] And on my endpoint , which is alert ARP Cache Poisoning attack So , how do i can resolve this problem ? Link to comment Share on other sites More sharing options...
itman 1,786 Posted December 6, 2023 Share Posted December 6, 2023 First, refer to this Microsoft article: https://support.microsoft.com/en-au/topic/fix-duplicate-ip-address-conflicts-on-a-dhcp-network-d68499da-69a3-da3b-4630-d17e502adf50#bkmk_details . You can also exclude the static IP address from Eset IDS detection as shown in this Eset knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows . Link to comment Share on other sites More sharing options...
eornate 4 Posted December 6, 2023 Author Share Posted December 6, 2023 2 minutes ago, itman said: First, refer to this Microsoft article: https://support.microsoft.com/en-au/topic/fix-duplicate-ip-address-conflicts-on-a-dhcp-network-d68499da-69a3-da3b-4630-d17e502adf50#bkmk_details . You can also exclude the static IP address from Eset IDS detection as shown in this Eset knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows . Hi itman, Thanks your response. How to can i know this alert is false positive or true positive ? I mean that may be one of my endpoints has infected and it try scan or poisioning my local network ? Link to comment Share on other sites More sharing options...
itman 1,786 Posted December 6, 2023 Share Posted December 6, 2023 Again, the problem is with your router configuration; Quote This issue can also occur if a device is configured to utilize a static IP address without that address being reserved in your router. Your router will eventually attempt to assign that address to a different device, resulting in an IP conflict. https://medium.com/@jamescuban99_23577/how-do-you-resolve-an-ip-conflict-and-what-is-it-6d4f651a3508 Link to comment Share on other sites More sharing options...
Recommended Posts