Jump to content

ARP Cache Poisoning attack


eornate

Recommended Posts

Hi everyone,

Hope you're doing well.

On my logs endpoint, i received many alert about "ARP Cache Poisoning attack " :

image.thumb.png.204bf99a855a4da22922e50fa514f229.png

Ip 172.16.2.100 is static ip.

image.thumb.png.42c7290644f2af7dbb973c6d144bd9c1.png

 

I've checked on this ip 172.16.2.100 , it just have 1 mac-address as SOURCE [00:0c:29:94:7b:98]

image.png.cfe705bbd7fbaa225c68340f2650f662.png

 

And on my endpoint , which is alert ARP Cache Poisoning attack 

image.png.ea7ddab27409f933017a0521fe81321d.png

So , how do i can resolve this problem ?

 

Link to comment
Share on other sites

Link to comment
Share on other sites

2 minutes ago, itman said:

Hi itman,

Thanks your response.

How to can i know this alert is false positive or true positive ? I mean that may be one of my endpoints has infected and it try scan or poisioning my local network ?

Link to comment
Share on other sites

Again, the problem is with your router configuration;

Quote

This issue can also occur if a device is configured to utilize a static IP address without that address being reserved in your router. Your router will eventually attempt to assign that address to a different device, resulting in an IP conflict.

https://medium.com/@jamescuban99_23577/how-do-you-resolve-an-ip-conflict-and-what-is-it-6d4f651a3508

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...