Jump to content

1. Repeated "ARP Cache Poisoning attack" alerts from unknown device 2. Off-and-on "duplicate IP address" alerts


Go to solution Solved by itman,

Recommended Posts

We have received "duplicate IP address" alerts for months.  These appear to be from one of our TVs, which sends and receives information through our wifi.

Today, we have received about 100 alerts shown in the attached screenshot:  "Network threat blocked/ARP Cache Poisoning attack//A device (192.168.0.7)..."  We have not changed anything in our network recently, and when we run Command Prompt to attempt to identify this device, it says there is no such device.

Please help us correct both situations.  These ongoing notifications are disrupting our work!

ESET-ARPCache.png

EsetDuplicIP.png

Link to comment
Share on other sites

  • Administrators

Please make sure that the machines are configured to obtain the IP address from a DHCP server and DHCP server is enabled on your router. It is necessary to ensure that each machine is using a unique IP address.

Link to comment
Share on other sites

6 minutes ago, Marcos said:

Please make sure that the machines are configured to obtain the IP address from a DHCP server and DHCP server is enabled on your router. It is necessary to ensure that each machine is using a unique IP address.

How do we do this?  We have one that works primarily or only with our ISP.

Link to comment
Share on other sites

2 hours ago, J and N said:

Today, we have received about 100 alerts shown in the attached screenshot:  "Network threat blocked/ARP Cache Poisoning attack//A device (192.168.0.7)..."

The screen shots you posted show IP address 192.168.0.10?

In any case, here's Eset's knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows on how to create an IDS detection exclusion for 192.168.0.10.

Link to comment
Share on other sites

19 minutes ago, itman said:

The screen shots you posted show IP address 192.168.0.10?

In any case, here's Eset's knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows on how to create an IDS detection exclusion for 192.168.0.10.

We are getting these alerts for a reason.  We need to know how to solve the problems, not simply silence them.

Thank you anyway.

Link to comment
Share on other sites

  • Solution
1 minute ago, J and N said:

We are getting these alerts for a reason.  We need to know how to solve the problems, not simply silence them

For starters, do a hard reset on your router and see if that resolves the issue.

Link to comment
Share on other sites

We are waiting to see if these alerts recur.  So far, after a few minutes, no issues anymore.

Do you have any idea what caused this to happen today?  We reset our device yesterday because they did work in our local area, and they did not reset the connections properly.

Link to comment
Share on other sites

2 hours ago, itman said:

For starters, do a hard reset on your router and see if that resolves the issue.

It looks like the problem is solved, at least for now.

We will write again if it recurs.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...