Jump to content

1. Repeated "ARP Cache Poisoning attack" alerts from unknown device 2. Off-and-on "duplicate IP address" alerts


Go to solution Solved by itman,

Recommended Posts

We have received "duplicate IP address" alerts for months.  These appear to be from one of our TVs, which sends and receives information through our wifi.

Today, we have received about 100 alerts shown in the attached screenshot:  "Network threat blocked/ARP Cache Poisoning attack//A device (192.168.0.7)..."  We have not changed anything in our network recently, and when we run Command Prompt to attempt to identify this device, it says there is no such device.

Please help us correct both situations.  These ongoing notifications are disrupting our work!

ESET-ARPCache.png

EsetDuplicIP.png

Link to comment
Share on other sites

  • Administrators

Please make sure that the machines are configured to obtain the IP address from a DHCP server and DHCP server is enabled on your router. It is necessary to ensure that each machine is using a unique IP address.

Link to comment
Share on other sites

6 minutes ago, Marcos said:

Please make sure that the machines are configured to obtain the IP address from a DHCP server and DHCP server is enabled on your router. It is necessary to ensure that each machine is using a unique IP address.

How do we do this?  We have one that works primarily or only with our ISP.

Link to comment
Share on other sites

2 hours ago, J and N said:

Today, we have received about 100 alerts shown in the attached screenshot:  "Network threat blocked/ARP Cache Poisoning attack//A device (192.168.0.7)..."

The screen shots you posted show IP address 192.168.0.10?

In any case, here's Eset's knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows on how to create an IDS detection exclusion for 192.168.0.10.

Link to comment
Share on other sites

19 minutes ago, itman said:

The screen shots you posted show IP address 192.168.0.10?

In any case, here's Eset's knowledge base article: https://support.eset.com/en/kb2933-arp-icmp-or-dns-cache-poisoning-attack-in-eset-home-products-for-windows on how to create an IDS detection exclusion for 192.168.0.10.

We are getting these alerts for a reason.  We need to know how to solve the problems, not simply silence them.

Thank you anyway.

Link to comment
Share on other sites

  • Solution
1 minute ago, J and N said:

We are getting these alerts for a reason.  We need to know how to solve the problems, not simply silence them

For starters, do a hard reset on your router and see if that resolves the issue.

Link to comment
Share on other sites

We are waiting to see if these alerts recur.  So far, after a few minutes, no issues anymore.

Do you have any idea what caused this to happen today?  We reset our device yesterday because they did work in our local area, and they did not reset the connections properly.

Link to comment
Share on other sites

2 hours ago, itman said:

For starters, do a hard reset on your router and see if that resolves the issue.

It looks like the problem is solved, at least for now.

We will write again if it recurs.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...