Jump to content

ARP Cache Poisoning Attack


Recommended Posts

Dear All

Every day I received one message from ESET End Point Security regarding, A device  on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block. After received this message my internet connection suddenly disconnect. After restart my Firewall it will work. As per my knowledge this message coming because of the duplicate IP address in my network. How I fix this issue. I have DHCP pool in my firewall. I think that pool is not working properly.  some time this message coming with default gateway IP. If I disable and enable DHCP pool from my firewall it can be fix this issue?

Thanks

Link to comment
Share on other sites

1 hour ago, Kavishka Dilshan said:

I have DHCP pool in my firewall.

What do you mean here? Have you modified Eset defaul firewall rules for DHCP?

Link to comment
Share on other sites

Posted (edited)
23 hours ago, Kavishka Dilshan said:

A device  on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block.

Your device has been enrolled in a botnet. Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic

I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered: https://www.cvedetails.com/vulnerability-list/vendor_id-3080/Fortinet.html

Edited by itman
Link to comment
Share on other sites

57 minutes ago, itman said:

Refer to this Eset Knowledge Base article: https://support.eset.com/en/kb8111-detected-network-device-sending-malicious-traffic

I would start by ensuring your Fortigate firewall has applied all available security updates: https://www.linkedin.com/pulse/new-critical-vulnerability-discovered-fortinet-gustav-eriksson-pfh0c . Ditto for any other Fortinet products you are using since numerous past vulnerabilities have been discovered.

I received this message from so many IPes in my network. 

Link to comment
Share on other sites

2 minutes ago, Kavishka Dilshan said:

I received this message from so many IPes in my network. 

Review the linked Eset article in detail. Of note;

  •  If the device functions as a router, it might not be infected itself but could be configured to forward malicious traffic to your network from external sources. We recommended reviewing the router settings
  • The possibly infected device is sending (or forwarding) malicious traffic to other devices in your local network
Link to comment
Share on other sites

Posted (edited)

You can also try using Eset Network Inspector: https://help.eset.com/ees/11/en-US/idh_page_sysinspector.html?zoom_highlightsub=network+inspector to scan your network and identify if your router has been compromised.

-EDIT- Apologies, it appears Eset doesn't include Network Inspector feature in its Endpoint versions.

Edited by itman
Link to comment
Share on other sites

Posted (edited)
On 7/2/2024 at 10:01 AM, Kavishka Dilshan said:

Every day I received one message from ESET End Point Security regarding, A device  on the network is sending malicious traffic. This can be an attempt to attack your computer. The threat was block.

As per my knowledge this message coming because of the duplicate IP address in my network.

Post a screenshot of the Eset alert for the above.

If the alert is the same as shown in this Eset forum posting: https://forum.eset.com/topic/36808-duplicate-ip/ ;

image.png.8e7dc4422261b949010558ffb9e530f5.png

follow the mitigation procedure given in that posting.

Edited by itman
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...