ESET Insiders BDeep 7 Posted April 14, 2016 ESET Insiders Share Posted April 14, 2016 In ERA, the following events get reported to the console: Detected ARP cache poisoning attack Duplicate IP addresses detected in network What settings control these events? Can I add more? Can I exclude these? I'm not sure why just these two get reported to ERA and how they are controlled. Link to comment Share on other sites More sharing options...
ESET Staff Solution MartinK 376 Posted April 15, 2016 ESET Staff Solution Share Posted April 15, 2016 ERA receives only events from pre-defined firewall rules (not from custom rules) mostly from IDS. Configuration on endpoint is located here: Personal Firewall -> Basic -> IDS and advanced options -> Intrusion detection Link to comment Share on other sites More sharing options...
21jags 0 Posted April 15, 2016 Share Posted April 15, 2016 https://forum.eset.com/topic/1494-arp-poisoning-attack/check the forum For duplicate IP address contact your IT admin. Link to comment Share on other sites More sharing options...
ESET Insiders BDeep 7 Posted April 15, 2016 Author ESET Insiders Share Posted April 15, 2016 ERA receives only events from pre-defined firewall rules (not from custom rules) mostly from IDS. Configuration on endpoint is located here: Personal Firewall -> Basic -> IDS and advanced options -> Intrusion detection Gotcha. So the information received from ERA is from pre-defined rules. Anything that I want to specifically monitor for (custom rules) won't be reported to ERA. Link to comment Share on other sites More sharing options...
avatar42 0 Posted June 22, 2016 Share Posted June 22, 2016 Is there any way to get the mac address of the device causing the problem? I see these randomly. Generally with one of the router IPs which might indicate someone trying to divert routing. Or could be a sign a router is having issues. Logs only seem to give you the IP with the issue. Mac would let me be able to track back to a device to fix or disable it. Link to comment Share on other sites More sharing options...
Recommended Posts