ESET Insiders BDeep 7 Posted April 14, 2016 ESET Insiders Posted April 14, 2016 In ERA, the following events get reported to the console: Detected ARP cache poisoning attack Duplicate IP addresses detected in network What settings control these events? Can I add more? Can I exclude these? I'm not sure why just these two get reported to ERA and how they are controlled.
ESET Staff Solution MartinK 384 Posted April 15, 2016 ESET Staff Solution Posted April 15, 2016 ERA receives only events from pre-defined firewall rules (not from custom rules) mostly from IDS. Configuration on endpoint is located here: Personal Firewall -> Basic -> IDS and advanced options -> Intrusion detection
21jags 0 Posted April 15, 2016 Posted April 15, 2016 https://forum.eset.com/topic/1494-arp-poisoning-attack/check the forum For duplicate IP address contact your IT admin.
ESET Insiders BDeep 7 Posted April 15, 2016 Author ESET Insiders Posted April 15, 2016 ERA receives only events from pre-defined firewall rules (not from custom rules) mostly from IDS. Configuration on endpoint is located here: Personal Firewall -> Basic -> IDS and advanced options -> Intrusion detection Gotcha. So the information received from ERA is from pre-defined rules. Anything that I want to specifically monitor for (custom rules) won't be reported to ERA.
avatar42 0 Posted June 22, 2016 Posted June 22, 2016 Is there any way to get the mac address of the device causing the problem? I see these randomly. Generally with one of the router IPs which might indicate someone trying to divert routing. Or could be a sign a router is having issues. Logs only seem to give you the IP with the issue. Mac would let me be able to track back to a device to fix or disable it.
Recommended Posts