I am constantly being bombarded with this message (In red ink instead of blue) in my ESET Smart Security v3.0.6.72 firewall log:

Detected ARP cache poisoning attack

There's hundreds of them a day, all day long. I don't know what to do and since it's red ink, I am worried sick. It's an ominious message that seems to demand action.

Need some help please.

If this is real attack it has been blocked , the firewall is working and there is nothing to worrk about . As it appears multiple times a day , you can download and generate a log from this programs http://www.wireshark.org/ and send it to ESET (support@eset.com) for analysis/confirmation if the entries of the ARP cache poisoning attack are real or false-positive.

I'd also suggest you contact your IT administrator or ISP and provide them with the logs.

-{ Quote: "I am constantly being bombarded with this message (In red ink instead of blue) in my ESET Smart Security v3.0.6.72 firewall log:

Detected ARP cache poisoning attack

There's hundreds of them a day, all day long. I don't know what to do and since it's red ink, I am worried sick. It's an ominious message that seems to demand action.

Need some help please." }-

There is a very good explanation of ARP, what it does & why in this article:
http://www.watchguard.com/infocenter/editorial/135324.asp

There are even steps to take to prevent a hacker using ARP to gain access.

"There is a very good explanation of ARP, what it does & why in this article:
http://www.watchguard.com/infocenter...ial/135324.asp"

Thank you very much for that. I am embarrassed to admit that it's all Greek to me; don't understand a single word of it or the diagrams. Need a "for dummies" translation. :wacko:

I am scared to death that these ARP poisoning attacks are going to do serious damage to my computer and I don't know what to do to STOP them right now. I read somewhere here that they "are working on this" or something to that effect but that may have been an ancient post and maybe they fixed it by now. Does anybody know? Would really love to know.

Since ESET is reporting that they "detect" these all day long 24/7 everyday "ATTACKS", does that mean that they are protecting me from them too ??? Very badly need a complete, to the point and easy to understand answer, to inform me of my vulnerabilty status and to calm me down.

I am almost hysterical with frantic worry over this and need some good, easy to understand (no techie speak) help. Pretty Please. I am very close to just chucking ESET right now and telling my friends and family to do the same but I keep hearing ESET is the best. Big Conundrum. If this isn't resolved and I AM VULNERABLE to bad things from these attacks, then I have no choice but to chuck ESET and go to the competition.

Signed,

Beyond desperate for immediate help (PLEASE)

-{ Quote: "
Since ESET is reporting that they "detect" these all day long 24/7 everyday "ATTACKS", does that mean that they are protecting me from them too ??? " }-

Erm, no... cannot do that on workstation level at all. Contact your ISP.

I have the messages all day too. My current thinking is this is not an attack, but rather some indication that Windows servers are running amok and causing some sort of funky network traffic. I don't think these are real attacks, but if they are, it appears that ESET is stopping them.

I wouldn't go bailing to the competition just yet, but a little help from an ESET / Windows network engineer would be great.

Kevin

This Thread is about the best response I've seen posted here on the topic. You should re-read above posts-links, etc..

HiTech_boy gives a Remedy "To-Do" in post # 2 above and no engineer can help you with only what you've posted. I'd reference the Link to this Thread in your Support request - try that and report back.

If a Moderator, etc. posts more To-Do's/Questions to pursue a solution, so much the better.

At least some of these "Detected ARP cache poisoning attack" may be simple nonsense reports. For example, I regularly get such entries like

11/11/2008 6:00:23 AM Detected DNS cache poisoning attack 208.67.220.220:53 XXX UDP

I've XXX'd out my private address. The IP address 208.67.220.220 (and 208.67.222.222) belongs to opendns.com, a free service I heartily recommend to participate in DNS security.

Lester

P.S.:

See

http://forums.opendns.com/comments.php?DiscussionID=363&page=1#Item_8

for similar complaints about the ESET firewall (at least when using OpenDNS).

-{ Quote: "At least some of these "Detected ARP cache poisoning attack" may be simple nonsense reports. For example, I regularly get such entries like

11/11/2008 6:00:23 AM Detected DNS cache poisoning attack 208.67.220.220:53 XXX UDP
...

http://forums.opendns.com/comments.php?DiscussionID=363&page=1#Item_8
" }-
Thanks for the link.
BTW, what version of windows are you using?
ESS has been incompatible with Windows 2000 for me for ages http://www.wilderssecurity.com/showthread.php?t=208684

-{ Quote: "Thanks for the link.
BTW, what version of windows are you using?
ESS has been incompatible with Windows 2000 for me for ages http://www.wilderssecurity.com/showthread.php?t=208684" }-

I'm running XP Pro SP3 on an a31p Thinkpad.

Lester

"I have the messages all day too. My current thinking is this is not an attack, but rather some indication that Windows servers are running amok and causing some sort of funky network traffic. I don't think these are real attacks, but if they are, it appears that ESET is stopping them.

I wouldn't go bailing to the competition just yet, but a little help from an ESET / Windows network engineer would be great."

My ESET firewall does say that it is "detecting an attack" and that is why I believe it is an attack and therefore scared to death. So, what should I do, just ignore these messages? I am serious. Thank you.

Also, what is an Open DNS?

My ESET (very latest version btw) is all set to default and my protection status is MAXIMUM.

I read some of the links provided here and one says to just press F5 and uncheck "detect ARP cache poisoning". What kind of crappy solution is that? It certainly does not address the problem. We pay good money to ESET for this Security Suite and I am quite shocked at that attitude.

What to do?

Signed,

Scared, Frustrated and Frantic

My ESET runs out in December and if things don't improve in the next month, I seriously am considering going to the competition as well as telling all my friends and relatives who I persuaded to buy ESET to do the same. All I have to do is bring them here to read all these posts and that will surely convince them. Pretty lame and lax if you ask me, especially for what they charge. :-\

"Erm, no... cannot do that on workstation level at all. Contact your ISP.
Reply With Quote'

I don't have a workstation. This is a home PC. Does that make any difference?

I have a Windows Premium Home Edition PC that I use just for enjoyment and I used the latest version of ESET Smart Security for all my security, which runs out in December.

So , did you contacted them as suggested in post #2 ?

Yes. Waiting to hear. Probably tell me that "they're aware and working on it and to uncheck the "detect the DNS box" like they did to that other guy/gal.

What the heck is DNS anyway and what does it have to do with a personal home computer getting these ARP poisoning attacks?

-{ Quote: "
What the heck is DNS anyway and what does it have to do with a personal home computer getting these ARP poisoning attacks?" }-

See the link referred to in this post (http://www.wilderssecurity.com/showpost.php?p=1338263&postcount=4). And, it doesn't matter whether it's a personal home computer or whatever else, landing on a phishing site when you type in your bank's URL or landing on a drive-by malware download site when you want to update Windows is no fun.

Thank you very much. :)

I sure wish I knew what all of you are talking about. I totally do not understand ANYTHING you say or what you refer me to as I am ignorant in the Techie Speak nomenclature and all things related to it. ???

I've seen that WatchGuard article before and tried to read and follow it. I need a translator, flow charts, blue prints and T accounts, heh. The diagrams did NOT help.

Also, your last post to me (the one above this one) - the techie language you used - I don't understand it. Wish I did. Can you reword what you said please, if you feel so inclined of course?

So, how do regular home PC users who are like me (don't know squat and Techie Speak and acronyms are Greek) get help in here? Wilders ESET Forum Help For Dummies is needed, seriously. ;D You bright guys have to remember that dummies like me come in here desperate for help and try to use simple English and explain what you mean to us - "the unenlightened". I am just a simple housewife with a home PC to play with. There are millions out there like me. Capise?

I am serious a a heart attack about this. More than grateful for all your time and help but literally & honestly do not understand one single word of it. I am not alone.

Thanks so much!!!