Matthijs5nl
May 17th, 2011, 12:16 PM
Today I had a bunch of personal firewall alerts notifying me of the fact that it found identical IP addresses in the network and ARP cache poisoning attacks. These are the log events for the personal firewall:
Time Event Source Target Protocol
19-5-2011 21:21:23 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:15:01 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:08:54 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:03:14 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:13 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:12 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:11 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:06 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:05 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:04 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:04 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
17-5-2011 18:10:16 Detected ARP cache poisoning attack 192.168.1.100 192.168.1.102 ARP
17-5-2011 18:10:15 Detected ARP cache poisoning attack 192.168.1.100 192.168.1.102 ARP
17-5-2011 18:10:14 Detected ARP cache poisoning attack 192.168.1.100 192.168.1.102 ARP
17-5-2011 18:10:06 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
17-5-2011 17:31:29 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
17-5-2011 16:27:03 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
17-5-2011 15:20:45 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
In my home network there are three laptops behind a Linksys WRT54G2 router with an automatic configuration (DHCP). I have never experienced such a thing before and I didn't make any changes to the network (or ESET's configuration) lately, so it seems weird.
Time Event Source Target Protocol
19-5-2011 21:21:23 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:15:01 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:08:54 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:03:14 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:13 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:12 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:11 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:06 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:05 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:04 Detected ARP cache poisoning attack 192.168.1.101 192.168.1.102 ARP
19-5-2011 21:02:04 Identical IP addresses detected in network 192.168.1.101 192.168.1.102 ARP
17-5-2011 18:10:16 Detected ARP cache poisoning attack 192.168.1.100 192.168.1.102 ARP
17-5-2011 18:10:15 Detected ARP cache poisoning attack 192.168.1.100 192.168.1.102 ARP
17-5-2011 18:10:14 Detected ARP cache poisoning attack 192.168.1.100 192.168.1.102 ARP
17-5-2011 18:10:06 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
17-5-2011 17:31:29 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
17-5-2011 16:27:03 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
17-5-2011 15:20:45 Identical IP addresses detected in network 192.168.1.100 192.168.1.102 ARP
In my home network there are three laptops behind a Linksys WRT54G2 router with an automatic configuration (DHCP). I have never experienced such a thing before and I didn't make any changes to the network (or ESET's configuration) lately, so it seems weird.