ARP cache poisoning attack

Discussion in 'ESET NOD32 Antivirus' started by ICOYAR, Nov 16, 2012.

Thread Status:
Not open for further replies.
  1. ICOYAR

    ICOYAR Registered Member

    Joined:
    Nov 16, 2012
    Posts:
    1
    Location:
    United States
    It just ceased, but ESET NOD32 kept picking it up for maybe a half an hour, but it ceased. I know about false positives, and I am on a NAT 2 network, but I am still worried that it might have been an actual attack.

    What exactly should I do to ensure that it was a false positive?
     
    ICOYAR, Nov 16, 2012
    #1
  2. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    dwomack, Nov 19, 2012
    #2
  3. Enigm

    Enigm Registered Member

    Joined:
    Dec 11, 2008
    Posts:
    188
    So, YOU don't really trust the scan-results either ?
     
    Enigm, Nov 19, 2012
    #3
  4. dwomack

    dwomack Eset Staff Account

    Joined:
    Mar 2, 2011
    Posts:
    588
    If I didn't trust the scan, I wouldn't have recommended running another scan. Rather, the fact that ESET picked up a possible ARP Cache Poisoing Attack proves the scan works. Whether the detected attack was a legit attack from a malicious source or due to a task or action that triggered the detection is what is in question.

    This KB Article provides more information on how to determine whether or not the detection was a real attack and also how to help avoid future false positives.

    DNS Cache Poisoning Attack

    The title of the article is for DNS Cache Poisoning Attacks but is also relevant to ARP Cache Poisoning Attack detection.
     
    dwomack, Nov 19, 2012
    #4
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...