Can ess defense ARP attack?

Hello.
arp attack is a commom attack in my school.
And i saw some arp protect log message in ess logfile.
did that mean ess protected my pc from arp attack?
and where to adjust the specific option to the ARP defense?

Thanks.

 

Yes.

You need Advanced Mode -> Advanced Setup Tree -> Personal Firewall -> IDS options
IDS-Intrusion detection system . By default all kind of attacks are enabled so it is recommened that you leave the default options

 

Thanks a lot.i just want ess can hold the correct mac address .how can i ensure about this?

 

Unfortunately ESS don't have possibility to fine adjust anything related to ARP!

 

If I check " detecte ARP attack" in the option,am I protected?
In other word,can ESS remain my computer with correct mac address?

 

I doubt but who knows. ESET stuff can tell you that and explain how it works (but they won't) or some serious firewall tester (like Stem).

 

It seems the question will last forever......

 

i'm wondering where the moderator is.
to help us to figure out this problem.

 

I see similar logs. My service is FiOS (fiber to the house) for TV, Internet and phone. The cable boxes all use IP and they ARP every few seconds. I know this is what is happening but I wish there was a way to stop this entry from filling up the logs....

 

Hi, just want to let you folks know that I'm trying to get some specific information from our firewall guys on this. Stay tuned.

 

I recently installed a Linksys router and ever since my firewall log has been flooded with "Detected ARP cache poisoning attack" entries. I wrote ESET support and asked about it and here is the response:

Yes, some kinds of network attacks may appear in the log even if the computer is connected to normal network environment with no intrusion attacks. This is a known issue and our developers are investigating it.

However, sometimes this problem can also be caused by inappropriate router configuration.

In the meantime, you can do the following:

1. Open ESET Smart Security
2. Enter the Advanced setup tree (press F5)
3. Navigate to Personal firewall > IDS and advanced options
4. Disable "ARP poisoning attack detection"
5. Confirm with OK
​

Even though I feel pretty good about my router being configured properly, etc. I don't think I will disable the above setting to play it safe.

 

I decided to disable the Linksys EasyLink Advisor program, which is an application that installed itself when I installed my Linksys router, and since then the "Detected ARP cache poisoning attack" messages have not appeared in my ESS log. This little "helper" application monitors your network, allows easy addition of new network devices, etc.

 

and...did ESET firewall guys want to share their knowledge?!

 

I'm sure they will
and i'll wait.

 

Waiting for Godot!

 

Greetings from LeonSprings, Texas USofA,

I use Comodo Firewall Pro v3.0.20.320 and was wondering if there are any software out there that will detect/remove any ARP type attacks or we just left to our own devices?

I am not a programmer, computer wizard, just a simple user. If I set my FW to "Block all mode" to do some private work on my system, not allowing any internet access, and restore my IP addy later there is all most always a message that POPs up about NOT being able to clear the ARP cache. Could this be an indication of a Cache Poisoning?

Thank you for reading my message,

 

You can use Comodo to protect yourself from Arp attacks.

 

Eset Smart Security , too

 

Any official statement on this matter?!

 

Nevi,

YES! I know this, but; if you may have had an ARP Poisoning before installation or before setting the Comodo/Firewall/Advanced/Attack Detection Settings/ checked box for Protect the ARP Cache. My system has been acting a little slow at times and then other times the only way in is the F8 Menu/Last known good configuration and even then if I do not get my password in quick enough it automatically re-boots I cannot prevent it if too slow in entering password.

I know where the ControSets 00x are and the last known good ControlSet and usually there is one that is either not complete or very little data there.

Any suggestions?

Thank you for the reply and reading my posters toasties,

 

And after six months the answer is?! (or should I stay tuned for year...or maybe two)