Hi guys, Need your expert advise on this. Being getting this message from Outpost for the past 1 day. 17:03:08 xx.xx.xx.xx Detected attack, host not blocked ARP_UNWANTED_REPLY Should I be worried? What does it mean?
Thanks Stem for pointing me to the right direction. Yes, it's part of a large LAN. Destination always points to ff:ff:ff:ff:ff:ff.
Hi cryon, It does sound like "Gratuitous ARP" What happens, is when a node(PC) boots, gets an IP, then it sends out an ARP broadcast to ask if any other node on LAN has the same IP. Blocking them can cause problems (possibly resulting in 2 nodes on LAN with same IP), but also allowing them could cause problems(easy to DOS a node on LAN with spoofed Gratuitous ARP (IP conflict)). It depends on if the LAN is well managed or not. If you are not getting connection problems, then leave it as is, and ignore those warnings. - Stem
