Can ess defense ARP attack?

Discussion in 'ESET Smart Security' started by Galaxykiss, Feb 23, 2008.

Thread Status:
Not open for further replies.
  1. Galaxykiss

    Galaxykiss Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    167
    Location:
    China
    Hello.
    arp attack is a commom attack in my school.
    And i saw some arp protect log message in ess logfile.
    did that mean ess protected my pc from arp attack?
    and where to adjust the specific option to the ARP defense?

    Thanks.
     
  2. ASpace

    ASpace Guest


    Yes.


    You need Advanced Mode -> Advanced Setup Tree -> Personal Firewall -> IDS options
    IDS-Intrusion detection system . By default all kind of attacks are enabled so it is recommened that you leave the default options
     
  3. Galaxykiss

    Galaxykiss Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    167
    Location:
    China
    Thanks a lot.i just want ess can hold the correct mac address .how can i ensure about this?
     
  4. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Unfortunately ESS don't have possibility to fine adjust anything related to ARP!
     
  5. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114

    If I check " detecte ARP attack" in the option,am I protected?
    In other word,can ESS remain my computer with correct mac address?
     
  6. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    I doubt but who knows. ESET stuff can tell you that and explain how it works (but they won't) or some serious firewall tester (like Stem).
     
  7. viruscraft

    viruscraft Registered Member

    Joined:
    Sep 22, 2007
    Posts:
    114
    It seems the question will last forever......
     
  8. Galaxykiss

    Galaxykiss Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    167
    Location:
    China
    i'm wondering where the moderator is.
    to help us to figure out this problem.
     
  9. shansmi

    shansmi Registered Member

    Joined:
    Feb 19, 2008
    Posts:
    130
    I see similar logs. My service is FiOS (fiber to the house) for TV, Internet and phone. The cable boxes all use IP and they ARP every few seconds. I know this is what is happening but I wish there was a way to stop this entry from filling up the logs....
     
  10. Eryan

    Eryan Eset Staff Account

    Joined:
    Jan 17, 2008
    Posts:
    181
    Hi, just want to let you folks know that I'm trying to get some specific information from our firewall guys on this. Stay tuned.
     
  11. am_dew

    am_dew Registered Member

    Joined:
    Dec 27, 2005
    Posts:
    33
    I recently installed a Linksys router and ever since my firewall log has been flooded with "Detected ARP cache poisoning attack" entries. I wrote ESET support and asked about it and here is the response:

    Yes, some kinds of network attacks may appear in the log even if the computer is connected to normal network environment with no intrusion attacks. This is a known issue and our developers are investigating it.

    However, sometimes this problem can also be caused by inappropriate router configuration.

    In the meantime, you can do the following:

    1. Open ESET Smart Security
    2. Enter the Advanced setup tree (press F5)
    3. Navigate to Personal firewall > IDS and advanced options
    4. Disable "ARP poisoning attack detection"
    5. Confirm with OK
    Even though I feel pretty good about my router being configured properly, etc. I don't think I will disable the above setting to play it safe.
     
  12. am_dew

    am_dew Registered Member

    Joined:
    Dec 27, 2005
    Posts:
    33
    I decided to disable the Linksys EasyLink Advisor program, which is an application that installed itself when I installed my Linksys router, and since then the "Detected ARP cache poisoning attack" messages have not appeared in my ESS log. This little "helper" application monitors your network, allows easy addition of new network devices, etc.
     
  13. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    and...did ESET firewall guys want to share their knowledge?!
     
  14. Galaxykiss

    Galaxykiss Registered Member

    Joined:
    Mar 23, 2007
    Posts:
    167
    Location:
    China
    I'm sure they will
    and i'll wait.
     
  15. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Waiting for Godot!
     
  16. dHodges

    dHodges Guest

    Greetings from LeonSprings, Texas USofA,

    I use Comodo Firewall Pro v3.0.20.320 and was wondering if there are any software out there that will detect/remove any ARP type attacks or we just left to our own devices?

    I am not a programmer, computer wizard, just a simple user. If I set my FW to "Block all mode" to do some private work on my system, not allowing any internet access, and restore my IP addy later there is all most always a message that POPs up about NOT being able to clear the ARP cache. Could this be an indication of a Cache Poisoning?

    Thank you for reading my message,
     
  17. Nevi

    Nevi Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    17
    You can use Comodo to protect yourself from Arp attacks.:D
     
  18. ASpace

    ASpace Guest


    Eset Smart Security , too :rolleyes:
     
  19. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    Any official statement on this matter?!:thumbd:
     
  20. dHodges

    dHodges Guest

    Nevi,

    YES! I know this, but; if you may have had an ARP Poisoning before installation or before setting the Comodo/Firewall/Advanced/Attack Detection Settings/ checked box for Protect the ARP Cache. My system has been acting a little slow at times and then other times the only way in is the F8 Menu/Last known good configuration and even then if I do not get my password in quick enough it automatically re-boots I cannot prevent it if too slow in entering password.

    I know where the ControSets 00x are and the last known good ControlSet and usually there is one that is either not complete or very little data there.

    Any suggestions?

    Thank you for the reply and reading my posters toasties,
     
  21. wrathchild

    wrathchild Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    170
    Location:
    Neoplantesis
    And after six months the answer is?! (or should I stay tuned for year...or maybe two) :thumbd:
     
Thread Status:
Not open for further replies.