Detected ARP cache poisoning attack

Discussion in 'ESET Smart Security' started by newbie2247, Oct 24, 2008.

Thread Status:
Not open for further replies.
  1. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    I am constantly being bombarded with this message (In red ink instead of blue) in my ESET Smart Security v3.0.6.72 firewall log:

    Detected ARP cache poisoning attack

    There's hundreds of them a day, all day long. I don't know what to do and since it's red ink, I am worried sick. It's an ominious message that seems to demand action.

    Need some help please.
     
  2. ASpace

    ASpace Guest

    If this is real attack it has been blocked , the firewall is working and there is nothing to worrk about . As it appears multiple times a day , you can download and generate a log from this programs http://www.wireshark.org/ and send it to ESET for analysis/confirmation if the entries of the ARP cache poisoning attack are real or false-positive.
     
  3. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    I'd also suggest you contact your IT administrator or ISP and provide them with the logs.
     
  4. Think-eDesign

    Think-eDesign Registered Member

    Joined:
    Mar 26, 2006
    Posts:
    29
    Location:
    Logan City
    There is a very good explanation of ARP, what it does & why in this article:
    http://www.watchguard.com/infocenter/editorial/135324.asp

    There are even steps to take to prevent a hacker using ARP to gain access.
     
  5. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    Please Help Me - Detected ARP cache poisoning attack

    "There is a very good explanation of ARP, what it does & why in this article:
    http://www.watchguard.com/infocenter...ial/135324.asp"

    Thank you very much for that. I am embarrassed to admit that it's all Greek to me; don't understand a single word of it or the diagrams. Need a "for dummies" translation. o_O

    I am scared to death that these ARP poisoning attacks are going to do serious damage to my computer and I don't know what to do to STOP them right now. I read somewhere here that they "are working on this" or something to that effect but that may have been an ancient post and maybe they fixed it by now. Does anybody know? Would really love to know.

    Since ESET is reporting that they "detect" these all day long 24/7 everyday "ATTACKS", does that mean that they are protecting me from them too o_O Very badly need a complete, to the point and easy to understand answer, to inform me of my vulnerabilty status and to calm me down.

    I am almost hysterical with frantic worry over this and need some good, easy to understand (no techie speak) help. Pretty Please. I am very close to just chucking ESET right now and telling my friends and family to do the same but I keep hearing ESET is the best. Big Conundrum. If this isn't resolved and I AM VULNERABLE to bad things from these attacks, then I have no choice but to chuck ESET and go to the competition.

    Signed,

    Beyond desperate for immediate help (PLEASE)
     
  6. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    Re: Please Help Me - Detected ARP cache poisoning attack

    Erm, no... cannot do that on workstation level at all. Contact your ISP.
     
  7. kfinke

    kfinke Registered Member

    Joined:
    Jun 3, 2008
    Posts:
    4
    I have the messages all day too. My current thinking is this is not an attack, but rather some indication that Windows servers are running amok and causing some sort of funky network traffic. I don't think these are real attacks, but if they are, it appears that ESET is stopping them.

    I wouldn't go bailing to the competition just yet, but a little help from an ESET / Windows network engineer would be great.

    Kevin
     
  8. COSMO26

    COSMO26 Registered Member

    Joined:
    Oct 21, 2003
    Posts:
    404
    This Thread is about the best response I've seen posted here on the topic. You should re-read above posts-links, etc..

    HiTech_boy gives a Remedy "To-Do" in post # 2 above and no engineer can help you with only what you've posted. I'd reference the Link to this Thread in your Support request - try that and report back.

    If a Moderator, etc. posts more To-Do's/Questions to pursue a solution, so much the better.
     
  9. ingber

    ingber Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    39
    At least some of these "Detected ARP cache poisoning attack" may be simple nonsense reports. For example, I regularly get such entries like

    11/11/2008 6:00:23 AM Detected DNS cache poisoning attack 208.67.220.220:53 XXX UDP

    I've XXX'd out my private address. The IP address 208.67.220.220 (and 208.67.222.222) belongs to opendns.com, a free service I heartily recommend to participate in DNS security.

    Lester

    P.S.:

    See

    http://forums.opendns.com/comments.php?DiscussionID=363&page=1#Item_8

    for similar complaints about the ESET firewall (at least when using OpenDNS).
     
    Last edited: Nov 13, 2008
  10. patch

    patch Registered Member

    Joined:
    May 14, 2007
    Posts:
    178
    Thanks for the link.
    BTW, what version of windows are you using?
    ESS has been incompatible with Windows 2000 for me for ages https://www.wilderssecurity.com/showthread.php?t=208684
     
  11. ingber

    ingber Registered Member

    Joined:
    Dec 24, 2006
    Posts:
    39
  12. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    "I have the messages all day too. My current thinking is this is not an attack, but rather some indication that Windows servers are running amok and causing some sort of funky network traffic. I don't think these are real attacks, but if they are, it appears that ESET is stopping them.

    I wouldn't go bailing to the competition just yet, but a little help from an ESET / Windows network engineer would be great."

    My ESET firewall does say that it is "detecting an attack" and that is why I believe it is an attack and therefore scared to death. So, what should I do, just ignore these messages? I am serious. Thank you.
     
  13. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    Also, what is an Open DNS?

    My ESET (very latest version btw) is all set to default and my protection status is MAXIMUM.

    I read some of the links provided here and one says to just press F5 and uncheck "detect ARP cache poisoning". What kind of crappy solution is that? It certainly does not address the problem. We pay good money to ESET for this Security Suite and I am quite shocked at that attitude.

    What to do?

    Signed,

    Scared, Frustrated and Frantic

    My ESET runs out in December and if things don't improve in the next month, I seriously am considering going to the competition as well as telling all my friends and relatives who I persuaded to buy ESET to do the same. All I have to do is bring them here to read all these posts and that will surely convince them. Pretty lame and lax if you ask me, especially for what they charge. :doubt:
     
  14. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    "Erm, no... cannot do that on workstation level at all. Contact your ISP.
    Reply With Quote'

    I don't have a workstation. This is a home PC. Does that make any difference?

    I have a Windows Premium Home Edition PC that I use just for enjoyment and I used the latest version of ESET Smart Security for all my security, which runs out in December.
     
  15. ASpace

    ASpace Guest

    So , did you contacted them as suggested in post #2 ?
     
  16. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    Yes. Waiting to hear. Probably tell me that "they're aware and working on it and to uncheck the "detect the DNS box" like they did to that other guy/gal.

    What the heck is DNS anyway and what does it have to do with a personal home computer getting these ARP poisoning attacks?
     
  17. doktornotor

    doktornotor Registered Member

    Joined:
    Jul 19, 2008
    Posts:
    2,047
    See the link referred to in this post. And, it doesn't matter whether it's a personal home computer or whatever else, landing on a phishing site when you type in your bank's URL or landing on a drive-by malware download site when you want to update Windows is no fun.
     
  18. newbie2247

    newbie2247 Registered Member

    Joined:
    Jan 8, 2008
    Posts:
    199
    Thank you very much. :)

    I sure wish I knew what all of you are talking about. I totally do not understand ANYTHING you say or what you refer me to as I am ignorant in the Techie Speak nomenclature and all things related to it. o_O

    I've seen that WatchGuard article before and tried to read and follow it. I need a translator, flow charts, blue prints and T accounts, heh. The diagrams did NOT help.

    Also, your last post to me (the one above this one) - the techie language you used - I don't understand it. Wish I did. Can you reword what you said please, if you feel so inclined of course?

    So, how do regular home PC users who are like me (don't know squat and Techie Speak and acronyms are Greek) get help in here? Wilders ESET Forum Help For Dummies is needed, seriously. :D You bright guys have to remember that dummies like me come in here desperate for help and try to use simple English and explain what you mean to us - "the unenlightened". I am just a simple housewife with a home PC to play with. There are millions out there like me. Capise?

    I am serious a a heart attack about this. More than grateful for all your time and help but literally & honestly do not understand one single word of it. I am not alone.

    Thanks so much!!!
     
Thread Status:
Not open for further replies.