Jump to content

Wrong Mac Spoofing Attack: unexpected ARP response


Recommended Posts

Good afternoon,

i'm having an issue with Kaspersky logs. For some of my company's laptops, when they go into sleep mode, they send/their network adapter send requests that trigger alerts in Kaspersky as "Mac Spoofing Attack: unexpected ARP response".
It seems to happen more with recent laptops, not old ones.
Whenever these laptops are woken up from sleep mode, the alerts in Kaspersky stop.

The problem is that it actually spams the logs, for example once it triggered 270 events in 20 minutes.

These laptops are connected in WiFi.
The alerts come from several, many different computers on the same network than the laptop causing them (and not always the same computers), and roughly look like that - replacing some information by [their meaning] :
 
 

Quote

User : [domain]\[user of a computer] (Active User)
Module : Protection against network threats
Result description : Forbidden
Name : Mac Spoofing Attack: unexpected ARP response
Object : ARP from an unexpected source
Object type : Network packet
Name of the object : ARP of an unexpected source
More :  
Suspiscious : 23/01/2024 [time] : [MAC address of the laptop] -> [IP address of the laptop]
Date of bases publication : 23/01/2024 10:54:00

If you have any lead, i can conduct some tests.
Disabling Kaspersky's MAC spoofing protection isn't an option.

Thank you for any help.

Regards,

   _ Piter

 

Edited by Piter
precision
Link to comment
Share on other sites

In fact, similar questions have already been asked to the technical support service...

the answer would be something like this

 

For an internal trusted corporate network, this check may be redundant and can be disabled

 

You can ask a direct question in your account to get a more accurate answer.

 
 
 
 
 
 
 
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now


×
×
  • Create New...