KES 11.6: Network attack : ARP Spoofing: Need emergency help

[Patrice Benjamin Medhi]

Hi,

we have an issue with KES 11.6 and 11.7.

 

Since 1 week, we are receiving attack report on our KES Server from differents computers.

 

Some computers are not on the same network or on the same vlan. Computers cannot communicate with others computer which are on different vlan, network.

 

Messages are:

 

P-USER-01 [samedi 20 novembre 2021 14:31:47 (GMT+01:00)] (Protection contre les menaces réseau): Utilisateur : domain\user (Utilisateur actif) Module : Protection contre les menaces réseau Description du résultat : Interdit Nom : Mac Spoofing Attack: unexpected ARP response Objet : ARP d'une source inattendue Type d'objet : Paquet réseau Nom de l'objet : ARP d'une source inattendue Plus :  
Suspecte : 20/11/2021 14:31:46 : 9e-d2-ee-97-f5-xx -> 2a01:e0a:3de:6970:84d6:2f88:ec74:eexx
Date de publication des bases : 20/11/2021 12:01:00
 

Some characters has been changed for anonymoused the content of the present notification (MAC, username, domain, ...)
 

We received more than 40000 notifications on 4 days …

 

Is there anybody in capacity to help us?

 

Thanks a lot

 

[DonKid]

Please, open a ticket here.