If you are experiencing multiple ARP Cache Poison alerts, you should go to your Norton product and turn off notification for this signature. This signature detects attempts to modify your Internet address cache using unrequested ARP (address resolution protocol) packets. This attack could pose a moderate security threat. I found it by going to Automatic Protection, clicking on Configure in the middle "Vulnerability Protection" section and then scrolling down to the "ARP Cache Poison" line, highlighting it and clicking "More Info" again. Ironically, I found this file file:///Applications/Symantec%20Solutions/Norton%20AntiVirus.app/Contents/Resources/English.lproj/Arpcache_nographics.html which provides the more info information that is completely missing from both the "more info" link and the website. Seriously, 2 options Symantec? That's all? Why do you need a "Use Defaults" button? It takes 3 seconds to read the 2 preferences you have to set. Of course, the "preferences" window is so weak it might as well not be there.
#Arp cache mac os list usernames for mac
If there's a way to add anything to your safe hosts list in NAV for Mac 11, then it's very very well hidden. Thanks for your comments (and also to cortig). No other virus alerts or anything suspicious in the logs whatsoever. But compared to my previous PCs, very fast and stable. This hasn't happened since I disconnected the TC.Įverything else seems to be running well, albeit this is only my week 2 of having a Mac so difficult to define normal. My router still had internet connection throughout this, though. But it came up again fine within 10 seconds or so. I haven't had any other problems except a couple of times the network dropped the connection somewhere between my Mac and the router (so could have been the TC). I will try reconnecting the TC soon (although may take a while as am back at work after the holidays now) and (as cortig suggests) add the TC to my safe hosts. I have temporarily removed the TC from the system and there haven't been any Norton alerts since then, which might suggest this as the issue. The Norton alert came as I brought my Mac out of sleep and the TC started up.
I think you may be correct that it is related to the Time Capsule. Many thanks for your comments and the link. Thanks again for your comments - anyone else's advice and thoughts would be greatly appreciated as well. But perhaps the router can be infected in other ways - does anyone know? I have checked my DNS settings both on the Mac and in the router, and they all seem to point to my ISP (just doing a simple IP address lookup using whois). If on the other hand the router was infected, I think this is shown by the DNS server settings being changed to false DNS servers, to allow the hacker to redirect web traffic from any computer on the network. On this basis, an attack on the router shouldn't pass through to the "other side" of the firewall, should it? But perhaps I'm missing something - any advice from anyone would be very useful here.
I would have thought that if they aren't successful (i.e. if the router isn't infected) then Norton shouldn't notice the actual attack - since certainly in my case (and I expect in most people's) the router is also a firewall. I have had a think (and internet search) about router attacks. Thanks for your reply and it's good to hear I'm not the only one with this message in Norton. If anyone has any thoughts, they would be most gratefully received - including whether you think it is anything to worry about. So I wondered whether it could be causing an alert in something it is doing? There is only 1 computer on my network (my Mac) and wireless is disabled both on the Mac and on my router, so I don't see how it could have been anyone getting on to my network.Ĭould it be my Time Capsule causing this log? It's connected via CAT-5 to the Mac, and then the internet router connects to the WAN port on the Time Capsule. I think I understand what an ARP attack is, but as I understand it, it can only happen from a computer on the same network. I can't get any more information from the log than that, and searching on the internet hasn't got me very far. I opened the Activity Log and there are 4 identical lines (all with the same time stamp), as follows: I just looked at my Norton AV (v.11) for Mac and saw under "Statistics" a warning triangle and "Vulnerability Blocked".
0 kommentar(er)
