I'll be anxious to see if you get a response. My arp cache poisoning messages come from my cell phone. Just recently started happening. My pc does not show the same message either. Hoping its just a midtake with norton for mac.

Every network device which has no protection from an ARP poisoning attack, also known as MITM (man-in-the-middle), is vulnerable. Even many managed network switches (ie; as used in large/corporate lans) and other network device which have some form of MITM protect can be attacked after disabling or fooling their protecti

 

A good place to start learning about MITM is to read the various help/manual pages of the freeware packages Ettercap and Dsniff, etc. There are basically two uses for these packages, firstly as very useful network diagnostics tools and secondly as dangerous blackhat tools for all manner of cyber crimes (eg; stealing and decrypting https online bank username and passwords).

 

Firewalls filter layers 3 and 4 ethernet (ie; TCP/IP [TCP, UDP, ICMP, etc]) and ARP (Address Resolution Protocol uses layer 2 and therein lies the beginning of the problem. Next ARP is inherently extremely insecure and devices simply trust more or less whatever they're told. But ethernet won't work without MAC and IP address pairs and MAC addresses are communicated via ARP so thei is another inherent problem. Packages like Ettercap were developed to bypass the ARP filtering security features of many/all managed ethernet switches and have been developed to expolit remote networks very effectively.

 

There are a few steps which can be taken to make ARP poisoning more difficult for the hacker and one is implementing Permanent Static ARP Cache" at system boot. I've no idea how to do this on Windows as it is very insistant upon having a dynamic ARP cache (if someone knows how please post info or http link/s), but on most Unix/Linux systems you simply create an "/etc/ethers" file with your networks MAC and IP pairs (or at least those of the PC and gateway) and append "arp -f /etc/ethers" to "/etc/rc.local" or an "/etc/ethers" file which has arp -s MAC IP permanent" pairs for each MAC and IP pair and add "sh /etc/ethers" to "/etc/rc.local" (remembering to make "/etc/ethers" executable in the latter case). However this won't stop all types of MITM attack.

 

Another good source of MITM information will probably be books like "Hacking Exposed" by Stuart McClure, Joel Scambray and George Kurtz.