Hi, 1st post after research over past 3 days (searched here & broadband provider forums), in case anyone has similar experience/suggestions, please?
Using Virgin Media Hub 5 router in UK; 3 days ago pop-up message from Norton 360 on "compromised network" for our WiFi, "detected MITM attack" with "ARP spoofing" in detailed description. I've factory reset the Hub, set new SSID, new admin & user PWs (all when connected w/Ethernet). Nothing found by Norton & Malwarebytes on devices (laptops, mobiles). Still get the alert on WiFi. I scan for devices with Fing. Nothing unrecognised
Wireshark shows ARP duplicate address errors for the router every 15 mins (same IP of 192.168.0.1 at 5-6 different MAC addresses without manufacturer found). I believe mobiles & Win10/11 devices can randomise MAC to connect. Can a router cycle in that way? Could that be triggering "ARP spoofing" note? Alternatively, could that be either a false +ve or now left over unresolved, from before I did the nuke reset?
Sorry that this is probably me dabbling w/o real knowledge. Many thanks for any tips