Solved.
Kudos0

Compromised Network, potential man-in-the-middle attack

Posted: 05-Aug-2022 | 10:21PM · Edited: 05-Aug-2022 | 10:27PM · 3 Replies ·

Hi everyone,

Twice now, within 24h, my wife has had a Norton pop-up on her computer warning of a Compromised Network. The pop-up lists the router, and states "Your personal data and communication may be exposed to an attacker on this network. This type of man-in-the-middle attack aims to downgrade this network's encryption." This is a private network.

The weird thing is that we only get the pop-up on her computer. I haven't received any warnings on mine, even after running a Smart Scan. We are staying in a short-term rental apartment, so the router isn't ours - I don't want to mess too much with it. The landlord had both the router and the internet provider changed yesterday (due to technical problems). The Norton warning only started appearing after the router was changed. The previous router connected to the provider through a coaxial cable. This router uses the mobile network (it has a sim card). It's also a Huawei router - I don't know if that's relevant at all. We both run Win10 computers, and Android phones (which also run Norton, and have not given any alerts).

I have two questions I'm hoping I could get help with:

1. What is the chance that this is a false positive? Should I be worried? Is there any way to test this?

2. What security steps can I take? I was reading a common suggestion is to change the router and wifi login credentials. I suppose I could ask the landlord for permission to do this. However, the router was just installed, and the default password is a random string of letters and numbers so I'm doubtful the password has been compromised... Is there anything else I can do?

Any help or advice would be appreciated!

P.S. This is my first time posting here, so I apologize if I've done something incorrectly.

Labels: Alerts/Notifications, False Positive, Popup, Smart Scan, Threat Detection, Windows 10, Auto-Protect, Firewall, Intrusion Prevention

Replies

Accepted Solution
Kudos0

Re: Compromised Network, potential man-in-the-middle attack

Posted: 06-Aug-2022 | 12:02PM · Permalink

How long are you in this short term rental? Is it a vacation or a temporary home for you? 

Some routers have added features that scan your data as it comes and goes as part of a security package. This can be detected by Norton as a Man in the Middle attack. As you have no control over the router, I would suggest using the VPN feature in Norton 360 on all your devices. That will encrypt all data leaving your computer and returning to your computer. So if anyone does intercept your data stream, they will just see gibberish.

Kudos0

Re: Compromised Network, potential man-in-the-middle attack

Posted: 06-Aug-2022 | 8:17PM · Edited: 06-Aug-2022 | 8:19PM · Permalink

We're here for another 2 weeks. It's more of a vacation home.

The explanation for the MitM makes sense - thanks! And thank you for the tip.

Do you have any idea why Norton would be giving a warning only on one device?

Kudos1 Stats

Re: Compromised Network, potential man-in-the-middle attack

Posted: 07-Aug-2022 | 4:43AM · Permalink

Do you have any idea why Norton would be giving a warning only on one device?

Not really. It could have something to do with the network adaptor in that one device. Others with more network knowledge may have other suggestions.

This thread is closed from further comment. Please visit the forum to start a new thread.