N360 "compromised network", MITM, ARP spoofing
Postado: 18-ago-2022 | 3:19PM · 11 Respostas · Link permanente · Translation:
Hi, 1st post after research over past 3 days (searched here & broadband provider forums), in case anyone has similar experience/suggestions, please?
Using Virgin Media Hub 5 router in UK; 3 days ago pop-up message from Norton 360 on "compromised network" for our WiFi, "detected MITM attack" with "ARP spoofing" in detailed description. I've factory reset the Hub, set new SSID, new admin & user PWs (all when connected w/Ethernet). Nothing found by Norton & Malwarebytes on devices (laptops, mobiles). Still get the alert on WiFi. I scan for devices with Fing. Nothing unrecognised
Wireshark shows ARP duplicate address errors for the router every 15 mins (same IP of 192.168.0.1 at 5-6 different MAC addresses without manufacturer found). I believe mobiles & Win10/11 devices can randomise MAC to connect. Can a router cycle in that way? Could that be triggering "ARP spoofing" note? Alternatively, could that be either a false +ve or now left over unresolved, from before I did the nuke reset?
Sorry that this is probably me dabbling w/o real knowledge. Many thanks for any tips
Re: N360 "compromised network", MITM, ARP spoofing
Postado: 30-ago-2022 | 8:37AM · Link permanente
Thank you, all, for the helpful suggestions. Several others on a Virgin Media forum seemed to have the same problem, starting around the same time.
The solution seems to be to disable the 'smart WiFi' settings and split the SSID of the 2.4 and 5GHz bands. I did this a couple of days ago and the duplicate ip/arp alerts are no longer showing. We assume there's some sort of bug in the (not so-)smart WiFi settings.