I received a notification from Norton 360 about a potential man in the middle attack and to turn on the included VPN. I checked my history for Wifi security and found the detection was there. See below for the details.
I checked all my open browsers/windows/tabs and couldn't find any untrusted sites, they all had SSL certificates.
You'll notice I blocked out the Gateway Physical Address and the SSID; those are actually correct for the network I'm hooked up to and my router. I did notice the SSL Strip being detected but no other details.
I did a Smart Scan a few times and each time it said my network was secure (both of my networks are private) and all that. I can access my router configuration just fine, no ransomware popups, I'm not experiencing any slowed websites or redirections, either. None of the tell-tale signs of being compromised. Just this one alert I've never had before.
So, now I'm unsure of what the issue is. Any advice of any things to do next would be appreciated.
It may not be related at all but many of these reported attacks occurred around the same time as the FCC nationwide alert to cells. I do not know if it would affect wifi but as I remember all cell phones were ringing on Oct 4 for a nationwide test. Could Norton have picked up some disturbance in the way it handles this type of attack?
I had the exact same thing happen on the exact same day, a man in the middle attack notification with SSL strip but the only tab I had open at the time was twitter and this occurred after making a video full screen and there were no noticeable irregularities. I reset my router and changed the log in, wifi password and tried using the included vpn to be safe but this was having connection issues a couple of times which were fixed by turning it off then back on. The last time I did this the following day I immediately had another man in the middle attack notification along with a notification about the wifi network being suspicious, saying there were one or more anomalies, this time with youtube open.
This past week however, it has not happened again no matter how many times I have tried to replicate this, turning the vpn off and on, disconnecting from the network and reconnecting and turning the wifi power itself off and back on, everything seems fine, I have run smart scan multiple times each day and it has said the wifi is secure every time.
Like MomOfARocker suggested, I also have a netgear wifi extender in my house, not connected to it at the time but it does seem interesting that this issue has occurred to multiple people with one of these devices. So I am thinking and hoping that this is simply a case of a false positive.
Just experienced the exact same thing. I had one tab open to my Shaw webmail, which had been opened for several hours, however, I wasn't even looking at it or doing anything with it at the time of the Norton alert. I was working on some photos, moving them around to different folders on my desktop when the notice popped up. It happened about half an hour ago and it's the middle of the night here so I am the only one in the family on their laptop. Just ran a scan with Norton Smart Scan and everything came up fine, and it said we have a strong secure password. Malwarebytes Premium also runs a full system scan every night at 9 pm and detected nothing last night. Like the original poster no obvious signs of anything wrong. Not really sure what to make of it. I did read somewhere that someone else who experienced something similar had possibly narrowed it down to an Netgear Wi-fi extender, which I do use and about 10 or 20 minutes before I did hear it make the sound it makes when it sometimes loses connections but it re-connected immediately. I do find it interesting that someone else just posted the exact same issue as me today, makes me think it is a Norton issue and possibly a false positive?
Hello nbd222. These detections are most times, due to a website being visited having an embedded link, knowingly or otherwise, which attempts to "downgrade" the SSL to sniff traffic to and from that website. The website owner itself, may not even be aware of it being there. Norton detected this and prevented the packet sniffing. I would do the following to be safe.
-Delete ALL cookies and browser caches.
-Review you router logs for anything out of the ordinary. If you haven't already done so, change the default router login username and passcode from the factory settings and reboot it.
