Thanks for scaring me to upgrade my D-link old router to new ASUS AC router and redo all the configuration.
good to hear this will be addressed (and I'm not going crazy:) Just replaced my modem with a sb6183, hooked up to my almond+ (till my eero's arrive), and as soon as I logged on with my phone (S8+), that ominous "warning" popped up on both 2.4 and the 5ghz bands.
Thanks for the Headsup, Bwoirhaye! We appreciate hearing something!
bwoirhaye:We expect to release an update in the next week which should tighten up the ARP spoofing detection to exclude cases like this. We'd appreciate feedback if you still see this after the update (actually available now if you are part of the NMS Beta program).
Great bwoirhaye, I am looking forward to the update! cheers
We expect to release an update in the next week which should tighten up the ARP spoofing detection to exclude cases like this. We'd appreciate feedback if you still see this after the update (actually available now if you are part of the NMS Beta program).
Strange enough I have another router Linksys E12000 configured as access point on the same network some time ago but did not get this message when I connected to it.
Not sure whether the Linksys would have been detected or not. But the feature that is detecting your TP-Link was only introduced to NMS at the end of December 2017.
I have a Samsung 5. I just started getting the message this morning...only on my phone. It is sending me messages every 15 minutes.
The message says " MY ACCESS PT NAME is compromised, Your personal data and communications are exposed to an attacker on this network....CHANGE NETWORK...IGNORE FOR NOW"
This happened after I installed a TP-LINK AC2300 router configured as an access point to my SHAW main router. I selected WPA/WPA2-Personal with AUTO version and AUTO Encryption.
Strange enough I have another router Linksys E12000 configured as access point on the same network some time ago but did not get this message when I connected to it. Only when I connected to TP-Link that I got this message.
Is this a bug in the Norton Security software?
Gavacho, LOL, not to worry, my IP cameras are looking out on the street and their assigned IP addresses are non-routable (192.168.x.x) ;-) but thanks for the heads up nevertheless ;-)
Oceanracer,
I'm looking into my ping results again as well. I thought I had it straightened out, but will double check to make sure it's not part of the problem with Norton. I don't want to be giving them heck if I'm part of the problem. Not sure if posting your Camera's IP address is something I'd consider. Don't want some script-kiddie catching me in my long johns, or worse.. The horror, the horror! Regards..
You can see that my TP-Link Mac address shows w/ 3 different IP addresses ......when I ping the others ......and ......I get a reply! the first of the two suspicious IPs is from one of my IP security camera and teh other is from my Alcatel Pixie: both are connected to the Tp-Link through WiFi.
Also to confirm, my TP-link mode is set as "range extender"
cheers
Techmilitant,
Interesting that you should mention Asus. I am using an Asus 3100 as an Access Point. I first received the "ARP Spoofing" after I started using it. However, it wasn't right after, and it happened when Norton implemented their new changes. It never happened when I used the 3100 as the main router, and it didn't happen until I had been using the router as an AP for a few days. I, Like Oceanracer, have been noticing some interesting NAT problems when pinging. Not sure if that's related or not. I also haven't seen the warning for awhile, but I am doing some reconfiguration of the router to make sure I'm not getting double NAT, and will check back if anything regarding "ARP Spoofing" occurs..
Regards...
techmilitant:Since I don't use a range extender, I think there is a different issue at work. As I mentioned I have a opnsense firewall connected to the cable modem directly using DHCP for the external interface. I then have an internal interface on the firewall that connects to an ASUS AC-5300 WAN port over a dedicated network link.
The ASUS appears to be natting and I don't see a way to change it. The firewall is also natting on the outbound interface. I need to throw wireshark on the interface and see what's actually happening, but I'm relatively sure this is a result of the ASUS wireless router performing NAT. It was not a problem when I had the ASUS as just an AP and everything was on the Same VLAN, it only started when I changed and moved the ASUS to perform as a wireless router. As soon as the WAN port came up on the ASUS the warnings started.
Now this week the warnings have stopped. I am running version 4.0.0.4024 and I don't know if the app was recently updated or a change to the processing was sent down, but as of this point I'm not having this issue now.
Gavacho, I just checked the list of attached devices to my NetGear, I get the following:
# IP Address Device Name MAC Address
1 192.168.0.1 D-Link DSL-2750U C8:D3:A3:D8:55:22
2 192.168.0.2 TP-Link WA850RE EC:08:6B:88:FD:50
3 192.168.0.6 TP-Link WA850RE EC:08:6B:88:FD:50
4 192.168.0.113 TP-Link WA850RE EC:08:6B:88:FD:50
5 192.168.0.100 HP Desktop 38:60:77:03:C1:AF
6 192.168.0.101 Sony Laptop F0:BF:97:DB:82:19
You can see that my TP-Link Mac address shows w/ 3 different IP addresses (the one I set it up w/ is 192.168.0.2). when I ping the others (192.168.0.6 and 192.168.0.113), I get a reply! the first of the two suspicious IPs is from one of my IP security camera and teh other is from my Alcatel Pixie: both are connected to the Tp-Link through WiFi.
Also to confirm, my TP-link mode is set as "range extender"
cheers
Since I don't use a range extender, I think there is a different issue at work. As I mentioned I have a opnsense firewall connected to the cable modem directly using DHCP for the external interface. I then have an internal interface on the firewall that connects to an ASUS AC-5300 WAN port over a dedicated network link.
The ASUS appears to be natting and I don't see a way to change it. The firewall is also natting on the outbound interface. I need to throw wireshark on the interface and see what's actually happening, but I'm relatively sure this is a result of the ASUS wireless router performing NAT. It was not a problem when I had the ASUS as just an AP and everything was on the Same VLAN, it only started when I changed and moved the ASUS to perform as a wireless router. As soon as the WAN port came up on the ASUS the warnings started.
Now this week the warnings have stopped. I am running version 4.0.0.4024 and I don't know if the app was recently updated or a change to the processing was sent down, but as of this point I'm not having this issue now.
Oceanracer,
I'm starting to think the problem really shows it self when using access points and range extenders. Hopefully this is a simple addressing problem. This is pure conjecture because Norton hasn't told me anything since I first brought up the problem.
TommyGB,
I have to chime in here and say I agree as well. What is going on? Not a peep? If it's a programming error just let us know. We don't expect it to be fixed right way, but we certainly would like to know if there is a real threat or not. Even saying you don't know is a help. But not saying anything specific in regards to the problem is not helpful. A don't call us, we'll call you sort of thing.
Like you, I use many Norton products at home and at my business. I've had good luck in the past with them. I'd hate to see that sour.
Apparently, I'm late to this game. I just started getting the message last night. I'm getting it on my Linksys RE6700 5g network on my Moto Z Play. The 2.4g network is fine. It looks like this is consistent with what I've seen in this thread. I have Norton on all of my devices but my Moto Z is the only devise setup to use that network (thank goodness).
Looks like Norton is working on a fix. Just one thing on that. I'm a retired IT professional and you don't roll out changes before a holiday unless you are prepared to work during the holidays. If you did work on the diagnosis and fix during the holidays, good for you. If you didn't, you should have. If you're the one working during the holidays with no support or backup, I fell sorry for you. Yes, I'm PREACHING.
Otherwise, I think Norton is great and I speak highly of them every chance I get.
Well well the plot thicken, I have been receiving the same messages over and over again since few weeks before Xmas. My first reaction was that Norton wanted me to buy the extra WIFI Privacy but I know my network pretty well and suspected it must be a false positive right away.. it is just a pain to have to ignore the warning message every time it pops up. I have two 2.4 ghz routers daisy chained; the first one, a D-Link being the first and only one connected to the WAN, while the other one, a NetGear connects to it with a RG45 on one of the port. Both routers provide WiFi connection to my IPCams, tablets, Laptops and phones as well as wired LAN to my Laptop, Desktops, Smart TVs, etc.... I also have the now infamous TP-Link extender set-up as "range extender" (not access point) connected through WiFi to my Netgear router. I actually went to the trouble of setting up on both routers and the TP-LINK extender, MAC filtering (MAC whitelisting on the extender). I also included in the list of authorised MAC addresses the "spoofed " ARP MAC address assigned by the range extender to my connected devices. I also updated the firmware on all my devices which fixes the KRACKS (key reinstallation attack) vulnerability when the wireless security mode is WPA2 (Which I use on both the routers and the range extender). I also assigned particular IP address to each device connected to the network. I installed Norton on 2 windows machines and on 1 android phone (Alcatel Pixie) and limited the range of IP addresses available. The android phone is the only device of the 3 connected to Wifi. I get the ARP spoofing warning message only on the Alcatel whether I am connected to the TP-Link range extender or the Netgear router. I do not get the message while connected through Wifi to the D-link router. This is becoming a real pain as I keep getting the compromised Wi-Fi Network message! I hope Norton can find a way to add some exceptions to deal w/ well recognise range extenders and how they spoof MAC legitimely, assuming this is the problem.
Had the same problem on 4 devices here after changing broadband supplier and resetting a TP link extender. Connected the extender again on the 6th January and the problem seems to have been resolved. Would have been nice to be informed.
Hi Everyone,
Update on this issue:
Thanks for reporting in Norton Community Forums. We are aware about this issue and concern team working on it. We will update once we have more information.
Just to confirm my problem is also caused by a plug-in TP-Link Extender.