ARP cache poisoning, someone ever received this message? The "attacker" blocked has my Android phone IP, but MAC address doesn't match.
I never saw that, but you should change your router and wifi passwords... If MAC address doesn't match, it is not your Android sending the traffic.
I used to connect my phone to my PC through "My Phone" on Windows 10.Do you have more detailed logs and how it translates to English?
A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.
A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?