MacDefender

Level 11
Verified
Do you have more detailed logs and how it translates to English?

A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.

A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?
 

fabiobr

Level 9
Verified
Do you have more detailed logs and how it translates to English?

A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.

A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?
I used to connect my phone to my PC through "My Phone" on Windows 10.

I don't know if Android 9 do some MAC randomization, I read it does with IP.
 
Top