Advice Request ESET Firewall: ARP spoofing?

Please provide comments and solutions that are helpful to the author of this topic.

fabiobr

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 28, 2019
565
2020-04-20 (4).png

ARP cache poisoning, someone ever received this message? The "attacker" blocked has my Android phone IP, but MAC address doesn't match.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Do you have more detailed logs and how it translates to English?

A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.

A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?
 

fabiobr

Level 12
Thread author
Verified
Top Poster
Well-known
Mar 28, 2019
565
Do you have more detailed logs and how it translates to English?

A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.

A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?
I used to connect my phone to my PC through "My Phone" on Windows 10.

I don't know if Android 9 do some MAC randomization, I read it does with IP.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top