Advice Request ESET Firewall: ARP spoofing?

[fabiobr]

ARP cache poisoning, someone ever received this message? The "attacker" blocked has my Android phone IP, but MAC address doesn't match.

 

[Tiamati]

View attachment 237831
ARP cache poisoning, someone ever received this message? The "attacker" blocked has my Android phone IP, but MAC address doesn't match.

I never saw that, but you should change your router and wifi passwords... If MAC address doesn't match, it is not your Android sending the traffic.

 

[MacDefender]

Do you have more detailed logs and how it translates to English?

A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.

A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?

 

[fabiobr]

Do you have more detailed logs and how it translates to English?

A lot of "sleep proxy" setups do look like ARP spoofing. For example, in Apple's ecosystem, your phone can go to sleep and hand off its identity to a nearby Apple TV to respond to pings and respond to mDNS queries on your phone's behalf. Only when a service tries to connect to a known active port on your device does that wake up your actual device.

A lot of network security products find this suspicious and label it as ARP spoofing or a MITM attack. I wasn't aware of Android doing anything similar, but perhaps it's a form of MAC randomization that's freaking out ESET?

I used to connect my phone to my PC through "My Phone" on Windows 10.

I don't know if Android 9 do some MAC randomization, I read it does with IP.