Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 5 subscribers
  • Views 15652 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Possible SSL split attack according to McAfee Mobile Security

alan weir

Possible SSL Split attack, according to McAfee Mobile Security
I logged into my wifi this morning on my Android device and an alert from Mcafee Security informed me that I was under an SSL split attack. I disabled the SophosGuest wireless network, created a secure WPA2 passphrase, then connected again and the issue still persists. I don't really know where to begin as I'm not sure if its an infected client or if the Sophos UTM has been compromised.

I also downloaded the "wifi security checker" app and performed a scan while connected to the supposedly compromised connection, and everything passes fine.

I have Web filtering (dual antivirus), Intrusion detection, firewall enabled, but I had a pretty weak wifi password. Now, after changing it to a more secure password, Mcafee still alerts me to an SSL split attack.

I also downloadd "ARP Guard" and after connecting to the wireless AP it immediately alerted me to an ARP spoofing detected.

Is there anything in the Wireless Protection log that might alert me to a problem?



This thread was automatically locked due to age.
Parents
  • 0

    I had exactly the same thing happen last night. I was on my android phone and it said my home wifi was being attacked by a SSL split attack. I switched to our other network and had the same alert. 
    I downloaded a few different programs and did some checks and it said  they were all clear. Maybe McAfee had a glitch and went crazy. Either way ive changed alot of info now just in case. 

  • 0 in reply to simon st.ange

    Do you have https inspection enabled?  It is easy to imagine that they are using a form of certificate pinning to detect that UTM's CA certificate is not one that they recognize as trusted.  

    But they also may have deployed and retracted a bug.

  • 0 in reply to DouglasFoster

    Sorry i have no idea what that is. I had my modem with the basic settings from out of the box. Ive changed a few of the settings including wireless broadcast. Now you cant get onto the network unless you know the name and password. 

Reply Children
No Data
Unfiltered HTML