Apparatuses, methods, systems, and program products are disclosed for detecting man-in-the-middle attacks on a local area network. A method includes checking a first set of network settings information associated with a network router. A method includes requesting a second set of network settings information corresponding to the first set of network settings information. A method includes detecting a man-in-the-middle attacker on the network in response to at least a portion of the second set of network settings information not matching the first set of network settings information. A method includes triggering a countermeasure action related to the man-in-the-middle attacker.