NetBios Poisoning from carrier IP

Whenever one of our endpoint connects to the Twingate VPN, InsightDR triggers critical investigation alerts us every 30 minutes or so of NetBIOS Poisoning with the poisoner address within the IANA-Reserved IPv4 for Carrier NAT devices. Based on this, InsightDR tells me that the carrier / ISP is the adverseray-in-the-middle. Has anyone seen this type of issue?