Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

Denial of Service?

Jump to Best Answer

1. Denial of Service?

1 Recommend
Migration User
Posted Apr 13, 2009 10:59 AM

Reply Reply Privately
I put a wireless router at one of my locations. Now all of the clients there keep getting this notification.

Symantec Endpoint Protection
Traffick from IP address 10.115.11.225 is blocked from 4/13/2009 8:37:58 AM to 4/13/2009 8:47:58 AM.
Denial of Service is logged

What is this and how do I get rid of the error message? It doesn't seem to be affecting them acquiring an IP address, but the message keeps popping up.
2. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 14, 2009 06:09 AM

Reply Reply Privately
Hi,

Is the above mention IP i.e. 10.x.x.x is of your Wireless router??

Rgrds,
SAM
3. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 14, 2009 06:14 AM

Reply Reply Privately
Also you can disble the notification from SEPM, but the very first thing is to understand the above IP.

If its not of your router then you need to check this IP. There could be a possibility of DOS attack getting broadcast from this machine,.

Rgrds,
SAM
4. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 14, 2009 09:29 AM

Reply Reply Privately
There are several posibilities:

- maybe the access point is mulfunctioning
- the quality of frequency is too low, due to long distance
- the access point is providing a non-authorised service such as DHCP
- the access point is scanning something like ports or all the IPs, so that it is behaving like an attacker

Check out the IPS logs, maybe you find the reason among the logs
5. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 14, 2009 02:57 PM

Reply Reply Privately
Yes, that is the IP of the wireless router that I put in. The router works fine, it just seems Symantec thinks it's an attack. I need to know how to disable that notification.
6. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 15, 2009 12:12 AM

Reply Reply Privately
It is obvious that the Access Point is sending something. Otherwise the IPS would not detect something, since there would be nothing to detect!
Therefore, check your Access Point to figure out what kind of packets it is broadcasting.
Usually these situations go back to a service the access point issues. As I mentioned before, a malfunctioning Access Point causes strange behaviors which the symptoms are totally unrelated to the issue. So try to substitute the access point with another one and see of it happens again.
7. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 15, 2009 09:39 AM

Reply Reply Privately
The AP is brand new out of the box... and 200 miles away. And due to economic restrictions, I can't just go throwing money at it to get a new one, not matter how inexpensive they are. It's a Linksys and I've checked and rechecked the settings and it's configured correctly. But I can't tell what kind of packets it's sending. How would I check that?
8. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 15, 2009 01:04 PM

Reply Reply Privately
Or can't I just block the message so the users don't keep getting it???
9. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 15, 2009 01:11 PM

Reply Reply Privately
I cant see why not. Also do check the AP for broadcast messages that may be emanating out of the AP.
10. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 15, 2009 01:26 PM

Reply Reply Privately
Anyone know how to supress the message?
11. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 15, 2009 02:30 PM

Reply Reply Privately
I think you should allow it or make it trusted since it's coming from your router..
12. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 16, 2009 12:14 AM

Reply Reply Privately
Paul it seems to be dangerous to exclude the IP, although it may be the last solution.

Michell, turn on the tracing log for your IPS. You can see what kind of aggressive transaction your Access Point is performing. In addition let us know your A/P blueprint and configurations detailed as possible.
13. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 16, 2009 12:19 PM

Reply Reply Privately
Is there an entry for the router on your AD?
14. RE: Denial of Service?
Best Answer

0 Recommend
Migration User
Posted Apr 16, 2009 01:03 PM

Reply Reply Privately
I've seen the same problem with other Linksys routers... upgrading the firmware on them generally fixes the issue.
15. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 17, 2009 05:47 PM

Reply Reply Privately
Thank you Paul... that's exactly what fixed the problem.
16. RE: Denial of Service?

0 Recommend
Migration User
Posted Apr 20, 2009 06:52 AM

Reply Reply Privately
Paul Thank you for the Solution i was facing this issue too.

Endpoint Protection

Denial of Service?

Migration UserApr 13, 2009 10:59 AM

Migration UserApr 14, 2009 06:09 AM

Migration UserApr 14, 2009 06:14 AM

Migration UserApr 14, 2009 09:29 AM

Migration UserApr 14, 2009 02:57 PM

Migration UserApr 15, 2009 12:12 AM

Migration UserApr 15, 2009 09:39 AM

Migration UserApr 15, 2009 01:04 PM

Migration UserApr 15, 2009 01:11 PM

Migration UserApr 15, 2009 01:26 PM

Migration UserApr 15, 2009 02:30 PM

Migration UserApr 16, 2009 12:14 AM

Migration UserApr 16, 2009 12:19 PM

Migration UserApr 16, 2009 01:03 PMBest Answer

Migration UserApr 17, 2009 05:47 PM

Migration UserApr 20, 2009 06:52 AM

1. Denial of Service?

2. RE: Denial of Service?

3. RE: Denial of Service?

4. RE: Denial of Service?

5. RE: Denial of Service?

6. RE: Denial of Service?

7. RE: Denial of Service?

8. RE: Denial of Service?

9. RE: Denial of Service?

10. RE: Denial of Service?

11. RE: Denial of Service?

12. RE: Denial of Service?

13. RE: Denial of Service?

14. RE: Denial of Service? Best Answer

15. RE: Denial of Service?

16. RE: Denial of Service?

14. RE: Denial of Service?
Best Answer