We are receiving the following messages on a few of our laptops under the NTP Traffic Logs:
3 5/17/2011 12:58:55 PM Blocked 15 Incoming ETHERNET [type=0x0] 0.0.0.0 9C-AF-CA-0F-67-DD 0 0.0.0.0 00-27-10-95-67-50 0 Default 1 5/17/2011 12:57:54 PM 5/17/2011 12:57:54 PM Block all other traffic
From what I have read the Type 0x0 and 0.0.0.0 traffic is an ARP Probe "An ARP probe is an ARP request constructed with an all-zero sender IP address. The term is used in the IPv4 Address Conflict Detection specification (RFC 5227). Before beginning to use an IPv4 address (whether received from manual configuration, DHCP, or some other means), a host implementing this specification must test to see if the address is already in use, by broadcasting ARP probe packets."
I can tell from the mac addresses that it is traffic coming from a Cisco device (access point possibly) to the wireless adapter.
I called Symantec and the only solution they said was to enable "Allow token ring traffic". Not my issue.
Anyone else know of any resolutions to this?