Anti-MAC spoofing enabled on RU5 blocks access to router (x.x.x.1 IP address) with "Error: Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer."

Article:TECH96608  |  Created: 2009-01-07  |  Updated: 2011-06-08  |  Article URL http://www.symantec.com/docs/TECH96608
Article Type
Technical Solution


Environment

Issue





Symptoms
Client logs show events resembling the following:

Severity: Major, Event: Active Response, Description: Traffic from IP address is blocked from to
Pop-up on the client machine states 'Traffic blocked for 10 minutes.'

 


Solution



This issue has been addressed in SEP RU6 and onwards.

If you are unable to update to RU6 at this time, the following workaround can be applied:

1. On the SEPM, edit the existing firewall policy
2. Choose Traffic and Stealth Settings
3. Remove the check mark from "Enable Anti-MAC spoofing"




Technical Information
This has been found on Windows XP SP2 and SP3, Windows 2003, Windows Vista, Windows 7 and Windows Server 2008 (& R2).


 


Supplemental Materials

SourceETrack
Value1864844

Legacy ID



2009100713352448


Article URL http://www.symantec.com/docs/TECH96608


Terms of use for this information are found in Legal Notices