Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

75.75.75.75 error message

Created: 24 Aug 2012 | 6 comments

Hello,  

I use Symantec Endpoint Protection v11.0.6005.562 and I have been receiving the eror message below about once an hour for the last three or four hours:  

Traffic from IP Address 75.75.75.75 is blocked from 8/24/2012 7:53AM to 8/24/2012 7:58AM.  Denial of service is logged.  (the hour & minutes change every time I get the message)

What does this mean  and what do I need to so to take care of this?  

Thank you.

Comments 6 CommentsJump to latest comment

pete_4u2002's picture

the IP is comcast IP address

see these threads with a very similar or even the same problem:

http://www.symantec.com/connect/forums/endpoint-1106-false-denial-service-attacks-dns-servers

http://www.symantec.com/connect/forums/sepv11-dos-ips-logs-after-upgrading-clients-ru6

If you have access to the SEPM console, you should exclude the Comcast IPs in the IPS policy:

Clients > Policies > Intrusion Prevention Policy > Settings > Enable excluded hosts

Alternatively, you can disable Denial of service detection.

or upgrade to latest version or SEP 11 ru 6 MP1 atleast

http://www.symantec.com/business/support/index?page=content&id=TECH132161&locale=en_US

.Brian's picture

It's a comcast DNS server.

You should upgrade to the latest version of SEP 11.x (ru7 mp2)

I believe this bug was resolved back in ru6 mp1 but upgrading to latest version will fix it as well.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Chetan Savade's picture

Hi,

Upgrade to the latest version can be one of the possible solution.

Always make sure you will use latest SEP version.

Use all the the SEP features i.e. AV/AS, PTP & NTP.

Use latest windows patches and service pack.

Disable auto-run.

Chetan Savade
Sr.Technical Support Engineer, Endpoint Security
Enterprise Technical Support
CCNA | CCNP | MCSE | SCTS |

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<

Mithun Sanghavi's picture

Hello,

Denial of Service (a.k.a. DoS) detection is a firewall feature of SEP Enterprise Edition (EE).  If you have SEP Small Business Edition (SBE) you cannot see this feature and it should be disabled.

You can enable/disable the feature only in the EE version from the firewall policy:

1. Edit a firewall policy.

2. Go to the "Protection and Stealth" settings.

This issue has been fixed in Symantec Endpoint Protection 11(11.0.6100.645) Release Update 6 Maintenance Patch 1 (RU6 MP1) and above.

OR

Please upgrade to latest version which is SEP 12.1.

Check these Threads below:

https://www-secure.symantec.com/connect/forums/only-client-blocked

https://www-secure.symantec.com/connect/forums/help-denial-service

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.