Endpoint Protection

 View Only

  • 1.  75.75.75.75 error message

    Posted Aug 24, 2012 11:11 AM
      |   view attached

    Hello,  

    I use Symantec Endpoint Protection v11.0.6005.562 and I have been receiving the eror message below about once an hour for the last three or four hours:  

    Traffic from IP Address 75.75.75.75 is blocked from 8/24/2012 7:53AM to 8/24/2012 7:58AM.  Denial of service is logged.  (the hour & minutes change every time I get the message)

    What does this mean  and what do I need to so to take care of this?  

    Thank you.

     

     

     



  • 2.  RE: 75.75.75.75 error message



  • 3.  RE: 75.75.75.75 error message

    Broadcom Employee
    Posted Aug 24, 2012 11:31 AM

    the IP is comcast IP address

    see these threads with a very similar or even the same problem:

    http://www.symantec.com/connect/forums/endpoint-1106-false-denial-service-attacks-dns-servers

    http://www.symantec.com/connect/forums/sepv11-dos-ips-logs-after-upgrading-clients-ru6

    If you have access to the SEPM console, you should exclude the Comcast IPs in the IPS policy:

    Clients > Policies > Intrusion Prevention Policy > Settings > Enable excluded hosts

    Alternatively, you can disable Denial of service detection.

     

    or upgrade to latest version or SEP 11 ru 6 MP1 atleast

    http://www.symantec.com/business/support/index?page=content&id=TECH132161&locale=en_US



  • 4.  RE: 75.75.75.75 error message

    Posted Aug 24, 2012 11:47 AM

    It's a comcast DNS server.

    You should upgrade to the latest version of SEP 11.x (ru7 mp2)

    I believe this bug was resolved back in ru6 mp1 but upgrading to latest version will fix it as well.



  • 5.  RE: 75.75.75.75 error message

    Broadcom Employee
    Posted Aug 24, 2012 11:49 AM

    upgrade to latest version or SEP 11 ru 6 MP1 atleast

    http://www.symantec.com/business/support/index?page=content&id=TECH132161&locale=en_US



  • 6.  RE: 75.75.75.75 error message

    Broadcom Employee
    Posted Aug 24, 2012 03:40 PM

    Hi,

    Upgrade to the latest version can be one of the possible solution.

    Always make sure you will use latest SEP version.

    Use all the the SEP features i.e. AV/AS, PTP & NTP.

    Use latest windows patches and service pack.

    Disable auto-run.

     



  • 7.  RE: 75.75.75.75 error message

    Trusted Advisor
    Posted Aug 27, 2012 03:01 AM

    Hello,

    Denial of Service (a.k.a. DoS) detection is a firewall feature of SEP Enterprise Edition (EE).  If you have SEP Small Business Edition (SBE) you cannot see this feature and it should be disabled.

    You can enable/disable the feature only in the EE version from the firewall policy:

    1. Edit a firewall policy.

    2. Go to the "Protection and Stealth" settings.

     

    This issue has been fixed in Symantec Endpoint Protection 11(11.0.6100.645) Release Update 6 Maintenance Patch 1 (RU6 MP1) and above.

    OR

    Please upgrade to latest version which is SEP 12.1.

    Check these Threads below:

    https://www-secure.symantec.com/connect/forums/only-client-blocked

    https://www-secure.symantec.com/connect/forums/help-denial-service

    Hope that helps!!