Endpoint Protection Small Business Edition

 View Only

  • 1.  Firewall blocked Spoofed Address

    Posted Feb 22, 2016 09:26 PM

    I've been looking at some forums, but I can't seem to get a handle on how I might resolve this.

    I looked at the firewall logs within Endpoint Protection and I saw that there was entry noted with an Asterisk as being spoofed:

    ComputerXYZ     Remote IP
    fe80::a195:8829:cf7c:6192%13
    Remote Port  
      64993
    Local IP
    ff02::1:3
    Local Port
                    5355
             Status
    Blocked
    Direction       
    Inbound
    2/22/2016 6:08:03 PM

    I was hoping someone could help me identify the threat...assuming this is a threat as I wouldn't expect anything on our network to have a spoofed address.

    Should I be worried about this?  What can I do to prevent this?

     



  • 2.  RE: Firewall blocked Spoofed Address
    Best Answer

    Posted Feb 22, 2016 09:29 PM

    Looks to be from multicast. It should show the rule name of what's being blocked in the log. Does it not?



  • 3.  RE: Firewall blocked Spoofed Address

    Posted Feb 23, 2016 10:37 PM

    It didn't on the initial report I was looking at, but I did find in another report the rule name:  LLMNR.  Had no idea what that was, but looked it up and you are right.  I really appreciate it.  Thanks for the quick reply and helping out a noobie!

     

     



  • 4.  RE: Firewall blocked Spoofed Address

    Posted Feb 24, 2016 07:41 AM

    You're welcome.