Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Network Protection blocking threats from 0.0.0.0, constantly

Created: 28 Feb 2013 | 5 comments

Since about 7 pm last night until I put the computer to sleep, SEP was constantly blocking threats.  A few incoming and outgoing were blocked around 2 am while the computer was asleep, and once I started the computer this morning, it has been continual.  Mostly incoming, although a handful of outgoing.  This is what the log looks like:

2/28/2013 / 7:49.02 / Blocked / 10 / Outgoing/ IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:49.02 / Blocked / 10 / Outgoing/ IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:49.02 / Blocked / 10 / Outgoing/ IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:48.01 / Blocked / 10 / Incoming / IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:47.24 / Blocked / 10 / Incoming / IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:47.14 / Blocked / 10 / Incoming /  IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:47.09 / Blocked / 10 / Incoming / IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:47.04 / Blocked / 10 / Incoming / IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:47.04 / Blocked / 10 / Incoming /  IPv6 [type=0x86DD] / 0.0.0.0

2/28/2013 / 7:47.04 / Blocked / 10 / Incoming / IPv6 [type=0x86DD] / 0.0.0.0

Chrome is running slowly and at times not loading the page.  I am running a full system scan now, and one file has been detected and deleted (tracking cookies from doubleclick.net).

Can anybody tell me what's going on?  I'd greatly appreciate any advice.  Thank you.

Operating Systems:

Comments 5 CommentsJump to latest comment

valkyrja9's picture

Sorry, I forgot to include this bit of information:

Nearly all the incoming are the same or very similar.

  • Example: Remote MAC: E8-39-35-59-9C-10, Remote Port: 0, Local Host 0.0.0.0, Local MAC: 33-33-00-00-00-0C, Local Port;0

The outgoing are all the same, or very similar (different by one or two numbers)

  • Example: Remote MAC: 33-33-00-01-00-03, Remote Port: 0, Local Host 0.0.0.0, Local MAC: 68-5D-43-D7-CE-E0, Local Port;0 
Rafeeq's picture

 

According to your logs, the Traffic that is being blocked is coming from a device 33-33-00-01-00-03

 

Blocked 10 indicates that the 10th Rule created in your firewall rules is indicating to block this kind of traffic...  Check your Rules in the Firewall portion of the SEPM server and see what is being propogated to your clients.

 

Blocked 10, is blocking IPv6 traffic coming to your device . sending data to an ipv6 address.

hforman's picture

It looks like you have a rulke set to block IPv6 traffic.  However, some websites uand some browsers are moving toward using IPv6 instead of the usual IPv4.

 

There are two ways you can go.  Either remove/disengage the rule or make your system IPv4 only.  Check your browser settings to see if there is something in there for IPv6 (not familiar with Chrome) and check the TCP/IP settings for your NIC.