Endpoint Protection

View Only

Back to discussions

Expand all | Collapse all

MAC spoofing

1. MAC spoofing

Recommend
Migration User
Posted Jan 02, 2011 11:29 PM

Reply Reply Privately
I having the error as below in my client management log.

"Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.

Packet data is shown in the right window."

Does that mean someone on that computer is spoofing my MAC or virus ?

Rgds

Thet
2. RE: MAC spoofing

Recommend
Broadcom Employee

pete
Posted Jan 02, 2011 11:39 PM

Reply Reply Privately
what is the version of SEP client?

What is the source of the attack?

There is fix with the latest version

http://www.symantec.com/business/support/index?page=content&id=TECH96608&locale=en_US
3. RE: MAC spoofing

Recommend
Migration User
Posted Jan 02, 2011 11:57 PM

Reply Reply Privately
I read the fix ald.

I have updated my SEP server also.

My concern is that means actual MAC spoofing attack or just window 7 error.

I am using window 7 64 bit that IP address which is MAC spoofing is window xp.

The Sep client version is 11.

Source is one of our LAN IP

Active Response that started at 01/04/2011 12:21:11 is disengaged. The traffic from IP address IP add was blocked for 600 second(s).
4. RE: MAC spoofing

Recommend
Broadcom Employee

pete
Posted Jan 03, 2011 12:04 AM

Reply Reply Privately
the way it is highlighted it is MAC attack. Since the SEP is throwing the notification. Whether by disabling the check, notfication will not be shown ( for test purpose only)
5. RE: MAC spoofing

Recommend
Broadcom Employee

pete
Posted Jan 03, 2011 12:09 AM

Reply Reply Privately
hope you have installed SEP client to post RU6 version.
6. RE: MAC spoofing

Recommend
Migration User
Posted Jan 03, 2011 04:48 AM

Reply Reply Privately
>> Source is one of our LAN IP

For sake of security, I would isolate the machine from the production network and run a full scan, preferably with SERT Tool:

How To Use the Symantec Endpoint Recovery Tool with the Latest Virus Definitions
http://www.symantec.com/business/support/index?page=content&id=TECH131732&locale=en_US
7. RE: MAC spoofing

Recommend
Migration User
Posted Jan 03, 2011 07:03 AM

Reply Reply Privately
If its a managed client check the below settings.

For further information click on Help.
8. RE: MAC spoofing

Recommend
Migration User
Posted Jan 03, 2011 11:34 PM

Reply Reply Privately
Thanks a lot .will do

Endpoint Protection

MAC spoofing

Migration UserJan 02, 2011 11:29 PM

peteJan 02, 2011 11:39 PM

Migration UserJan 02, 2011 11:57 PM

peteJan 03, 2011 12:04 AM

peteJan 03, 2011 12:09 AM

Migration UserJan 03, 2011 04:48 AM

Migration UserJan 03, 2011 07:03 AM

Migration UserJan 03, 2011 11:34 PM

1. MAC spoofing

2. RE: MAC spoofing

3. RE: MAC spoofing

4. RE: MAC spoofing

5. RE: MAC spoofing

6. RE: MAC spoofing

7. RE: MAC spoofing

8. RE: MAC spoofing