Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

MAC spoofing messages in Symantec

L.S.,

I have a Zyxel NBG6716 router. When I connect my Windows 7 64-bit laptop to it I have no problem.
However, when I connect to my work through VPN (Cisco AnyConnect Secure Mobility Client version 3.1.04066) I get lots of MAC spoofing messages from Symantec Endpoint Protection. In the security logfile of Symantec Endpoint Protection I can see that the spoofing is done mostly from the ipadres and mac-address of the Zyxel router.
Sometimes a mac-address 00-11-22-33-44-55 appears in the Symantec log.
The exact message in Symantec : "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.". The packet data is per mac-address the same.
When I disconnect my VPN, the messages do not appear anymore.
When I use the same VPN connection at my work, I do not get any messages in Symantec.

Can someone please help me solve this problem? It is a very annoying problem, because everytime my VPN connection is disrupted and I get thrown out of my server session.

Greetings,
Toine

tremendous
Newbie
Newbie
Posts: 1
Cash: 2
Joined: Mon Jan 20, 2014 7:10 pm
3 REPLIES
New Member

MAC spoofing messages in Symantec

Hi,

I am Chetan Savade from Symantec Technical Support team.

This was a known issue with release prior to SEP 11 RU5. What's the SEP client version is installed?

Meanwhile refer this article:

Anti-MAC spoofing enabled on RU5 blocks access to router (x.x.x.1 IP address) with "Error: Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer."

http://www.symantec.com/docs/TECH96608

Regards,

Chetan

New Member

MAC spoofing messages in Symantec

Chetan,

I don't know where I can find the RU version, but the version in the about screen has number 12.1.2015.2015.

Regards,

Toine

New Member

Re: MAC spoofing messages in Symantec

Hi,

It's a SEP 12.1 RU2 version. SEP release details are available here:

http://bit.ly/m0vOJp

If it's a managed client create IPS policy exclusion & exclude router IP address.

Refer the following threads:

http://www.symantec.com/connect/forums/endpoint-protection-blocks-my-routers-ip-address

http://www.symantec.com/connect/forums/anti-mac-spoofing

Regards,

Chetan

2857
Views
0
Helpful
3
Replies
CreatePlease to create content