Buffalo Forums

Products => Solved Wireless Threads => : jlpio September 21, 2010, 10:37:32 PM

: WZR-HP-G300NH and Symantec Endpoint Protection
: jlpio September 21, 2010, 10:37:32 PM

Since upgrading to the official DD-WRT firmware I'm having a strange issue.  I'm running Symantec Endpoint Protection (SEP) 11.06 on all my computers and they periodically pop up with a message indicating that a denial of service attack was detected from the IP of my router, then it starts blocking web access.  When I disable SEP I can get to the internet.  The SEP log has these entries:

 

Denial of Service "UDP Flood Attack" attack detected.
Description:
 An excessive number of User Datagram Protocol (UDP) packets are being generated on this computer causing 100% CPU utilization.

 

Traffic from IP address 192.168.11.1 is blocked from 9/21/2010 10:44:17 PM to 9/21/2010 10:54:17 PM.

Active Response that started at 09/21/2010 22:44:17 is disengaged. The traffic from IP address 192.168.11.1 was blocked for 600 second(s).

 

I'd contact Symantec about this but I've been using SEP on my network with the WZR-HP-G300NH for several months without issue until I upgraded the firmware.

: Re: WZR-HP-G300NH and Symantec Endpoint Protection
: jlpio September 24, 2010, 12:55:42 PM

Anyone?  I emailed Buffalo support and never got a response, and now I'm getting no response here.  Makes me wonder about them.

: Re: WZR-HP-G300NH and Symantec Endpoint Protection
: kpr November 08, 2010, 06:20:50 PM

Did you find a resolution to the issue? I am facing a similar problem with Tomato and Linksys hardware.

: Re: WZR-HP-G300NH and Symantec Endpoint Protection
: jlpio November 08, 2010, 06:33:35 PM

I did (no thanks to Buffalo support or this forum).  In SEP I turned off denial of service detection.  Not sure why the Buffalo is simulating DOS attacks on my computers (again, Buffalo support was non-responsive), but that stopped SEP freaking out.  Eventually I went back to the old non DD-WRT firmware because of that and other issues it was causing.

: Re: WZR-HP-G300NH and Symantec Endpoint Protection
: davo November 09, 2010, 07:15:44 AM

you got these errors becasue of the network services list option on the router GUI. The router (for example) can be used as a WOL client for PC's/devices on the network, WOL operates on UDP port 7 and 9.

If your software thought this was a DDOS attack then it is an issue with the software.

: Re: WZR-HP-G300NH and Symantec Endpoint Protection
: skyinn January 31, 2011, 08:48:48 AM

Hi,

 

I had the same problem with using my company laptop installed with Symantec Endpoint Protection when I connected to my recently bought WZR-HP-AG300H.

 

After searching through internet, I found the solution in http://www.symantec.com/connect/forums/endpoint-protection-blocks-ip-my-router

 

Basically you should disable "List Network Services" functionality from Admin Config/Name menu. I tested and now it works without any problem.

 

Cheers,

 

Skyinn