Author Topic: WZR-HP-G300NH and Symantec Endpoint Protection  (Read 4953 times)

jlpio

  • Calf
  • *
  • Posts: 3
WZR-HP-G300NH and Symantec Endpoint Protection
« on: September 21, 2010, 10:37:32 pm »

Since upgrading to the official DD-WRT firmware I'm having a strange issue.  I'm running Symantec Endpoint Protection (SEP) 11.06 on all my computers and they periodically pop up with a message indicating that a denial of service attack was detected from the IP of my router, then it starts blocking web access.  When I disable SEP I can get to the internet.  The SEP log has these entries:

 

Denial of Service "UDP Flood Attack" attack detected.
Description:
 An excessive number of User Datagram Protocol (UDP) packets are being generated on this computer causing 100% CPU utilization.

 

Traffic from IP address 192.168.11.1 is blocked from 9/21/2010 10:44:17 PM to 9/21/2010 10:54:17 PM.

Active Response that started at 09/21/2010 22:44:17 is disengaged. The traffic from IP address 192.168.11.1 was blocked for 600 second(s).

 

I'd contact Symantec about this but I've been using SEP on my network with the WZR-HP-G300NH for several months without issue until I upgraded the firmware.


jlpio

  • Calf
  • *
  • Posts: 3
Re: WZR-HP-G300NH and Symantec Endpoint Protection
« Reply #1 on: September 24, 2010, 12:55:42 pm »

Anyone?  I emailed Buffalo support and never got a response, and now I'm getting no response here.  Makes me wonder about them.


kpr

  • Calf
  • *
  • Posts: 1
Re: WZR-HP-G300NH and Symantec Endpoint Protection
« Reply #2 on: November 08, 2010, 06:20:50 pm »

Did you find a resolution to the issue? I am facing a similar problem with Tomato and Linksys hardware.


jlpio

  • Calf
  • *
  • Posts: 3
Re: WZR-HP-G300NH and Symantec Endpoint Protection
« Reply #3 on: November 08, 2010, 06:33:35 pm »

I did (no thanks to Buffalo support or this forum).  In SEP I turned off denial of service detection.  Not sure why the Buffalo is simulating DOS attacks on my computers (again, Buffalo support was non-responsive), but that stopped SEP freaking out.  Eventually I went back to the old non DD-WRT firmware because of that and other issues it was causing.


davo

  • Really Big Bull
  • VIP
  • *
  • Posts: 5926
Re: WZR-HP-G300NH and Symantec Endpoint Protection
« Reply #4 on: November 09, 2010, 07:15:44 am »

you got these errors becasue of the network services list option on the router GUI. The router (for example) can be used as a WOL client for PC's/devices on the network, WOL operates on UDP port 7 and 9.

If your software thought this was a DDOS attack then it is an issue with the software.

PM me for TFTP / Boot Images / Recovery files  LSRecovery.exe file.

skyinn

  • Calf
  • *
  • Posts: 2
Re: WZR-HP-G300NH and Symantec Endpoint Protection
« Reply #5 on: January 31, 2011, 08:48:48 am »

Hi,

 

I had the same problem with using my company laptop installed with Symantec Endpoint Protection when I connected to my recently bought WZR-HP-AG300H.

 

After searching through internet, I found the solution in http://www.symantec.com/connect/forums/endpoint-protection-blocks-ip-my-router

 

Basically you should disable "List Network Services" functionality from Admin Config/Name menu. I tested and now it works without any problem.

 

Cheers,

 

Skyinn