MAC spoofing messages in Symantec

tremendous1970 · ‎01-20-2014

L.S.,

I have a Zyxel NBG6716 router. When I connect my Windows 7 64-bit laptop to it I have no problem.
However, when I connect to my work through VPN (Cisco AnyConnect Secure Mobility Client version 3.1.04066) I get lots of MAC spoofing messages from Symantec Endpoint Protection. In the security logfile of Symantec Endpoint Protection I can see that the spoofing is done mostly from the ipadres and mac-address of the Zyxel router.
Sometimes a mac-address 00-11-22-33-44-55 appears in the Symantec log.
The exact message in Symantec : "Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer.". The packet data is per mac-address the same.
When I disconnect my VPN, the messages do not appear anymore.
When I use the same VPN connection at my work, I do not get any messages in Symantec.

Can someone please help me solve this problem? It is a very annoying problem, because everytime my VPN connection is disrupted and I get thrown out of my server session.

Greetings,
Toine

tremendous: Newbie; Posts: 1; Cash: 2; Joined: Mon Jan 20, 2014 7:10 pm

Chetan Savade · ‎01-29-2014

Hi,

I am Chetan Savade from Symantec Technical Support team.

This was a known issue with release prior to SEP 11 RU5. What's the SEP client version is installed?

Meanwhile refer this article:

Anti-MAC spoofing enabled on RU5 blocks access to router (x.x.x.1 IP address) with "Error: Unsolicited incoming ARP reply detected, this is a kind of MAC spoofing that may consequently do harm to your computer."

http://www.symantec.com/docs/TECH96608

Regards,

Chetan