esitech
asked on
Watchguard Blocking IP with DOS Alarn "port_scan_dos"
Hello,
We have a Watchguard X1250e and the issue we are having is that it keeps blocking the IP addresses where my laptop is used to connect to the network. If I'm at home it blocks the IP at my house, if I go to clients office it blocks the IP of my client.
I already rebuilt my laptop. Deleted partitions and formatted the partitions.
I only got Office 2010, Bomgar (http://bomgar.com), and Skype, nothing else.
I found this http://www.dslreports.com/forum/r23523169-Port-scan-dos but if I just rebuilt my machine then how can I have a virus on my machine. We have been using the Watchguard for several years now and this started happening about a month ago. Any ideas without disabling the security on the Watchguard?
We have a Watchguard X1250e and the issue we are having is that it keeps blocking the IP addresses where my laptop is used to connect to the network. If I'm at home it blocks the IP at my house, if I go to clients office it blocks the IP of my client.
I already rebuilt my laptop. Deleted partitions and formatted the partitions.
I only got Office 2010, Bomgar (http://bomgar.com), and Skype, nothing else.
I found this http://www.dslreports.com/forum/r23523169-Port-scan-dos but if I just rebuilt my machine then how can I have a virus on my machine. We have been using the Watchguard for several years now and this started happening about a month ago. Any ideas without disabling the security on the Watchguard?
Logs from the Watchguard log viewer would give clue as to what is happening.
I think [wild guesses] that you might have multi homed machine and are sending packets for more than one subnet and WG thinks it to be spoof attack.
Another thing could be that your machine has some application/program [may be legitimate or might also be malware] that is sending too many packets out causing the behavior that your machine get blocked.
Please check the logs and update.
Thank you.
I think [wild guesses] that you might have multi homed machine and are sending packets for more than one subnet and WG thinks it to be spoof attack.
Another thing could be that your machine has some application/program [may be legitimate or might also be malware] that is sending too many packets out causing the behavior that your machine get blocked.
Please check the logs and update.
Thank you.
ASKER
Yes this is a home network, and have several devices here. So far it hasn't happened again. Is there a way to disable that on the WG, so it doesn't block it? The WG has done this to some of my clients also, as we have our Labtech Agents installed on our their computers and servers, this will cause several packets to be sent back and forth.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER