I'm running Symantec Endpoint Protection 12.1.6 on a Windows 7 PC. It's joined to a Windows 2003 Server. (We're working on migrating away from server 2003.)
This morning I got a Symantec popup with the message 'Nuclear Website Attack' I checked the Symantec traffic log and do see incoming ethernet traffic being blocked. The MAC addresses show, but no IP addresses. I ran arp-a and found MAC addresses, but they don't match the Source MAC addresses being blocked. There are a few static IP addresses that come up in a totally different range than what I use. (I don't know if that's a problem or not.)
Any ideas on how to run down the source of the problem?