Hey rzk295,
Thanks for getting in touch!
I had to do a bit of research on this one - mainly because I'm not familiar with a lot of Symantec's stuff. However, I did find an article that's pretty interesting:
https://www.symantec.com/connect/forums/denial-service-smurf-attack-detectedBasically, this article is saying that false positives can be triggered - and I'm not surprised PingPlotter's traffic triggered a false positive. I'm unsure of what you can do from Symantec's side - but from a PingPlotter side you could try to double your interval (so trace every 5 seconds instead of 2.5 seconds).
The traffic that PingPlotter's sending is ICMP, and it's sending a lot of ICMP packets. If you use Wireshark to capture the stream, you can definitelly see how many packets are going out. However - don't worry! We actually did an experiment like this to give people like you peace of mind - it's really, really hard to ACTUALLY DDoS something with PingPlotter. Check it out here:
https://www.pingplotter.com/wisdom/article/is-ping-dangerousThe main idea here is that it's a false positive and that you don't need to worry about PingPlotter DDoS'ing one of your nodes. However, you may want to take a look at Symantec's information to see how you can potentially add an exception - but it'd have to be for all ICMP as the traffic we send is from the ICMP.dll, not from the application itself.
I hope that helped!
Previous Topic
Index
