ESS 5.0 rc [flooding attack router] [Archive]

View Full Version : ESS 5.0 rc [flooding attack router]

Faraways

July 23rd, 2011, 12:54 PM

Just installed version 5 RC. Now I got a lot of 'No usable rule found' messages in my firewall log like this:
Searched the forum but cant find a suitable answer.. If I overlooked then Im sorry..

-----------------------
1. 'No usable rule found 192.168.178.1:xxx (several diff ports/entries) to 192.168.178.22:14013 TCP'

2. 'No usable rule found from several external IP's:xxx (several diff ports/entries) to 192.168.178.22:xxx (several diff ports/entries) TCP'

3. 'Address temporarily blocked by active defense (IDS) 192.168.178.1:xxx (several diff ports/entries) to 192.168.178.22:14013 TCP'

Note: everything worked fine in 4.2.71 (nothing changed except uninstall and then install v5 rc).
------------------------

4. Email firewall log entry:
'Communication allowed by rule 127.0.0.1:port 127.0.0.1:port TCP Allow communication for thunderbird.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe'

5. Antispam:
In events log I found one entry with
'23-7-2011 17:26:57 Spam filter Antispam: Unexpected exception (0020).'
-------------------------------

Anyone who can provide me a little info on the subjects above? ::) ;)

regards
thank you

Cudni

July 23rd, 2011, 02:04 PM

did you add your network to the Trusted zone?

Faraways

July 23rd, 2011, 05:08 PM

228243

I am not very experienced with networks and firewall. :-[

I am looking at networks,configure rules + zones > zones tab

Trusted Zone IP:127.0.0.1; IPv6: ::1; IPv6 subnet: fe80:: / 64

192.168.178.1 is in the zone tab too but it is not in trusted zone I think. It says it is 'automatically generated authenticated zone' subnet 192.168.178.0 / 255.255.255.0

and few lines for opendns (208.67.220.220 and 208.67.222.222): one at 192.168.178.0 and one at 169.254.0.0 (? ) also with 'automatically generated authenticated zone'

Thank you

Angel

dmaasland

July 24th, 2011, 11:41 AM

looking at the address i'd say you're using a fritz!box. I'd either disabe parental control in the FB, or disable the tcp overload box in IDS settings.

Faraways

July 24th, 2011, 01:34 PM

-{ Quote: "looking at the address i'd say you're using a fritz!box. I'd either disabe parental control in the FB, or disable the tcp overload box in IDS settings." }-

Thank you very much. I have changed both. Child protection in Fritzbox is off now and tcp overload is off.
Is disabling the tcp overload check a risk for synflood?

I will monitor my system for a few days and report back here with the results. :)

edit 27-07:
No disturb messages anymore. Seems to be solved now.

Thank you :)