|
|
#1
April 1st, 2009, 10:50 AM
|
|||
|
|||
Firewall Issues with v4.0.417
I decided to turn on logging yesterday after updating to see what, if anything, was being blocked. Very enlightening. I have ESS 4.0.417 (BE) installed on Vista SP1, fully patched.
Here are a sample of entries. Hopefully someone from ESET can enlighten me: 4/1/2009 8:14:57 AM Packet blocked by active defense (IDS) 192.168.1.101:49505 192.168.1.1:80 TCP That's my computer trying to talk to my router web interface. Lots of these. 4/1/2009 8:13:34 AM Packet blocked by active defense (IDS) 192.168.1.1:80 192.168.1.101:49492 TCP Same thing, other direction 3/31/2009 8:55:23 PM Packet blocked by active defense (IDS) 68.142.212.22:80 192.168.1.101:50346 TCP That's Inktomi from my Yahoo portal home page. The firewall is blocking the daily play four (word game)(see next post) Router logging also does not auto start any more. I run Wall Watcher on boot to log the WTR54GS running HyperWRT. Never any issues before ESS. Now I have to disable/enable logging on the router to get it started. It does not make any sense, but it's happening. Even stranger, on my Laptop running Windows XP SP3, fully patched, the Word game appears. Both browsers are Firefox 3.0.8. No errors logged on the XP computer, but also, no router logging there either.
__________________
"Let us be thankful for the fools. But for them the rest of us could not succeed." ---Mark Twain Last edited by LoPhatPhuud : April 1st, 2009 at 11:07 AM. |
|
#2
April 1st, 2009, 11:03 AM
|
|||
|
|||
|
Re: Firewall Issues with v4.0.417
Update. The Word game issue is not an issue with the firewall or IDS. It's fine in IE8 and Opera on the same computer. Also, I forgot the browser was updated to FF 3.1.b3 so it will be a browser issue.
The remaining issue is the one with the router and logging.
__________________
"Let us be thankful for the fools. But for them the rest of us could not succeed." ---Mark Twain |
|
#3
April 1st, 2009, 02:21 PM
|
|||
|
|||
|
Re: Firewall Issues with v4.0.417
More info...
The IDS block only occurs on the Vista computer which is the target for the router logs. I can open the router web interface from my Laptop and no blocks are logged.
__________________
"Let us be thankful for the fools. But for them the rest of us could not succeed." ---Mark Twain |
|
#4
April 2nd, 2009, 03:03 PM
|
|||
|
|||
|
Re: Firewall Issues with v4.0.417
The issue with the IDS blocks has resolved itself. Perhaps a reboot fixed it, but it has not come back so it's a dead issue now.
__________________
"Let us be thankful for the fools. But for them the rest of us could not succeed." ---Mark Twain |
|
#5
April 2nd, 2009, 03:39 PM
|
|||
|
|||
|
Re: Firewall Issues with v4.0.417
In cases like this when it's not clear if it's a false positive or a real attack (I've run into a case when a network printer was causing udp port scanning attacks), create 2 logs from Wireshark - one with the firewall disabled when everything works and one with the firewall enabled when connections are blocked. Eventually send the logs with a description of the problem to support[at]eset.com.
|
| « Previous Thread | Next Thread » |
| Thread Tools | Search this Thread |
|
|
