ESS 5.0 rc [flooding attack router]

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by Faraways, Jul 23, 2011.

Thread Status:
Not open for further replies.
  1. Faraways

    Faraways Registered Member

    Joined:
    Jan 18, 2011
    Posts:
    16
    Just installed version 5 RC. Now I got a lot of 'No usable rule found' messages in my firewall log like this:
    Searched the forum but cant find a suitable answer.. If I overlooked then Im sorry..

    -----------------------
    1. 'No usable rule found 192.168.178.1:xxx (several diff ports/entries) to 192.168.178.22:14013 TCP'

    2. 'No usable rule found from several external IP's:xxx (several diff ports/entries) to 192.168.178.22:xxx (several diff ports/entries) TCP'

    3. 'Address temporarily blocked by active defense (IDS) 192.168.178.1:xxx (several diff ports/entries) to 192.168.178.22:14013 TCP'

    Note: everything worked fine in 4.2.71 (nothing changed except uninstall and then install v5 rc).
    ------------------------

    4. Email firewall log entry:
    'Communication allowed by rule 127.0.0.1:port 127.0.0.1:port TCP Allow communication for thunderbird.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe'

    5. Antispam:
    In events log I found one entry with
    '23-7-2011 17:26:57 Spam filter Antispam: Unexpected exception (0020).'
    -------------------------------

    Anyone who can provide me a little info on the subjects above? :rolleyes: ;)

    regards
    thank you
     
    Faraways, Jul 23, 2011
    #1
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,963
    Location:
    Somethingshire
    did you add your network to the Trusted zone?
     
    Cudni, Jul 23, 2011
    #2
  3. Faraways

    Faraways Registered Member

    Joined:
    Jan 18, 2011
    Posts:
    16
    2011-07-23-eset-flood-attack.jpg

    I am not very experienced with networks and firewall. :oops:


    I am looking at networks,configure rules + zones > zones tab

    Trusted Zone IP:127.0.0.1; IPv6: ::1; IPv6 subnet: fe80:: / 64


    192.168.178.1 is in the zone tab too but it is not in trusted zone I think. It says it is 'automatically generated authenticated zone' subnet 192.168.178.0 / 255.255.255.0

    and few lines for opendns (208.67.220.220 and 208.67.222.222): one at 192.168.178.0 and one at 169.254.0.0 (? ) also with 'automatically generated authenticated zone'



    Thank you

    Angel
     
    Faraways, Jul 23, 2011
    #3
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    looking at the address i'd say you're using a fritz!box. I'd either disabe parental control in the FB, or disable the tcp overload box in IDS settings.
     
    dmaasland, Jul 24, 2011
    #4
  5. Faraways

    Faraways Registered Member

    Joined:
    Jan 18, 2011
    Posts:
    16
    Thank you very much. I have changed both. Child protection in Fritzbox is off now and tcp overload is off.
    Is disabling the tcp overload check a risk for synflood?

    I will monitor my system for a few days and report back here with the results. :)



    edit 27-07:
    No disturb messages anymore. Seems to be solved now.

    Thank you :)
     
    Last edited: Jul 27, 2011
    Faraways, Jul 24, 2011
    #5
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...