ESS blocks network for 10mins when I try to access the emule web interface

Discussion in 'ESET Smart Security' started by klischee, Jan 30, 2010.

Thread Status:
Not open for further replies.
  1. klischee

    klischee Registered Member

    Joined:
    Jan 30, 2010
    Posts:
    1
    Hi!

    I have a problem with ISS on Win 7 x64.

    When I activate the web interface for emule (or other tools), and try to access it from a remote computer in the local network, the whole traffic from this computer gets blocked for 10 minutes.

    Example:
    Webserver is running on port 8000 at 192.168.1.100
    I try to access it with 192.168.1.100:8000 with pc 192.168.200
    The connection get refused and the whole traffic to/from .200 blocked for exactly 10min
    (I can ping .100 with the router, but not with .200).

    When I deactivate the firewall, there's absolutely no trouble with the web interface access. I deleted the rule for eMule so ESS had the chance to set up a new one, but this didn't helped. ESS don't ask me if I want to allow the remote connection. TCP & UDP are allowed in and out.

    Is there any special setting I have to set up manually? I hope you can help me, pls ask me if you need more informations.

    Edit:
    I played around some more and found out that the problem is solved when I exclude my remote computer (.200) from the IDS.
    But if you have a better idea please tell me, don't know if this solution is secure.
     
    Last edited: Jan 30, 2010
    klischee, Jan 30, 2010
    #1
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Add the IP of the computer in question to the list of addresses excluded from active protection (IDS) in the Zone setup. When the problem occurs, you can enable logging all blocked connections to see what kind of network attack is being generated (perhaps the port scan attack).
     
    Marcos, Jan 30, 2010
    #2
  3. dwmtractor

    dwmtractor Registered Member

    Joined:
    Dec 9, 2009
    Posts:
    46
    Location:
    San Jose, CA
    That may or may not entirely do the trick. . .I found in my corporate network that even with an exclusion zone for an internal subnet, IDS still blocks certain behaviors. In my case it resulted in a complete blow-up of our corporate accounting software, as it turns out the Pervasive database looks like an ARP Cache Poisoning or ICMP Flood attack. ESS blocks the "attack" and results in dropped connections to the database and corrupted financial records (a bad thing. . . :mad: )

    See this post for more detail; sad to say I've had no help on it. . .

    https://www.wilderssecurity.com/showthread.php?t=260225
     
    dwmtractor, Feb 1, 2010
    #3
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...