Address temporarily blocked by active defense (IDS)

Discussion in 'ESET Smart Security' started by Adam H, Jun 14, 2009.

Thread Status:
Not open for further replies.
  1. Adam H

    Adam H Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    23
    Hi,

    I've been having problems hitting various websites including google.com and youtube.com

    Upon checking my logs I've found that the problem is the ESS firewall, and it is blocking connection to these sites due to Address temporarily blocked by active defense (IDS).

    These include TCP, UDP and ICMP packets.

    I'm using ESS 4153 (20090613)

    I have firewall set to Automatic mode with exceptions (user-defined rules)

    Does anyone know why I'm getting blocked to these websites?

    Thanks & Regards

    Adam.
     
    Adam H, Jun 14, 2009
    #1
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    Have you tried enabling test mode in the update setup?
     
    Marcos, Jun 15, 2009
    #2
  3. Adam H

    Adam H Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    23
    No - this feature is turned off. Is this able to help me determine the problem, and if so how please?

    Thanks

    Adam.
     
    Adam H, Jun 15, 2009
    #3
  4. trjam

    trjam Registered Member

    Joined:
    Aug 18, 2006
    Posts:
    9,102
    Location:
    North Carolina USA
    It is to update you to the latest firewall. Turn it on, update and then reboot. Hopefully this will resolve your issue.
     
    trjam, Jun 15, 2009
    #4
  5. Adam H

    Adam H Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    23
    Thanks for that. I enabled it and updated, but I'm still getting this problem.

    I'm also noticing that it does random stuff, like stops me from connecting to another computer on our network. (I can't even ping another machine on my local network). This problem only happens with some comptuers, but all works as soon as I disable the firewall on my own computer.
     
    Adam H, Jun 17, 2009
    #5
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,456
    I'd suggest that you do the following in the IDS section of the firewall setup:
    1, enable logging of blocked connections (only for debugging purposes)
    2, disable "Block unsafe address after attack detection"

    When you encounter the problem you've described, open the firewall log for details about blocked connections (you might need to disable logging blocked connections first). You can post the log here or contact customer care. Please also enclose the information about installed modules (Help -> About).
     
    Marcos, Jun 17, 2009
    #6
  7. Adam H

    Adam H Registered Member

    Joined:
    Jan 3, 2008
    Posts:
    23
    Hi Marcos,

    Thank you for your reply. Disabling "Block unsafe address after attack detection" has now allowed me to view the machines I couldn't on my local network before.

    I have attached a copy of my log file for the last coupe of days... (Although I had to rename to .txt because it I couldn't upload a .xml).

    Thanks & Regards

    Adam.
     

    Attached Files:

    • log.txt
      File size:
      845.8 KB
      Views:
      85
    Adam H, Jun 17, 2009
    #7
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...