A little bit of info please

Discussion in 'ESET Smart Security v4 Beta Forum' started by MasterTB, Nov 24, 2008.

Thread Status:
Not open for further replies.
  1. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I know ESS has an IDS system for blocking certain attacks, but with V3 I had never seen it block something and not knowing what it whas...
    With V4 I have this lots of logs displaying: Packet Blocked by Active Defense (IDS) followed by Local and Remote adresses, ports and protocols.
    What does it mean?? and what has been blocked??

    Here is a pic.
     

    Attached Files:

  2. ASpace

    ASpace Guest

    I have no idea but suppose that this could be packets blocked because of the fact that the firewall performs SPI (stateful packer inspection)

    v3 is SPI firewall , too , by the way , at least it should be :D
     
  3. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    That's exactly my point, what has changed so dramaticaly that there where no such alerts in V3?? If Eset improved IDS so much it would be nice to know what it is that it does now that didn't do then...

    Thanks for the reply.
     
  4. Bensec

    Bensec Registered Member

    Joined:
    Aug 4, 2008
    Posts:
    177
    Location:
    China Changsha
    hello,
    i am using adsl and i didnt see any attack logs in my ess4.
    after seeing you post i enabled both options under node IDS .

    op1.png

    now i get flooded in logs refreshing every second. its terribleo_O !

    op2.png

    i am wondering...
    did you enabled the logging options above,
    before receiving the logs showed in your first post?
    if not, oh they look more weird.
     
  5. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    What blocking rules do you have created / enabled? Is this causing some issues with certain applications or the system? The message appears if a certain communication is blocked, but the firewall could not identify the reason (e.g. if a packet has been received, but no information about the connection exists any more. Either it has already been terminated or never existed.).
     
  7. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Marcos:
    I have the standard outgoing rules for web browsers, mail and IM programs. Rules for the programs that require a web connection for update purposes and others for programs like word or excel that require web to provide help and other uses.
    I have no incoming trafic allowed whatsoever, but I have a local network set up for sharing printers and other stuff.
    The weird thing is that when traffic is blocked due to a rule, I see the rule that blocks the traffic so that -I guess- is not the case for this alerts.
    They are very generic and don't tell much, do you agree??

    edit: no problems with any applications that I'm aware of, what needs internet has it, so far...
     
Thread Status:
Not open for further replies.