ESET blocks google.com on my PC

Discussion in 'ESET Smart Security' started by adi2011, Oct 11, 2011.

Thread Status:
Not open for further replies.
  1. adi2011

    adi2011 Registered Member

    Joined:
    Oct 9, 2011
    Posts:
    13
    Hi,

    I am not sure why this is happening on my computer but whenever I try opening google.com in Internet explorer or in Chrome I can't and all other websites are opening normally. When I choose option "Block firewall" everything works OK and I can open google.com and all other websites normally.

    It always worked ok before, I am not sure why it isn't wokring now?

    Any help is appreciated and many thank in advance for prompt replys!

    Cheers,
    Adi;)
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,376
    Carry on as usual when a connection is blocked for some reason:
    1, in the IDS setup, enable logging of blocked connections
    2, reproduce the problem
    3, paste here the relevant records from your firewall log

    Also you might want to disable the option for blocking addresses after an attack detection in the IDS setup.
     
  3. adi2011

    adi2011 Registered Member

    Joined:
    Oct 9, 2011
    Posts:
    13
    Thanks a lot Marcos reply, I appreciate it.

    1. I have enabled this option
    2. I tried opening google.com in Internet explorer and Google Chrome
    3. This is part of ESET firewall log after typing www.google.com which I have exported as XML file:

    Code:
    <?xml version="1.0" encoding="utf-8" ?> 
    - <ESET>
    - <LOG>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:46:16 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">No application listening on the port</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:67</COLUMN> 
      <COLUMN NAME="Target">255.255.255.255:68</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:44:35 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1026</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:44:35 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:44:18 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:59 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1025</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:59 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    
    -------------------------------------------------------------------------------------------------------
    
    
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:46 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:44 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1518</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:44 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1517</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:44 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1514</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:44 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1512</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:44 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1510</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:41 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1518</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:41 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1517</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:41 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1514</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:41 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1512</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:41 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1510</COLUMN> 
      <COLUMN NAME="Target">209.85.148.105:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:43:41 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Detected DNS cache poisoning attack</COLUMN> 
      <COLUMN NAME="Source">192.168.0.1:53</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1035</COLUMN> 
      <COLUMN NAME="Protocol">UDP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    
    
    ----------------------------------------------------------------------------------------------------------
    
    
    
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:38:14 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">66.102.13.101:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1231</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:38:13 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">66.102.13.101:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1231</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:38:12 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">66.102.13.101:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1231</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:37:58 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">192.168.0.237:1150</COLUMN> 
      <COLUMN NAME="Target">209.85.148.147:80</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    
    ------------------------------------------------------------------------------
    
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.147:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1150</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:32 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.147:443</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1168</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:32 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:29 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.147:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1150</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:28 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:26 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:25 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
    - <COLUMN NAME="Time">
      <DATE>12-Oct-11</DATE> 
      <TIME>1:36:25 PM</TIME> 
      </COLUMN>
      <COLUMN NAME="Event">Address temporarily blocked by active defense (IDS)</COLUMN> 
      <COLUMN NAME="Source">209.85.148.102:80</COLUMN> 
      <COLUMN NAME="Target">192.168.0.237:1252</COLUMN> 
      <COLUMN NAME="Protocol">TCP</COLUMN> 
      <COLUMN NAME="Rule/worm name" /> 
      <COLUMN NAME="Application" /> 
      <COLUMN NAME="User" /> 
      </RECORD>
    - <RECORD>
     
  4. adi2011

    adi2011 Registered Member

    Joined:
    Oct 9, 2011
    Posts:
    13
    I also must note that after I have disabled "blocking addresses after an attack detection" I can open google.com and everything is working perfect as before but I am not sure is this the right solution to disable this option?

    Also I notice beside being unable to open google.com some other websites that I open normally each day are taking to long to load or can't load at all:doubt:

    I hope you can help me solve this Marcos and thanks for your time and patience;)
     
  5. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    Could you make another log right after rebooting your computer? This log only shows that IDS has blocked an address, but not the main reason which probably occured before you enabled logging.
     
  6. adi2011

    adi2011 Registered Member

    Joined:
    Oct 9, 2011
    Posts:
    13
    Sorry, I didn't new U had to restart PC after changing IDS options. Since I am not at my workplace right now I can't send is log right away but as soon as I can I will post results from firewall log.

    All the best,
    Adi
     
  7. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    Well a restart is not needed, but if the detection that caused the block is triggered before logging is enabled, the root cause won't show in the logs :).
     
Thread Status:
Not open for further replies.