ESS 5.0 rc [flooding attack router]

Discussion in 'ESET NOD32 Antivirus/Smart Security Beta' started by Faraways, Jul 23, 2011.

Thread Status:
Not open for further replies.
  1. Faraways

    Faraways Registered Member

    Joined:
    Jan 18, 2011
    Posts:
    16
    Just installed version 5 RC. Now I got a lot of 'No usable rule found' messages in my firewall log like this:
    Searched the forum but cant find a suitable answer.. If I overlooked then Im sorry..

    -----------------------
    1. 'No usable rule found 192.168.178.1:xxx (several diff ports/entries) to 192.168.178.22:14013 TCP'

    2. 'No usable rule found from several external IP's:xxx (several diff ports/entries) to 192.168.178.22:xxx (several diff ports/entries) TCP'

    3. 'Address temporarily blocked by active defense (IDS) 192.168.178.1:xxx (several diff ports/entries) to 192.168.178.22:14013 TCP'

    Note: everything worked fine in 4.2.71 (nothing changed except uninstall and then install v5 rc).
    ------------------------

    4. Email firewall log entry:
    'Communication allowed by rule 127.0.0.1:port 127.0.0.1:port TCP Allow communication for thunderbird.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe'

    5. Antispam:
    In events log I found one entry with
    '23-7-2011 17:26:57 Spam filter Antispam: Unexpected exception (0020).'
    -------------------------------

    Anyone who can provide me a little info on the subjects above? :rolleyes: ;)

    regards
    thank you
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    did you add your network to the Trusted zone?
     
  3. Faraways

    Faraways Registered Member

    Joined:
    Jan 18, 2011
    Posts:
    16
    2011-07-23-eset-flood-attack.jpg

    I am not very experienced with networks and firewall. :oops:


    I am looking at networks,configure rules + zones > zones tab

    Trusted Zone IP:127.0.0.1; IPv6: ::1; IPv6 subnet: fe80:: / 64


    192.168.178.1 is in the zone tab too but it is not in trusted zone I think. It says it is 'automatically generated authenticated zone' subnet 192.168.178.0 / 255.255.255.0

    and few lines for opendns (208.67.220.220 and 208.67.222.222): one at 192.168.178.0 and one at 169.254.0.0 (? ) also with 'automatically generated authenticated zone'



    Thank you

    Angel
     
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    looking at the address i'd say you're using a fritz!box. I'd either disabe parental control in the FB, or disable the tcp overload box in IDS settings.
     
  5. Faraways

    Faraways Registered Member

    Joined:
    Jan 18, 2011
    Posts:
    16
    Thank you very much. I have changed both. Child protection in Fritzbox is off now and tcp overload is off.
    Is disabling the tcp overload check a risk for synflood?

    I will monitor my system for a few days and report back here with the results. :)



    edit 27-07:
    No disturb messages anymore. Seems to be solved now.

    Thank you :)
     
    Last edited: Jul 27, 2011
Thread Status:
Not open for further replies.