ESS and Vista interfering with a local HTTP box

Discussion in 'ESET Smart Security' started by gchoake, May 10, 2010.

Thread Status:
Not open for further replies.
  1. gchoake

    gchoake Registered Member

    Joined:
    Nov 19, 2009
    Posts:
    5
    The title kind of says it, but I'll describe the situation.

    I have Linux box (Ubuntu 9.10) running Apache2, PHP and Mysql to serve Joomla. The IP is 192.168.10.12 and the hostname is Exia.

    Other Linux machines on the network, as well as Windows XP boxes with ESS can get to it and ping it just fine. Vista, for whatever reason, can't. Attempting to ping it causes a timeout, the same for trying to browse to it. As soon as the firewall is disable, though? It goes through. The Vista machines can ping a Linux box without Apache/etc normally.

    I'm not sure if Windows 7 will do the same thing, but I'm about to test it.

    Any ideas why this is happening and how to fix it?

    EDIT: Same thing with 7.
     
    Last edited: May 10, 2010
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    Does disabling the firewall in ESS make a difference?
     
  3. gchoake

    gchoake Registered Member

    Joined:
    Nov 19, 2009
    Posts:
    5
    I believe I mentioned that it did, but yes, turning off the firewall "solves" the problem.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    I'd suggest enabling logging blocked connections in the IDS setup, reproducing the problem and eventually checking the firewall log for details about the rule that blocked the communication. Subsequently you can edit the rule or remove it completely and thus allow the communication. Remember to turn off the logging when you're finished so that the log doesn't fill up with tons of unnecessary entries.
     
  5. gchoake

    gchoake Registered Member

    Joined:
    Nov 19, 2009
    Posts:
    5
    Here's the log of trying to ping it and then access the webpage on it. It tells me... three fifths of nothing, quite frankly.

    EDIT: After studying it and horsing around a bit, it seems the "Identical IP Address detected" 'error' triggers the IP being blocked for some time. If I disable "Block unsafe addresses after attack detection", it works okay.

    I guess the problem still is, why is this happening, and why does it affect Vista and 7 but not XP. There's nothing weird about the Linux box, it's Ubuntu 9.10 running a standard LAMP/SSH setup.
     

    Attached Files:

    Last edited: May 12, 2010
Thread Status:
Not open for further replies.