firewall log

Discussion in 'ESET Smart Security' started by stratoc, Jun 22, 2009.

Thread Status:
Not open for further replies.
  1. stratoc

    stratoc Guest

  2. stratoc

    stratoc Guest

    not very clear it says 'detected covert channel exploit in icmp packet'
     
  3. stratoc

    stratoc Guest

    my internet, slowly ground to a halt shortly afterwards. i flushed dns, reset winsock and power cycled the router all seems back to normal now. also manually cleaned every hidden file from the last internet security program i was running. seems ok now.
     
  4. stratoc

    stratoc Guest

    i emailed eset support, just to ask what the message in the log meant. thier reply was try upgrading to v4 :argh: so i guess they don't know either:blink:
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does disabling detection of covert data in ICMP in the IDS section of the firewall setup make a difference?
     
  6. stratoc

    stratoc Guest

    hi marcos i just wanted to know what it was, as i wanted to know what dns poisoning was there is nothing in help to explain what the logs mean, if it's not possible to find out why does it write them?
    is it telling me there's a problem, is it telling me it's done it's job? do i need to perform any actions?
    what does it mean, i have been asking this since smart was released.
     
  7. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    I am sorry.The picture can't be seen clearly.What did it say?I only can know it is ICMP.
     
  8. stratoc

    stratoc Guest

    yeah sorry i typed it in post number 2
     
  9. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Thank you:D .Firewall said "detected covert channel exploit in icmp packet".In my view,those ICMP packets are used to pry your ports.Maybe someone is pinging you to know if your computer exists.
     
  10. stratoc

    stratoc Guest

    so it stopped them then? well if it's just doing it's job that's good, thing is im behind a router, and im not positive but i think the from address belongs to it? i havnt had any since, thanks for your help.
    i just like to know what's going on and how things work.
     
  11. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    You're welcome.Firewall worked well.It finished its own thing very well,blocking this kind of pcakets is right.This kind of packets be sent to your computer,and then your computer replyed.The person who sent the packets can know that your computer on the Internet:) .
     
  12. stratoc

    stratoc Guest

    it's ground to a halt again, had to do a restore pre new firewall. looks like updates are frozen.
    one thing i noticed, i have ask before updating componamts checked.... and it didnt!
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    That's because no PCU has been issued for v4 yet. A PCU to v. 3.0.684 for v3 users is being staggered and distributed to v3 users with older versions gradually.

    Unlike PCU, program modules (such as archive module, adv. heuristics module, etc.) are updated automatically along with standard signature updates. If you want to be prompted before downloading updates, enable the appropriate option in the update setup of v4 and specify the file size limit when the program will prompt you first.
     
  14. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Excuse me.What's the meaning of the word "PCU".Sorry,I don't know this abbreviation's meaning:( .
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    PCU stands for Program component update. A PCU updates all program files, including helps and other documentation bundled with installers.
     
  16. cqpreson

    cqpreson Registered Member

    Joined:
    May 18, 2009
    Posts:
    348
    Location:
    China
    Ok,I got it.Thank you very much.
     
  17. stratoc

    stratoc Guest

    i get it, thanks.
     
  18. stratoc

    stratoc Guest

    it's updated to 1048 and has 14 'incorrect tcp check sum' in log! wonder what's next? different message each version!
     
  19. agoretsky

    agoretsky Eset Staff Account

    Joined:
    Apr 4, 2006
    Posts:
    4,032
    Location:
    California
Thread Status:
Not open for further replies.