Firewall

Discussion in 'ESET Smart Security' started by Shatterday, Aug 11, 2009.

Thread Status:
Not open for further replies.
  1. Shatterday

    Shatterday Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    4
    Hi.

    I have a few questions regarding the firewall in smart security.

    When in interactive mode some rules are by default determined and they can't be changed, so what are they doing?

    Also I get a lot of logs with "no application listening on the port" and "packet blocked by active defense"... Why do I get them and how do I get rid of them?
     
  2. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    could you post a screenshot of the log with few of those alerts displayed? did you get any prompts to create rules? are you behind a router?
     
  3. Shatterday

    Shatterday Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    4
    no router and didn't get prompt to create any rules.

    What do these messages say? (in english)

    Can I just ignore them or is it anything important?

    (Another question... In IDS and advanced options what services should I allow in the allowed services section?)
     

    Attached Files:

    • log1.JPG
      log1.JPG
      File size:
      209.6 KB
      Views:
      11
    Last edited: Aug 11, 2009
  4. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    i usually leave ids on its default settings. in plain English it means what it says that no app is listening on a given port and that some packets have been blocked (as in eset saying not expected so block it). what were you using the machine at the time of the log, torrent?
     
  5. Shatterday

    Shatterday Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    4
    right now I have all ids "allowed services" turned off... I noticed that the log regarding packets stopped coming then.

    About the listening on port, I can't understand them. I didn't do anything at the time for the logs. I was connected to the internet but didn't use it.

    Can I change some options and make them dissapear or am I going to have to live with them?

    furthermore I can't understand what that listening port thing is about. What is eset trying to tell me?
    something or someone trying to get into my computer or "someminorthing that eset is reporting about anyway?"
     
  6. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The message means that the connection to a port with no application listening on was blocked/denied. Maybe it's your router which generates this communication, some brands/types produce really strange communications, including port scans which are then correctly evaluated by the firewall as attacks.
     
  7. Shatterday

    Shatterday Registered Member

    Joined:
    Aug 11, 2009
    Posts:
    4
    So... what can I do to make these logs go away? If I could be 100% sure thet they aren't a threat, I could just manually allow these ports?

    If something constantly tries to connect to these ports should I treat that like a threat? or just some app or equipement that eset thinks is a threat but really isn't?

    Investigated some more and if I allow "allow response to ARP requests from outside the trusted zone" (and have the other options turned of) the packet thing goes away.
    But the listening on port remains but not as many logs as before
     
    Last edited: Aug 12, 2009
  8. reevesloh

    reevesloh Registered Member

    Joined:
    Jul 6, 2009
    Posts:
    160
    Err....i dun know what mean of this eset firewall log but seem like a colour different that me is red and other is black why?And what the meaning of this log?
     

    Attached Files:

    • ESS.PNG
      ESS.PNG
      File size:
      140.6 KB
      Views:
      1
Thread Status:
Not open for further replies.