IDS forces my router to shutdown

Discussion in 'ESET Smart Security' started by Bigabe, Feb 22, 2011.

Thread Status:
Not open for further replies.
  1. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    Solved: IDS forces my router to shutdown

    Hello folks.
    I have following problem:
    Yesterday, out of nowhere, ESS started to block any kind of communication to my PC. When I disable the firewall, everything is just fine.

    When I enable it I can't log into it.

    I tried to find the error so I checked the log file and always when I try to login ESS detects a TCP port scan and shuts down any traffic. The router is forced to reboot.

    I tried to define the router IP as trusted, tried to add a new trusted zone, tried to add a complete new profile with new rules, tried to reinstall, but it is still giving me port scan messages and is blocking packets.

    The only way that works is to exclude the router's IP from IDS. But is my PC safe when I do that?
    Should I activate Windows 7 firewall instead?
     
    Last edited: Feb 25, 2011
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Some devices perform port scan attacks and need to be excluded from active protection. I don't think that your router might become compromised somehow so excluding its IP address from active protection should expose you at risk.
     
  3. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    Thank you for your reply.

    The problem isn't solved. ESS is still blocking traffic to the router. I tried to solve the problem by entering a firewall rule that allows every traffic from my PC to router and back on any port.

    Are you sure this safe?
     
  4. Gosman

    Gosman Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    22
    Bigabe,

    Try to configure the modem like a bridge type, not PPPoEt. And check is ESS still blocking traffic...

    P.S. Also in PPPoEt mode change the name, change the IP (by the way change your standard IP 192.168.1.xxx, some modems blunt if you change all the digits of IP...Well, after this you can try to make a new rule again
     
    Last edited: Feb 25, 2011
  5. Bigabe

    Bigabe Registered Member

    Joined:
    Feb 12, 2011
    Posts:
    58
    Thank you for your answers.

    I've solved the problem. My router has a function that scans every device in its network for every running processes, so I just have to click on my PC per example and can see if there are any netbios services or anything.
    ESS thinks this is an attack and closes everything.

    I turned the service of the router of and now everything is just fine. ;)
     
Thread Status:
Not open for further replies.