No Internet access

Discussion in 'ESET Smart Security' started by AkiraKonami, Aug 7, 2012.

Thread Status:
Not open for further replies.
  1. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    Hello,

    I am a fan of NOD32 since the early V4. But I had to switch back to Mictosoft essentials and MalwaresBytes. Now I am back to use V5. I just love it, so cool and easy to use and fast for my old laptop.

    But I have a problem: I have 2 connections in the house. One DSL and one cable, when i want to connect to the router of DSL it's OK, when i want to connect to router of cable it's not. and Vice versa, if I connect first with router of cable it works and it doesn't work with router of DSL.

    So what I did is I disabled the firewall and everything worked. So I think this has something to do with that. So How can i fix it? like allow the routers to connect to my laptop without any problems?

    Here's the log files:

    Code:
    8/7/2012 10:23:50 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
    8/7/2012 10:16:04 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
    8/7/2012 10:08:04 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
    8/7/2012 9:41:52 AM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.100	ARP			
    8/7/2012 9:41:52 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
    8/7/2012 9:16:30 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:16:20 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:16:10 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:16:00 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:15:50 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:15:40 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:15:29 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:15:19 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:15:08 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/7/2012 9:14:58 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
    8/6/2012 11:04:17 PM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
    8/6/2012 11:04:17 PM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.100	ARP			
    Thank you
     
  2. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    From where I'm sitting it could be one of two things, you already have a firewall in your router so there's no need of another, the other issue may be an infection. Don't go away somebody should be along shortly to give you better qualified assistance.. ;)
     
  3. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Have you tried solving the IP address conflict that is logged in the firewall log? Also try adding the local subnet to the list of addresses excluded from active protection in the zone setup and see if it makes a difference.
     
  4. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    Thanks Marcos. How to do that? I have no idea really.

    I used Kaspersky for 30 days and it was OK but "heavy" no connection problem at all.

    I hope you can direct me to a way to solve that problem. I don't know really how to add addresses and what addresses really to add..:(
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    In the main ESS pane, navigate to Setup -> Network -> Configure rules and zones. On the Zones tab, double-click "Addresses excluded from active protection" in the list. Click the "Add address" button and enter 192.168.1.1.
     

    Attached Files:

  6. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    Thanks I tried that now. Will see tonight if it works.

    I also bought an account for ESET security. I was using a 30 days one but now I am an actual customer :D
     
  7. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    Hi again,

    Unfortunately it didn't work :(
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Could you please clear your firewall log, make sure than logging of blocked connections is enabled in the IDS setup, reproduce the issue and then copy & paste here the recent firewall log records? How many computers are in LAN given that an identical IP address was detected ?
     
  9. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    Thank you.

    Where do I enable logging of blocked connections?

    I have 2 laptops only.

    Here's the logs from today:

    Code:
    8/8/2012 11:12:36 PM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.101	ARP			
    8/8/2012 11:12:33 PM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.100	ARP			
    8/8/2012 11:12:33 PM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP		
    Thanks.
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    It's weird that ARP cache poisoning from the IP address 192.168.1.1 (your router) is still detected despite excluding this IP address from active protection. Just out of curiosity, disable detection of ARP cache poisonining in the IDS setup.
    To enable logging of blocked connections, unfold the Troubleshooting section in the IDS setup and there you'll find it. Remember to always clear the firewall log after changing firewall settings and prior to reproducing the issue to ensue that only relevant records will be logged.
     
  11. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    Thank you I did that.

    I'll see what I do :(

    I contacted the support and a guy replied:
    Code:
    Dear Customer,
    
    Thank you for contacting ESET Support
    
    Kindly change the personal firewall mode to learning mode and let us know the status.
    
    If you need any further clarification feel free to get in touch with us at support@esetme.com
    
     
    
     
    
    Regards
    
    I didn't like that answer at all. You should be a real supporter in ESET :D

    P.S: I used ESET 5 in the past and I never had this problem at all. This problem happens now when i switch between routers. But when I connect to a router alone it's OK, when i decide to switch it doesn't work.
     
  12. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    The new logs after I applied the changes you told me about (attached) because the forum says it's too long.
     

    Attached Files:

    • logs.txt
      File size:
      576.8 KB
      Views:
      15
  13. AkiraKonami

    AkiraKonami Registered Member

    Joined:
    Aug 7, 2012
    Posts:
    8
    Location:
    LB
    I can confirm it's working now. But the logs are big. Is my firewall still working like before? or it's useless now? :(
     
  14. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Try enabling UPnP in the Trusted zone in the IDS setup. Also switch to learning mode for a while until all necessary rules are created, then switch back to automatic mode with exceptions (the firewall will prompt you to switch to another mode after several days but you can do that manually at any time).
     
Thread Status:
Not open for further replies.