No Internet access

Hello,

I am a fan of NOD32 since the early V4. But I had to switch back to Mictosoft essentials and MalwaresBytes. Now I am back to use V5. I just love it, so cool and easy to use and fast for my old laptop.

But I have a problem: I have 2 connections in the house. One DSL and one cable, when i want to connect to the router of DSL it's OK, when i want to connect to router of cable it's not. and Vice versa, if I connect first with router of cable it works and it doesn't work with router of DSL.

So what I did is I disabled the firewall and everything worked. So I think this has something to do with that. So How can i fix it? like allow the routers to connect to my laptop without any problems?

Here's the log files:

Code:

8/7/2012 10:23:50 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
8/7/2012 10:16:04 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
8/7/2012 10:08:04 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
8/7/2012 9:41:52 AM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.100	ARP			
8/7/2012 9:41:52 AM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
8/7/2012 9:16:30 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:16:20 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:16:10 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:16:00 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:15:50 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:15:40 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:15:29 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:15:19 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:15:08 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/7/2012 9:14:58 AM	Detected covert channel exploit in ICMP packet	192.168.1.100	98.139.183.24	ICMP			
8/6/2012 11:04:17 PM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP			
8/6/2012 11:04:17 PM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.100	ARP			

Thank you

 

From where I'm sitting it could be one of two things, you already have a firewall in your router so there's no need of another, the other issue may be an infection. Don't go away somebody should be along shortly to give you better qualified assistance..

 

Have you tried solving the IP address conflict that is logged in the firewall log? Also try adding the local subnet to the list of addresses excluded from active protection in the zone setup and see if it makes a difference.

 

Thanks Marcos. How to do that? I have no idea really.

I used Kaspersky for 30 days and it was OK but "heavy" no connection problem at all.

I hope you can direct me to a way to solve that problem. I don't know really how to add addresses and what addresses really to add..

 

In the main ESS pane, navigate to Setup -> Network -> Configure rules and zones. On the Zones tab, double-click "Addresses excluded from active protection" in the list. Click the "Add address" button and enter 192.168.1.1.

 

Thanks I tried that now. Will see tonight if it works.

I also bought an account for ESET security. I was using a 30 days one but now I am an actual customer

 

Hi again,

Unfortunately it didn't work

 

Could you please clear your firewall log, make sure than logging of blocked connections is enabled in the IDS setup, reproduce the issue and then copy & paste here the recent firewall log records? How many computers are in LAN given that an identical IP address was detected ?

 

Thank you.

Where do I enable logging of blocked connections?

I have 2 laptops only.

Here's the logs from today:

Code:

8/8/2012 11:12:36 PM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.101	ARP			
8/8/2012 11:12:33 PM	Detected ARP cache poisoning attack	192.168.1.1	192.168.1.100	ARP			
8/8/2012 11:12:33 PM	Identical IP addresses detected in network	192.168.1.1	192.168.1.100	ARP		

Thanks.

 

It's weird that ARP cache poisoning from the IP address 192.168.1.1 (your router) is still detected despite excluding this IP address from active protection. Just out of curiosity, disable detection of ARP cache poisonining in the IDS setup.
To enable logging of blocked connections, unfold the Troubleshooting section in the IDS setup and there you'll find it. Remember to always clear the firewall log after changing firewall settings and prior to reproducing the issue to ensue that only relevant records will be logged.

 

Thank you I did that.

I'll see what I do

I contacted the support and a guy replied:

Code:

Dear Customer,

Thank you for contacting ESET Support

Kindly change the personal firewall mode to learning mode and let us know the status.

If you need any further clarification feel free to get in touch with us at support@esetme.com

 

 

Regards

I didn't like that answer at all. You should be a real supporter in ESET

P.S: I used ESET 5 in the past and I never had this problem at all. This problem happens now when i switch between routers. But when I connect to a router alone it's OK, when i decide to switch it doesn't work.

 

The new logs after I applied the changes you told me about (attached) because the forum says it's too long.

 

I can confirm it's working now. But the logs are big. Is my firewall still working like before? or it's useless now?

 

Try enabling UPnP in the Trusted zone in the IDS setup. Also switch to learning mode for a while until all necessary rules are created, then switch back to automatic mode with exceptions (the firewall will prompt you to switch to another mode after several days but you can do that manually at any time).