Request for additional logginf info

Discussion in 'ESET Smart Security' started by LoPhatPhuud, May 4, 2009.

Thread Status:
Not open for further replies.
  1. LoPhatPhuud

    LoPhatPhuud Spyware Fighter

    Joined:
    Jul 19, 2003
    Posts:
    45
    Location:
    Albuquerque, NM
    I have logging turned on for blocked items to see what the firewall is doing. These following entries were from this morning:
    5/4/2009 10:48:10 AM Packet blocked by active defense (IDS) 89.202.157.201:80 192.168.1.102:49349 TCP
    5/4/2009 10:48:04 AM Packet blocked by active defense (IDS) 89.202.157.201:80 192.168.1.102:49349 TCP
    5/4/2009 10:44:24 AM Packet blocked by active defense (IDS) 89.202.157.203:80 192.168.1.102:49243 TCP
    5/4/2009 10:35:03 AM Packet blocked by active defense (IDS) 89.202.157.209:80 192.168.1.102:49184 TCP

    The 89.202.157.209 IP is ESET. It would be nice if you can indicate which IDS rule did the block. THere is no pattern to block like this (I see one or two a day) and turning the rules off one by one is no guarantee that I will find the one actually used.

    How about more info so I can see what the FW is actually doing?
     
    Last edited: May 4, 2009
  2. LoPhatPhuud

    LoPhatPhuud Spyware Fighter

    Joined:
    Jul 19, 2003
    Posts:
    45
    Location:
    Albuquerque, NM
    Continuing saga of firewall problems..

    Yesterday the firewall began recording IDS blocks to my routero_O? Here is a sample entry from today:
    5/14/2009 10:00:36 AM Packet blocked by active defense (IDS) 192.168.1.102:49634 192.168.1.1:80 TCP

    Never seen this one before and now I have over 100 of them! What is happening? I have made no changes to my system or ESS software.

    Other sites have been randomly blocked by the IDS Module n the past and there is never any definitive reason given. How about expanding the info to include the IDS rule that created the block?

    I requested more info already in a prior post here:
    https://www.wilderssecurity.com/showthread.php?t=241251


    Steve Ward
    MVP Consumer Security 2005-2009
     
Thread Status:
Not open for further replies.