unexpected data in protocol detection

Discussion in 'ESET Smart Security' started by jg88swe, Apr 13, 2009.

Thread Status:
Not open for further replies.
  1. jg88swe

    jg88swe Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    181
    Hello,
    I'm just curious what does this "detection" mean. I got tons of them. Wondering if it's another bug or maybe it's just me. But still, what's this?

    Detected unexpected data in protocol UDP

    No clue why or when this happens so, can't really tell you much more information. Just curious cause I got so many.
    ESS 4.0.314.0 Vista
     
  2. DarrenDavisLeeSome

    DarrenDavisLeeSome Registered Member

    Joined:
    Mar 23, 2009
    Posts:
    315
    Location:
    Riverside, CA U.S.A
    What is your network configuration?

    Modem? Wireless? Cable?

    Are you behind a Router? Wireless? Cable?
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    [Note: The information within this reply is based on my own findings. This is not an official response, nor is it based on info received]

    A quick answer: The data within the UDP packet is unexpected.

    A longer answer:

    When the firewall intercepts an inbound UDP packet then various checks are made, one of the checks is for packet content. For example. When an inbound UDP packet with remote port 53 is intercepted, it is expected to be a DNS reply, so the content of the packet must conform to the protocol, if not, then the packet will be dropped with a "Detected unexpected data in protocol" log entry.

    In your case it is not possible to say exactly what is being dropped, unless a capture of the dropped packets can be made.


    - Stem
     
    Last edited: Apr 14, 2009
  4. jg88swe

    jg88swe Registered Member

    Joined:
    Jul 1, 2004
    Posts:
    181
    That would be cable. :)

    Ah, thanks for the "unoffical" awnser. :)
     
Thread Status:
Not open for further replies.