Jump to content

Zurd

Members
  • Content Count

    33
  • Joined

  • Last visited

Profile Information

  • Location
    Canada

Recent Profile Visitors

357 profile views
  1. No worry, those are all wired computers in an office :)
  2. Thanks for the info, it definitely makes sense to add the network in the trusted zones, especially if it's a Windows domain so that everything that is remote from the server can work as expected.
  3. Anyone has any thoughts about adding the whole network like 192.168.0.0/255.255.255.0 in the Trusted zone? It allows ping to the computer but at the same time, I wonder why you would want to put the whole network as trusted. What if a computer is infected and start attacking other computers on your network? Shouldn't the Trusted zone always be empty? https://help.eset.com/ees/7/en-US/trusted_zone.html
  4. Indeed, an alert message coming from ESET's software is not ESET problem. The developer's of ESET never put that message there, they have nothing to do about it, this is basic computer knowledge :)
  5. You should have posted this before or just answered my questions better and we wouldn't have wasted so much time. You should add this information about IDS exceptions of duplicate IP in your knowledge base, that will save time for others: https://support.eset.com/kb3430/?viewlocale=en_US
  6. After some research, I just found out there is an option already in ESET in IDS to disable the duplicate IP addresses messages. You do not need to whitelist any IP which would be a bad security decision and which shouldn't be suggested by ESET's administrators. To disable those warning, go into Settings / Network Protection / Network Attack Protection / IDS Exceptions, click Edit then Add. Choose Duplicate IP addresses and set to No all of them which are Block, Notify and especially Log so you will not see those alerts in ESET RAC. If you have ESET RAC, you can create a custom policy with this and assign it to all of the computers easily.
  7. Yes, there is a duplicate IP detected. I don't have to do this test, I believe you that there is one. That is not the issue. Like I said before, what about having an option in ESET to not warn about duplicate IP? But just those warnings without having to whitelist anything.
  8. Yes, if I whitelist the IP range in ESET's IDS (Intrusion Detection System), I won't be notified about duplicate IP addresses. However, I also won't be notified when a real intrusion or attack occurs. We might as well uninstall ESET's firewall? Wouldn't that achieve the same goal? I don't understand why you say it has nothing to do with ESET. The warning message of duplicate IP comes from the software ESET. It has everything to do with this software. Wouldn't it be a good idea to add, in the future, an option to not warn about duplicate IP?
  9. If we set an IDS exclusion for an IP range, doesn't that defeat the purpose of having ESET's firewall? Isn't there any other solution like an option to disable the duplicate IP message? Whitelisting IP's just for a false positive is extreme. It's actually more than just a false positive, it's just a duplicate IP, it is in no way an attack on the network.
  10. Products used: ESET Endpoint Security 7.0.2091.0 with ESET Management Agent 7.0.577.0 and Detection Engine 19287 (20190501) Operating System: Windows Server 2016 Standard and Windows 7 or 10 computers ESET RAC: ESET Security Management Center (Server), Version 7.0 (7.0.577.0) and ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) Problem: Both ESET RAC and each computer running ESET Endpoint Security will display an alert message saying "Duplicate IP addresses on network" but there shouldn't be any message. Cause of the problem: It can be easily reproduced by logging with a VPN then with RDP. Details: Let's say you have a Windows Server with a DHCP service and also a VPN service. The DHCP range is 192.168.0.50 to 192.168.0.100. On your own network, log in with a VPN to this Windows Server. This will make the server give you an IP address, for example 192.168.0.60, you can see it by running ipconfig on your own computer, there will be a PPP adapter section. Then, log in with RDP to a computer on the network of the Windows Server, for example 192.168.0.55. At this point, the Windows Server will have in its DHCP table, the IP 192.168.0.55 as a type DHCP for the computer on it's network and also the IP 192.168.0.60 as a type RAS (Remote Access Service) which comes from the VPN and more specifically in Routing and Remote Access Service in Server Manager of the Windows Server. To sum it up, there's is no duplicate IP but ESET thinks that there is and it will report the VPN IP 192.168.0.60 as a duplicate IP. ESET's knowledge base doesn't have a solution: https://support.eset.com/kb3430/?viewlocale=en_US One solution would be to whitelist all the IP of the DHCP server but this is a dirty solution as you want to be alerted if something is not a false positive on your network. More information on whitelist here: https://support.eset.com/kb2939/ A better solution, would be to restrict the IP given out of the Windows Server of the VPN to something like 192.168.0.200 to 192.168.0.220 and then whitelist only those IP's but I would prefer not to whitelist anything.
×
×
  • Create New...