Daidai
-
Posts
29 -
Joined
-
Last visited
Posts posted by Daidai
-
-
-
-
Surely it is a genuine version.
Could someone please verify using LiveTCPUDPWatch whether this is normal?
-
Something could be hacking or exploiting your system, and Eset HIPS is defending which creates a lot of log entries.
-
-
-
Under
Windows Security->App & browser control->Exploit protection->Program Settings
there is 1 ekrn.exe system overide.Upon edit, I see
Validate handle usage
Raises an exception on any invalid handle references
is checked.Is this overide made by ESET intentionally?
-
11 hours ago, itman said:
Note that the above would be valid if the destination port was 67; refer to the following:
Next, note the following:
https://kb.eventtracker.com/evtpass/evtPages/PortNo_68_bootpclient_56538.asp
I can't help but think this is related to your obsession in blocking Eset connections to Google DNS servers and changes you made to Eset default firewall rules to accomplish this.
This happens even no device is connected to the router, so it is not related to ESET firewall.
-
8 hours ago, cutting_edgetech said:
When using proxies it is possible to spoof the last address that is forwarded to the destination IP address. They could be spoofing the last address so that it shows 0.0.0.0. It helps mask the attacker's exit node, making it more difficult to block the attacker's address. It still may be possible to see the attackers exit node address with a good packet sniffer like Wireshark.
Thanks, I will try and see.
-
I forgot to ask, how come the attacker's address is 0.0.0.0 ?
Please help, I don't want my network got breached again.
-
Sorry for the confusion,
1. is doing a TCP SYN flood at random ports.
2. 0.0.0.0 is doing a fraggle attack to destination 255.255.255.255 at port 68. (I just type what the router tells)
3. I did reset the router, changed default adminstration login password. I am confident it is a strong password.
-
No! please don't type the numbers, please use the picture I provided, I don't want to alert that IP owner and attack my router more!
My router says is doing a TCP SYN flood hundreds of time per day!
0.0.0.0 is performing a fraggle attack to destination 255.255.255.255 at port 68.
-
My router has been hammering by an IP 0.0.0.0 and .
Is there a way to escape from them, or find out who is behind this 0.0.0.0 ?
Thanks in advance.
-
They are finally available. But the "Number of users" is still yellow, can someone confirm on this?
-
I once have my router breached, then my laptop connected to it (even equiped with ESET firewall) was also breached. No idea how the intruder managed to do this.
-
2 hours ago, czesetfan said:
Interestingly, the reputation is still unknown. Is it really okay? How about you?
I made a poor presentation, the reputation is green. But the "Number of users" is red and "Time of Discovery" is still unavailable.
-
Thank you everyone.
I have a new question, any reply is welcome.
-
Thanks, I will wait and see.
-
It is me again.
EDGE and Firefox have automatically update itself today. Popups of ESET appeared asking for approval to allow them to access network. But upon investigation, I found they have a reputation of red and ESET is unable to recognize them.
Did someone get them hijacked or modified?
Please help again. -
I have set a rule to block any traffic going to/from 8.8.8.8 at the top of ESET firewall table, so it is unlikely my machine is infected.
According to eveyone in this thread, I can only assume ekrn is using 8.8.8.8 sometimes.
-
@Enrico
I have tried disableing the spam filter, sorry to say it remains the same.
@Marcos
The 8.8.8.8:53 connection at ekrn happens occasionally and randomly, it can appears at startup, after browsing the Internet, or when I am doing nothing.
@itman
I am sure to tell you this is not related to the Great Firewall. Under the 'One country two systems' policy, Hong Kong can use Google DNS servers.
I am starting to think is it possible that it is because I have disabled some default firewall rules? But I have leaved the "outbound DNS request" enabled.
-
@Macros
I checked the spam/junk folder, nothing was sent in.
@itman
I have added the two rules you mentioned, the same.
@Enrico
I will try that and keep an eye on ekrn.
By the way, I have changed the router, so it is unlikely this is caused by the old router.
-
The 8.8.8.8 ekrn connection even happens before I start anything. (I open ESET GUI right after Windows desktop appears)
Could someone tell me why can't I reveive response from ESET support? Not even the notification email.
-
15 hours ago, itman said:
Open a command prompt window. Enter:
ipconfig /all
In the displayed output, refer to the "DNS Servers" section. Do you see IP address 8.8.8.8 listed there?
No, just 192.168.1.1
The 8.8.8.8 ekrn connection does not always happen.
Empty dropdownbox in Service when creating/editing firewall rules after EIS upgraded to 17.0.15.0
in ESET Internet Security & ESET Smart Security Premium
Posted
The issue is resolved in 17.0.16.0, thank you ESET.