Jump to content

Blocked connection with EIS firewall


Recommended Posts

Hello,

I noticed that by activating the rule "DNS poisoning attack detection", my connection is randomly blocked for a few seconds (it comes back later). This happens so regularly that you can't watch streaming without jerks. This is not a rule checked by default. Is it important?

Thank you.

Link to comment
Share on other sites

  • Administrators

It sounds like various parts of the video are downloaded from a domain that resolves to different IP addresses. Since the DNS cache poisoning detection is disabled by default and enabling it causes FPs for you, I'd suggest keeping it disabled.

Link to comment
Share on other sites

Thank you, but is there not a security risk? By default, this rule is disabled, why? Are they aware of this problem? This does not necessarily happen during a streaming, it also occurs during surfing on various websites.

Link to comment
Share on other sites

11 minutes ago, n0zkl3r said:

Thank you, but is there not a security risk? By default, this rule is disabled, why? Are they aware of this problem? This does not necessarily happen during a streaming, it also occurs during surfing on various websites.

If Eset IDS protection detected a DNS poisoning attack, there should be entries to that effect in the Eset Network Protection log. If there are no log entries to this effect, then your Internet connection issue is not related to this IDS setting.

Link to comment
Share on other sites

Do you recommend leaving EIS default? By default, several features like the detection of potentially dangerous / unwanted applications is not enabled. Please help me, when I activate some options, my connection is unstable. By default, everything is fine, but I feel not to enjoy 100% EIS.

Link to comment
Share on other sites

  • Administrators

As for detection of potentially unsafe and unwanted application, the decision is up to you. Both detections are optional. In case a particular application is detected and you want to use it intentionally, you can exclude it from detection by the detection name (e.g. a kind of a hack tool, password viewer, etc.).

Do you mean that after disabling DNS cache poisoning detection your connection becomes stable?

Link to comment
Share on other sites

9 hours ago, n0zkl3r said:

Please help me, when I activate some options, my connection is unstable. By default, everything is fine, but I feel not to enjoy 100% EIS.

Proper diagnostic procedure in regards to optional or non-default settings of software of any type is as follows.

Modify settings one at a time. After each modification, perform necessary functional testing to ensure the change is performing as designed/stated and is not adversely impacting the specific software or other system operations. This is also the only way to definitively identify specific software issue/s.

The worse thing that can be done is to en-mass modify settings since it becomes impossible to identify which change resulted in adverse software or system operation.  

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...