Jump to content
n0zkl3r

Blocked connection with EIS firewall

Recommended Posts

Hello,

I noticed that by activating the rule "DNS poisoning attack detection", my connection is randomly blocked for a few seconds (it comes back later). This happens so regularly that you can't watch streaming without jerks. This is not a rule checked by default. Is it important?

Thank you.

Share this post


Link to post
Share on other sites

It sounds like various parts of the video are downloaded from a domain that resolves to different IP addresses. Since the DNS cache poisoning detection is disabled by default and enabling it causes FPs for you, I'd suggest keeping it disabled.

Share this post


Link to post
Share on other sites

Thank you, but is there not a security risk? By default, this rule is disabled, why? Are they aware of this problem? This does not necessarily happen during a streaming, it also occurs during surfing on various websites.

Share this post


Link to post
Share on other sites
11 minutes ago, n0zkl3r said:

Thank you, but is there not a security risk? By default, this rule is disabled, why? Are they aware of this problem? This does not necessarily happen during a streaming, it also occurs during surfing on various websites.

If Eset IDS protection detected a DNS poisoning attack, there should be entries to that effect in the Eset Network Protection log. If there are no log entries to this effect, then your Internet connection issue is not related to this IDS setting.

Share this post


Link to post
Share on other sites

Do you recommend leaving EIS default? By default, several features like the detection of potentially dangerous / unwanted applications is not enabled. Please help me, when I activate some options, my connection is unstable. By default, everything is fine, but I feel not to enjoy 100% EIS.

Share this post


Link to post
Share on other sites

As for detection of potentially unsafe and unwanted application, the decision is up to you. Both detections are optional. In case a particular application is detected and you want to use it intentionally, you can exclude it from detection by the detection name (e.g. a kind of a hack tool, password viewer, etc.).

Do you mean that after disabling DNS cache poisoning detection your connection becomes stable?

Share this post


Link to post
Share on other sites
Posted (edited)
9 hours ago, n0zkl3r said:

Please help me, when I activate some options, my connection is unstable. By default, everything is fine, but I feel not to enjoy 100% EIS.

Proper diagnostic procedure in regards to optional or non-default settings of software of any type is as follows.

Modify settings one at a time. After each modification, perform necessary functional testing to ensure the change is performing as designed/stated and is not adversely impacting the specific software or other system operations. This is also the only way to definitively identify specific software issue/s.

The worse thing that can be done is to en-mass modify settings since it becomes impossible to identify which change resulted in adverse software or system operation.  

Edited by itman

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...