Jump to content

Archived

This topic is now archived and is closed to further replies.

BlargBurger

Firewall messing with internet

Recommended Posts

I've been having some issues for a while, where my internet will randomly craps out completely. Usually windows will give an error that the default gateway is not available. I've run dozens of virus checks and other attempts to see if it's anything malicious, but I haven't found anything remotely suspicious. I decided to check ESET's firewall to see if that was causing issues, and I found that when my internet craps out, I usually get 200+ (often over 300) instances of svchost.exe being blocked, in addition to various other regular programs (such as steam, System discovery, etc.). None of these programs seem to be doing anything malicous. I can usually restart the internet, and everything is fine. I've also noticed that when my computer exits it's screen saver it seems to do it as well, and I need to manually connect to my router.

I restarted all my firewall settings to default, even though I don't think I messed around with it too much, and it resolved the issue completely for about a week, now it's doing it again. I've attached a screenshot of the blocks it does as soon as I login after booting the PC, I will try to post another if I manage to get it acting up again. I've been meaning to factory reset my router as well, but none of the times I've done that has seemed to do anything to alleviate the issue.1635295813_Startupblock.thumb.png.ca4611572230630a6096e00cdd709853.png

Share this post


Link to post
Share on other sites

Do you use automatic firewall mode, have no custom rules created and your LAN is in the trusted zone? I assume you don't have trusted zone configured properly, most likely you didn't select it as Home/office network upon detection. According to the firewall troubleshooting wizard, you have some communication blocked that is allowed in the trusted zone by default.

Share this post


Link to post
Share on other sites

Is IP address, 10.0.0.245, the IP address assigned to your router?

Most of the blocked network traffic shown by Network Wizard is the result of SSDP activity. Most routers have UDP activated. The router is using SSDP; i,e, UDP protocol via port 1900 to discover devices on the network.

If you are using the Eset firewall Public profile, the above inbound network traffic will be blocked by default. If this is desired behavior, you have the following choices in regards to eliminating inbound SSDP network traffic on the device:

1. Disable UDP on the router. Could bust something.

2. Disable Win SSDP service startup.

3. Create an Eset firewall rule to allow inbound UDP protocol traffic. Local settings are port 1900 with Application set to C:\Windows\System32\svchost.exe. Remote settings are IP address 10.0.0.245.

4. Let Network Wizard auto create the firewall rule by selecting the Unblock tab. Then modify the created rule to conform to the specification stated in 3).. Namely, add the IP address given to the rule's Remote IP address setting.

Note: If the router has been hacked, allowing inbound port 1900 UDP traffic from it could allow an attacker remote control of your device. All such inbound traffic needs to be restricted to the local network. Allowing inbound port 1900 UDP traffic from the IP address associated with the router is a potential security risk as such.

Share this post


Link to post
Share on other sites
17 hours ago, Marcos said:

Do you use automatic firewall mode, have no custom rules created and your LAN is in the trusted zone? I assume you don't have trusted zone configured properly, most likely you didn't select it as Home/office network upon detection. According to the firewall troubleshooting wizard, you have some communication blocked that is allowed in the trusted zone by default.

I am using automatic firewall, I don't have any custom rules, as for the trusted zone I made sure it was set for Home/office, it was still acting up though. I made sure to manually change the protection type on known networks to Home or Office network.

 

8 hours ago, itman said:

Is IP address, 10.0.0.245, the IP address assigned to your router?

Most of the blocked network traffic shown by Network Wizard is the result of SSDP activity. Most routers have UDP activated. The router is using SSDP; i,e, UDP protocol via port 1900 to discover devices on the network.

If you are using the Eset firewall Public profile, the above inbound network traffic will be blocked by default. If this is desired behavior, you have the following choices in regards to eliminating inbound SSDP network traffic on the device:

1. Disable UDP on the router. Could bust something.

2. Disable Win SSDP service startup.

3. Create an Eset firewall rule to allow inbound UDP protocol traffic. Local settings are port 1900 with Application set to C:\Windows\System32\svchost.exe. Remote settings are IP address 10.0.0.245.

4. Let Network Wizard auto create the firewall rule by selecting the Unblock tab. Then modify the created rule to conform to the specification stated in 3).. Namely, add the IP address given to the rule's Remote IP address setting.

Note: If the router has been hacked, allowing inbound port 1900 UDP traffic from it could allow an attacker remote control of your device. All such inbound traffic needs to be restricted to the local network. Allowing inbound port 1900 UDP traffic from the IP address associated with the router is a potential security risk as such.

It was the IP address assigned to the router, I had to reset it as I lost my password for it, and I forgot to write it down. I I took the time to look through everything, I didn't see any settings for UDP, but I did see a setting for UPnP under system discovery turned on, is that related?

----

While I was digging through the router settings after resetting, I didn't return the ipv4 security to the typical I originally had it on, and left it on the default minimum setting. Typical apparently blocked ICMP requests on WAN-to-LAN, I don't entirely know what those are, but a quick google check says they are related to errors? Could that have been the culprit?

Share this post


Link to post
Share on other sites
18 hours ago, BlargBurger said:

I didn't see any settings for UDP, but I did see a setting for UPnP under system discovery turned on, is that related?

Yes, this is the SSDP Win service I previously referenced.

18 hours ago, BlargBurger said:

Typical apparently blocked ICMP requests on WAN-to-LAN, I don't entirely know what those are, but a quick google check says they are related to errors?

Is your ISP AT&T and are you using one of their provided gateway/routers? If so, who is the manufacturer of the router.

Share this post


Link to post
Share on other sites

No, my ISP is xfinity, and the router is an ARRIS router.

----

I disabled UPnP, and set up a bunch of custom rules by manually unblocking the legitimate traffic, so far the computer hasn't blocked anything on startup, and I haven't had it randomly cut out yet either (although it has good and bad days for that). I appreciate your help, and I will definitely keep in touch and keep an eye on this thread if anyone else has any other suggestions.

Also, just to make sure I haven't somehow didn't set up my trusted zone properly, under the 'connected networks' tab, the connected network should state 'home or office network' beneath it, correct? If so, then perhaps I managed to either on the router or eset set the settings a bit too high?

 

Share this post


Link to post
Share on other sites
46 minutes ago, BlargBurger said:

Also, just to make sure I haven't somehow didn't set up my trusted zone properly, under the 'connected networks' tab, the connected network should state 'home or office network' beneath it, correct? If so, then perhaps I managed to either on the router or eset set the settings a bit too high?

When Eset Home/Office profile is selected, local subnet IP addresses are automatically populated to the Trusted Zone. Eset firewall default rules will used this Trusted Zone as applicable depending on the local subnet traffic being monitored.

Under normal local network configurations, no IP addresses need or should be added to the Trusted Zone.

Share this post


Link to post
Share on other sites

Hello, I'd figure I'd give this an update, the issue of the internet randomly disconnecting has seemingly come back. I've been checking my firewall, and it is no longer blocking anything now. So I'm thinking that the firewall going crazy may have been a symptom and not necessarily a cause of what is going on.

I've noticed that this issue seems to happen when my internet is under high usage (Ie. watching videos, communicating with friends, while Downloading 50+gb worth of games off of steam, which unfortunately in this day in age, most modern games are by themselves 50+gb.) and once it goes, it tends to fail repeatedly afterwards, giving it a break for the evening tends to return it to normal.

I know this isn't necessarily the place to discuss non-eset issues, but could it just be the wireless adapter crapping out? I've noticed that I get the error 'default gateway is not available' when I run the troubleshooter, and restarting the adapter seems to resolve it (albeit temporarily when it's acting up). I've made sure it's not running in power saving mode, but it is a factory default adapter that came with the motherboard. I'm not necessarily expecting an answer, as this is no longer eset advice, but I'd figure I'd mention it since the firewall I was initially blaming may not actually be the culprit after all.

Share this post


Link to post
Share on other sites

Could be that your ISP is "throttling down" your Internet connection speed. Not unheard of on unlimited data plans with high speed; e.g. 1GB+, connections. This usually manifests during peak Internet usage times like during daytime working hours.

Share this post


Link to post
Share on other sites

I have the 'default gateway not available' every time I try and use Zoom on my desktop (old upgraded Dell laptop w/ SSD, Windows10, Office 2010, ESET Internet Security.)
Conference calls on iphone are are making me go blind too soon. Any suggestions to get default gateway cooperation are appreciated! (I am def not IT-proficient so please dumb it down a notch - thanks)

   

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...