Jump to content

I am having network leaks


Recommended Posts

Guest Dvx

What I want :

block any networking activity even on network's card activation.

What I do

I set up a new firewall Profile

I set up a new rule blocking any input or output for all ports all protocols etc

I moove up that rule up above every pre-defined rules

I set up that new profile as the Default Profile

 

The test :

I disable my network card and enable it again

The result :

it's written "network" on network connexion on windows, ie the card could have connect to the modem

when i check "arp -a" in the console i see that my local IP adress is the one that has been assigned by my modem (DHCP is working)

The expected result :

as no network activity should have happened, DHCP shouldn't have worked and i shouldn't have the IP assigned by the modem

in the network connections ( control panel, network and internet) the ethernet network should be declared as "unidentified network"

 

The investigation :

if i assign my "BLOCK ALL" rule to "All profiles", de-activate and activate the network card again

the network is declared "unidentified network", then nothing leaked then it's what happened.

 

Conclusion
Did I miss something or do the firewall start on "No Profile" before switching to the selected profile, and leaking then some activity on the network?

Link to comment
  • Administrators

If you want to block network communication completely, including WIndows and AV updates, create a generic blocking rule and place it in the list of rules above the built-in rules.

Link to comment

If you are using an Ethernet connection, simply unplug the Ethernet cable.

Otherwise, disabling IPv4 and IPv6 for the network connection should block all network traffic to that network connection.

Link to comment
Guest Guest Dvx

Marcos

Quote

If you want to block network communication completely, including WIndows and AV updates, create a generic blocking rule and place it in the list of rules above the built-in rules.

That is exactly what i've done

itman
 

Quote

If you are using an Ethernet connection, simply unplug the Ethernet cable.

Otherwise, disabling IPv4 and IPv6 for the network connection should block all network traffic to that network connection.

If i wasn't frustrated by the issue i would have smiled. Actually i want to allow what i choosed to allow starting from a "block all input all output".
Actually my bad, i didn't say that I wanted to block everything expect what i allow.

From what I see, i could as I said put a generic rule for "ALL PROFILE" forbidding everything, but i prefer not touching to the "NO PROFILE" and then if I switch to "NO PROFILE" i would return back to the less restricted profile with the default eset's firewall rules.

 

Link to comment
  • Administrators

You'd need to put any custom permissive rules above the generic rule blocking all communication.

If it doesn't work for you, please provide logs collected with ESET Log Collector for a check.

Link to comment
Guest Dvx
3 hours ago, Marcos said:

You'd need to put any custom permissive rules above the generic rule blocking all communication.

If it doesn't work for you, please provide logs collected with ESET Log Collector for a check.

you didn't even try to read my post...

Link to comment
  • Most Valued Members

Maybe I'm reading it wrong myself and my experience with networking is very limited but you mentioned wanting to block the network but also allow some programs access which is confusing me

Link to comment
Guest Dvx

I am from linux (iptables) where i would set the input and output policy to drop and set the specific rules I want to allow.

I tried to reproduced the same with eset so

the first step would be to block everything, and then the second step to allow what i choosed to allow.
But the eset's profile manager seems buged as when an interface is being activated the global selected profile in profile manager is not activated, it is first the "no profile" with global rules and then it seems to switch to the choosed profile in the firewall's profile manager. (i verified using wireshark)

Whatever it seems a bit overkill to do so but i wanted to know if it is really a bug or if i missed a feature in the AV.

Link to comment
Guest Dvx

The first step is not the aim. I intented to check that i was really blocking everything before i start setting the firewall.

Link to comment
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...