itman 1,659 Posted June 23, 2021 Share Posted June 23, 2021 (edited) Last week my router was hacked. It initially manifested as a NetBIOS issue and went downhill from there. After resetting the router, I decided to "take the network bull by the horns" and lock down all my local device network settings. I disabled NetBIOS on my device's network adapter. I disabled LLMNR via Windows registry setting. Finally, I disabled all Eset firewall services other than RPC. Again, my PC is the only computer on my local network and I don't need to connect to any other network devices other than the router. After disabling Eset's multicast and WSD services, I now observe the following device inbound network traffic being blocked at system startup time per below screen shot: Now I know what the inbound DVR connection is about. The inbound wireless connections are suspect since I am using an Ethernet connection on my device. However, this type of blocked local network traffic is what I expected to see. The issue is why weren't these connections blocked previously on the Public profile prior to disabling Eset above noted services? None of the connections shown in the screen shot are "Trusted" network connections. As such, they should have been blocked with the associated services enabled and their corresponding Eset firewall rule settings. Edited June 24, 2021 by itman Link to comment Share on other sites More sharing options...
Solution itman 1,659 Posted June 25, 2021 Author Solution Share Posted June 25, 2021 I found out what the problem is here and it is not an Eset security issue. In my haste to prevent the effects of another router hack, I had removed my device's assigned DHCPv4 IP address from the Eset network connection Trusted Address list associated with my active network adapter. Eset's Public profile is so strict, it will actually block all internal traffic originating from your own device. For example, outbound traffic from your own device to other devices on your local network ends up being interpreted by the Eset firewall as inbound traffic from your device to whatever local network device attempting to be connected to. The end result is all this type traffic is blocked. Link to comment Share on other sites More sharing options...
Recommended Posts