DHCP blocked?

[ProfessorStrawberry 0]

Hello everyone,

 

I have some weird entries in my log file in ESS 9.

I even reinstalled ESET, but still I get the message, not always but sure a few times.

 

Even though there is the Default rule to allow DHCP at port 67, 68 which came with ESET, I still get the log entry about blocked connections:

 

As I am German I will translate this entry: Port von keiner Applikation verwendet; 0.0.0.0:68; 255.255.255.255:67; UDP;;;

 

Means Port not used by any application.

 

The entry came up today, at the time I updated the Firmware on my Router.

 

2 days ago when I reinstalled ESET, I got the entry too, right clicked on it, and clicked do not block similar entries in the future.

 

 

I am using Windows 10 x64, I am connected to ASUS RT-AC87U via 5GHz, ESET ESS9 newest version, Training mode enabled, logging to Diagnostic and I have Trusted zone entries as follows:

 

192.168.1.1 - 192.168.1.254, fe80::/64       By the way could I also enter 192.168.1.255?

 

Thank you for helping me

 

 

 

[Marcos 5,070]

I'd suggest uninstalling ESS and installing it from scratch. Should the issue occur right after installation without changing any settings or creating custom rules, run the Firewall troubleshooting wizard to get a list of recently blocked communications which will enable you to permit the desired one(s) with one or two clicks.

[ProfessorStrawberry 0]

Thank you for your answer,

 

I did in fact reinstall and also restarted a few time after that and I didnt apply any firewall rules yet.

 

Those are the default entries, when you tick show preconfigured firewall rules.

 

As you can see there is the DHCP entry with 67, and 68 for svchost, but still in the log file you can see 0.0.0.0:67 255.255.255.255:68 is blocked.

 

When I click it right click don't block any future connection like this- nothing happens!

[itman 1,659]

IP address 255.255.255.255 is a broadcast address DHCP uses when a router exists. DHCP does a number of "handshake" requests when it initializes. One of those is an inbound request from 255.255.255.255 to 0.0.0.0. Most third party firewall have a problem with this request since 0.0.0.0 and 255.255.255.255 are not a valid IP addresses to them since those address are not part of the trusted subnet i.e. 192.168.1.1 - 192.168.1.255.

Below are screen shots for the inbound Eset firewall rule I created to get around the problem:

Edited May 11, 2016 by itman

[ProfessorStrawberry 0]

Thank you I have thought about something like this.

 

Just one more question, then the thread can be closed.

 

My trusted zone is: 192.168.1.1-192.168.1.254 and fe80::/64

 

Would this be correct or can I also write 192.168.1.255?

 

Thanks alot

[itman 1,659]

I use a wireless connection so the router addresses are not explicitly defined in the trusted zone. Rather Eset assigns my router range automatically using the subnet coding of 192.168.1.0/255.255.255.0. As such, 192.168.1.255 is included.

 

For most routers, 192.168.1.255 is used for broadcast purposes and is also used as an address in the DHCP handshake process. As long as your router supports 192.168.1.255, I see no problem with adding it. It might just clear up your DHCP firewall issue w/o having to add the inbound rule I suggested; it didn't for me.