Detected Network Attacks on Netherlands servers

[philips 2]

Hi Evrybody,

 

Since Yesterday, my antivirus (Kaspersky Internet Security 2016) has detected 3 network attacks when I was connected to Netherlands servers. The Intrusion prevention module says that the "network attack has been blocked.

 

The details are:

UDP against "ip adress" on the port 1434

 

The ip adresses are:

- 120.193.156.174

- 219.140.181.106

- 221.232.247.2

 

I'm a little worried about that because it's the first time. Is it normal, like false-positive?

 

Best Regards

 

Philips

[zhang888 1066]

That can only happen if you have some ports forwarded. Otherwise when you are connected to a server, no traffic from the internet can

reach your machine. If you are sure you were connected to the VPN server while you saw these messages, then it is a false positive.

[philips 2]

Hi!

 

Thanks for your answer. I don't have any forwarded ports.

 

I'm sure I was connected on VPN, but I have some troubles with Kaspersky firewall and Windows Firewall Network locking from Eddie. I think that y conection is leaking sometimes. I'm waiting Eddie 2.11 to solve ths problem 

 

I was very surprise because the detected attacks wer from 3 differents IP adresses, and every ip were located in China. The first day, the two different adresses were from the same city. So, I think the attack comes from outside VPN servers. I was connected to a public wifi.

[zhang888 1066]

When you are connected to the VPN and it's used as your default route, there is no way for outside traffic to reach your router and/or devices

without forwarded ports. That's why port forwarding is offered as a feature.

[WxjThf8HJV5ShAQ 1]

I saw these attacts too and I do have ports forwarded. It flooded and brought down my VM. Will need to figure out a way to throttle connection coming into those forwarded ports.

[Staff 9972]

Hi!

 

Thanks for your answer. I don't have any forwarded ports.

 

In this case what Kaspersky reported pertained to your "real" IP address.

 

I'm sure I was connected on VPN, but I have some troubles with Kaspersky firewall and Windows Firewall Network locking from Eddie. I think that y conection is leaking sometimes. I'm waiting Eddie 2.11 to solve ths problem

 

Don't do this. You have two processes competing to modify concurrently the packet filtering tables of your system with unpredictable outcome. In Windows, if you run a third-party firewall, you must not activate Network Lock, because it uses Windows Firewall. You can test Eddie 2.11.8 beta for Windows which implements, by default, a Network Lock using Windows Filtering Platform, instead of the Windows Firewall. As long as your third-party firewall does not modify WFP rules and does not set interfering rules, you can run the third-party firewall and keep Network Lock WFP active.

 

To download Eddie 2.11.x beta please see here:

https://airvpn.org/topic/18625-eddie-211beta-available/

 

Kind regards

[philips 2]

Hi!

​

​Thanks for your answer. I'm downloading Eddie 2.11.x beta. I will try it

​

​Best Regards

[philips 2]

Hi!

 

I have downloaded it but I have a problem with the checksum. I don't have the expected ones.

 

With eddie-ui_2.11_windows8_x64_installer.exe, I have:

 

MD5: 0481a56af836133350e18e4c6834e1ec

SHA1: 5f7600f7803db667d6d9736f4a47865c61dcc166

SHA256: cebb75efb0630b53edfceb17fa348d62ed2c19a88db641f73fb0ba6a884295fe

SHA512: c30e44176f06e6fe934cf35b02b17ba55927736220c573a821bed9eee7ccd2f4ab129bb95024939a63930fb0646955a8f2d13e8e91b053a423106116aaed2979

 

When I check signature on the website, I find:

 

MD5 5c70c63ce910022ad5e7a9a8b4a1c1c0 SHA1 ed165ccacaf1ad51ed8006a4db2a917a4994b4da SHA256 b9be8ff27fb03008d25e687fe1f95872f76c2a848e610bf6620b187189e45af0 SHA512 048cc82c3282471667f308b90edf8e1bd4dcc11b51970d0db27505e1804894053f626aac4ed315f9ff6c37a7aa74bbce116a8000d0ccd75ec2facb3ba4529087

 

 

Is it normal?

 

 

Best Regards

[Staff 9972]

@philips

 

The error is on our web site, the signatures you published for that package are correct, we're going to investigate the issue very soon.

 

To make it clearer, on the 64 bit package:

 

$ openssl sha256 eddie-ui_2.11_windows8_x64_installer.exe
SHA256(eddie-ui_2.11_windows8_x64_installer.exe)= cebb75efb0630b53edfceb17fa348d62ed2c19a88db641f73fb0ba6a884295fe

 

Kind regards

[philips 2]

Hi!

​

​Thanks for the answer. Good to hear that!

​

​Best Regards