philips 2 Posted ... Hi Evrybody, Since Yesterday, my antivirus (Kaspersky Internet Security 2016) has detected 3 network attacks when I was connected to Netherlands servers. The Intrusion prevention module says that the "network attack has been blocked. The details are:UDP against "ip adress" on the port 1434 The ip adresses are:- 120.193.156.174- 219.140.181.106- 221.232.247.2 I'm a little worried about that because it's the first time. Is it normal, like false-positive? Best Regards Philips Quote Share this post Link to post
zhang888 1066 Posted ... That can only happen if you have some ports forwarded. Otherwise when you are connected to a server, no traffic from the internet canreach your machine. If you are sure you were connected to the VPN server while you saw these messages, then it is a false positive. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
philips 2 Posted ... Hi! Thanks for your answer. I don't have any forwarded ports. I'm sure I was connected on VPN, but I have some troubles with Kaspersky firewall and Windows Firewall Network locking from Eddie. I think that y conection is leaking sometimes. I'm waiting Eddie 2.11 to solve ths problem I was very surprise because the detected attacks wer from 3 differents IP adresses, and every ip were located in China. The first day, the two different adresses were from the same city. So, I think the attack comes from outside VPN servers. I was connected to a public wifi. Quote Share this post Link to post
zhang888 1066 Posted ... When you are connected to the VPN and it's used as your default route, there is no way for outside traffic to reach your router and/or deviceswithout forwarded ports. That's why port forwarding is offered as a feature. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
WxjThf8HJV5ShAQ 1 Posted ... I saw these attacts too and I do have ports forwarded. It flooded and brought down my VM. Will need to figure out a way to throttle connection coming into those forwarded ports. Quote Share this post Link to post
Staff 10014 Posted ... Hi! Thanks for your answer. I don't have any forwarded ports. In this case what Kaspersky reported pertained to your "real" IP address. I'm sure I was connected on VPN, but I have some troubles with Kaspersky firewall and Windows Firewall Network locking from Eddie. I think that y conection is leaking sometimes. I'm waiting Eddie 2.11 to solve ths problem Don't do this. You have two processes competing to modify concurrently the packet filtering tables of your system with unpredictable outcome. In Windows, if you run a third-party firewall, you must not activate Network Lock, because it uses Windows Firewall. You can test Eddie 2.11.8 beta for Windows which implements, by default, a Network Lock using Windows Filtering Platform, instead of the Windows Firewall. As long as your third-party firewall does not modify WFP rules and does not set interfering rules, you can run the third-party firewall and keep Network Lock WFP active. To download Eddie 2.11.x beta please see here:https://airvpn.org/topic/18625-eddie-211beta-available/ Kind regards Quote Share this post Link to post
philips 2 Posted ... Hi!Thanks for your answer. I'm downloading Eddie 2.11.x beta. I will try it Best Regards Quote Share this post Link to post
philips 2 Posted ... Hi! I have downloaded it but I have a problem with the checksum. I don't have the expected ones. With eddie-ui_2.11_windows8_x64_installer.exe, I have: MD5: 0481a56af836133350e18e4c6834e1ecSHA1: 5f7600f7803db667d6d9736f4a47865c61dcc166SHA256: cebb75efb0630b53edfceb17fa348d62ed2c19a88db641f73fb0ba6a884295feSHA512: c30e44176f06e6fe934cf35b02b17ba55927736220c573a821bed9eee7ccd2f4ab129bb95024939a63930fb0646955a8f2d13e8e91b053a423106116aaed2979 When I check signature on the website, I find: MD5 5c70c63ce910022ad5e7a9a8b4a1c1c0 SHA1 ed165ccacaf1ad51ed8006a4db2a917a4994b4da SHA256 b9be8ff27fb03008d25e687fe1f95872f76c2a848e610bf6620b187189e45af0 SHA512 048cc82c3282471667f308b90edf8e1bd4dcc11b51970d0db27505e1804894053f626aac4ed315f9ff6c37a7aa74bbce116a8000d0ccd75ec2facb3ba4529087 Is it normal? Best Regards Quote Share this post Link to post
Staff 10014 Posted ... @philips The error is on our web site, the signatures you published for that package are correct, we're going to investigate the issue very soon. To make it clearer, on the 64 bit package: $ openssl sha256 eddie-ui_2.11_windows8_x64_installer.exeSHA256(eddie-ui_2.11_windows8_x64_installer.exe)= cebb75efb0630b53edfceb17fa348d62ed2c19a88db641f73fb0ba6a884295fe Kind regards Quote Share this post Link to post
philips 2 Posted ... Hi!Thanks for the answer. Good to hear that! Best Regards Quote Share this post Link to post