Jump to content

TCP Flooding Attack in DLNA service - ESS 4.0.437.0


xicoescuro

Recommended Posts

Hi everyone!

As told in topic title my problem is this: A LCD Samsung TV with DLNA service, routed to my PC, and when I share more than two files in same type (.jpg, .avi, ...) the DLNA player in TV gets an error and closes the connection.

Found in ESS firewall log many entries "... Detected TCP Flooding attack", and the only way to get over this is by deselecting "TCP protocol overload protection" in IDS and advanced options (in ESS firewall advanced setup).

But this way I am exposed to other "non-false" attacks and I can't solve this problem by any other way - I've already tried to create a new zone with LCD IP, added this very same IP onto Trusted Zone, and gave full permission to the connections applications (Samsung PC Share Manager, WiselinkPro.exe and http_ss_win_pro.exe.

Any suggestions?

Thanks in advance, and...

All my best!

Link to comment
Share on other sites


  • Replies 6
  • Views 1.2k
  • Created
  • Last Reply

If I were you I'd just disable the option, I believe if you're behind a router you're not in danger anyway.

Link to comment
Share on other sites


If I were you I'd just disable the option, I believe if you're behind a router you're not in danger anyway.

Thanks again.

Yes, Shought... I'm behind a Linksys Router with Sveasoft firmware (Version: Talisman/Basic V1.3.1), that I think has a good setup.... and, for sure, was an option I though for seriously... in fact I didn't have any other TCP flooding attack before...!

In case I can't get any other solution, probably I will do that!

All my best

Link to comment
Share on other sites


In case you wanted to enable the firewall side of NOD32, you can just make rule to allow any packets/traffics from/to your LCD IP address. While still filtering other packets/traffics from other IP addresses. So essentially, you made a whitelist which contains only your LCD IP address (and other IP addresses on your LAN, if you like).

Link to comment
Share on other sites


In case you wanted to enable the firewall side of NOD32, you can just make rule to allow any packets/traffics from/to your LCD IP address. While still filtering other packets/traffics from other IP addresses. So essentially, you made a whitelist which contains only your LCD IP address (and other IP addresses on your LAN, if you like).

One more time, thanks.....

I tried to do that.... but not working.... created a new rule, with LCD IP, valid to all applications, and all ports, bu, still the same!

All my best!

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...