Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Outpost bug?

  1. #1
    Senior Member
    Join Date
    Jan 2002
    Posts
    244

    Outpost bug?

    I did test Outpost firewall for two weeks and found some strange things in the log.
    It showed multiple portscans and even Rst attacks!{behind an xDLS router with NAT enabled!]

    Using Norton Personal Firewall 2001 i had never seen so many portscans and never Rst attacks!

    Only portscans on two websides!NEVER when i don t surf!

    So how can this happen i asked my self.

    Back to Norton and see if the attacks come up again!


    Nothing!!!..................Not 1 allert!

    So i mailed what i found to Agnitum[last sunday]Still no re.!

    A bug???????Don t know but i thought i post this to tell all?

    Any thoughts on this?Let me know.THX in adv.
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Perhaps your norton firewall is missing it entirely ?

    Perhaps due to your configuration with outpost, it was interpretting certain events as
    attacks?

    Just a couple of ideas...

    Neb

    You might want to include exactly what was being reported, that would help alot more in being able to decide definitively what was going on.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Junior Member
    Join Date
    Aug 2002
    Posts
    0
    I think it would have something to do with the configuration. Just my .2 cents.

  4. #4
    Senior Member
    Join Date
    Jan 2002
    Posts
    244
    It was no configuration fault,cos i did no special rules only access granted or blocked!

    And Norton did not miss them[100% sure]

    Rst attacks and portscans comming through the routers NAT?don t think so!
    Online tests show all attacks are stopped by the router![using Norton]
    So Norton did not miss them.
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    It was no configuration fault,cos i did no special rules only access granted or blocked!
    Exactly. If you were careless in what you selected to be blocked, outpost may have been intercepting the traffic and resetting it (if you selected not to do a silent drop). I am assuming by 'online tests show all attacks are stopped by the router' means that you went to something like shields up that tests this by scanning you from their site and that Norton is never seeing any traffic come in; however, since you didn't include anything specific it is very difficult to say.

    I would suspect that you were probably seeing outpost block netbios traffic (which I believe it does by default) and woudln't be suprised if it was blocking a little bit of your web browsing traffic since most of the newer web browsers like to make loopback connections to your PC and some things like instant messengers (they like to ping sites sometimes which outpost also blocks). If you provided specifically what happened, I could answer that for sure., otherwise there is little I can do other than to speculate what was actually going on.

    Neb
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    Is your version up to date?
    I have heard of some crashing problems with Outpost but never of false alerts.
    A config problem?
    A bad interaction with Norton?

    More info please.
    Life is boring. Play NetHack... --more--

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    244
    I was not careless in what i selected to be blocked.

    Thx all for your re.

    Tomorrow i will uninst.Norton and install Outpost.
    I ll be back.
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  8. #8
    By the way Kadeng, on the web site it tells you before you download Outpost, you should uninstall or close other firewalls before useing Outpost. Check the web page for more info.

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    244
    This is a copy of the attack detection.
    As you can see port scans.
    This was while i did p2p and was not at home.


    25-8-02 0:40:40 Connection request 24.222.221.252 TCP(2880)
    25-8-02 0:36:39 Connection request 24.222.221.252 TCP(2880)
    25-8-02 0:06:24 Connection request 24.141.152.88 TCP(2567)
    25-8-02 0:02:22 Connection request 24.141.152.88 TCP(2567)
    25-8-02 0:00:11 Connection request 24.222.221.252 TCP(2378)
    24-8-02 23:56:09 Connection request 24.222.221.252 TCP(2378)
    24-8-02 23:52:06 Connection request 24.222.221.252 TCP(2378)
    24-8-02 23:48:10 Port scanned 68.7.251.79 TCP(2310) TCP(2289)
    24-8-02 23:48:10 Connection request 68.7.251.79 TCP(2310)
    24-8-02 23:47:31 Connection request 68.7.251.79 TCP(2289)
    24-8-02 23:37:17 Port scanned 68.7.251.79 TCP(2133) TCP(2121)
    24-8-02 23:37:17 Connection request 68.7.251.79 TCP(2133)
    24-8-02 23:36:42 Connection request 68.7.251.79 TCP(2121)
    24-8-02 23:35:21 Connection request 24.79.21.24 TCP(2136)
    24-8-02 22:42:07 Connection request 211.196.154.199 TCP(4745)
    24-8-02 22:22:46 Connection request 68.67.37.216 TCP(1593)
    24-8-02 22:15:19 Connection request 66.122.182.75 TCP(1545)
    24-8-02 22:13:53 Connection request 66.122.182.75 TCP(1532)
    24-8-02 22:10:12 Connection request 24.196.166.162 TCP(1468)
    24-8-02 22:04:49 Connection request 24.196.166.162 TCP(1468)
    24-8-02 22:00:28 Connection request 24.196.166.162 TCP(1468)
    24-8-02 22:00:25 Connection request 65.95.255.64 TCP(1409)
    24-8-02 21:58:25 Connection request 65.95.255.64 TCP(1409)
    24-8-02 21:50:03 Connection request 24.196.166.162 TCP(1292)
    24-8-02 21:47:21 Connection request 24.222.39.19 TCP(1323)
    24-8-02 21:43:34 Connection request 24.196.166.162 TCP(1292)
    24-8-02 21:36:32 Connection request 68.82.138.233 TCP(1233)
    24-8-02 21:30:26 Connection request 68.82.138.233 TCP(1184)
    24-8-02 21:30:23 Connection request 24.156.154.155 TCP(1176)
    24-8-02 21:23:25 Connection request 68.82.138.233 TCP(1125)
    24-8-02 21:15:58 Connection request 68.82.138.233 TCP(1065)
    24-8-02 21:14:13 Connection request 68.42.40.64 TCP(1057)
    24-8-02 21:07:04 Connection request 24.196.166.162 TCP(4958)
    24-8-02 21:02:52 Connection request 24.196.166.162 TCP(4958)
    24-8-02 20:58:44 Connection request 24.196.166.162 TCP(4958)
    24-8-02 20:56:24 Connection request 24.196.166.162 TCP(4879)
    24-8-02 20:54:32 Connection request 68.82.138.233 TCP(4911)
    24-8-02 20:52:12 Connection request 24.196.166.162 TCP(4879)
    24-8-02 20:44:26 Port scanned 68.82.138.233 TCP(4755) TCP(4722)
    24-8-02 20:44:26 Connection request 68.82.138.233 TCP(4755)
    24-8-02 20:44:11 Connection request 68.82.138.233 TCP(4722)
    24-8-02 20:41:14 Connection request 68.82.138.233 TCP(4732)
    24-8-02 20:37:50 Connection request 68.82.138.233 TCP(4623)
    24-8-02 20:36:13 Connection request 68.0.24.224 TCP(4616)
    24-8-02 20:36:11 Connection request 211.196.154.199 TCP(1068)
    24-8-02 20:30:21 Connection request 68.82.138.233 TCP(4563)
    24-8-02 20:23:02 Connection request 68.82.138.233 TCP(4497)
    24-8-02 20:17:48 Connection request 68.82.138.233 TCP(4430)
    24-8-02 20:09:40 Connection request 68.48.214.170 TCP(4363)
    24-8-02 19:38:54 Connection request 68.42.40.64 TCP(4125)
    24-8-02 19:30:33 Connection request 212.179.170.52 TCP(3978)
    24-8-02 19:29:50 Connection request 68.9.153.235 TCP(3998)
    24-8-02 19:27:12 Connection request 24.196.166.162 TCP(3952)
    24-8-02 19:23:34 Connection request 24.196.166.162 TCP(3796)
    24-8-02 19:08:09 Connection request 68.82.138.233 TCP(3611)
    24-8-02 19:02:13 Connection request 68.82.138.233 TCP(3514)
    24-8-02 19:00:31 Connection request 68.0.24.224 TCP(2689)
    24-8-02 19:00:17 Connection request 68.42.40.64 TCP(3461)
    24-8-02 18:59:23 Connection request 24.136.79.59 TCP(3352)
    24-8-02 18:57:29 Connection request 68.82.138.233 TCP(3408)
    24-8-02 18:56:58 Connection request 24.153.58.126 TCP(3307)
    24-8-02 18:56:30 Connection request 68.0.24.224 TCP(2689)
    24-8-02 18:55:21 Connection request 24.136.79.59 TCP(3352)
    24-8-02 18:52:29 Connection request 68.0.24.224 TCP(2689)
    24-8-02 18:52:10 Connection request 68.82.138.233 TCP(3284)
    24-8-02 18:45:13 Connection request 68.82.138.233 TCP(3184)
    24-8-02 18:44:00 Connection request 200.158.32.192 TCP(2888)
    24-8-02 18:37:06 Connection request 68.82.138.233 TCP(3069)
    24-8-02 18:21:08 Connection request 24.196.166.162 TCP(2925)
    24-8-02 18:11:07 Connection request 24.201.197.219 TCP(2754)
    24-8-02 18:05:55 Connection request 24.201.197.219 TCP(2657)
    24-8-02 17:56:58 Connection request 68.42.15.242 TCP(2561)
    24-8-02 17:47:28 Connection request 24.196.166.162 TCP(2333)
    24-8-02 17:43:32 Connection request 68.101.149.105 TCP(2324)
    24-8-02 17:37:22 Port scanned 24.196.166.162 TCP(2260) TCP(2252)
    24-8-02 17:37:22 Connection request 24.196.166.162 TCP(2260)
    24-8-02 17:37:06 Connection request 24.196.166.162 TCP(2252)
    24-8-02 17:35:48 Connection request 24.196.166.162 TCP(2235)
    24-8-02 17:25:02 Connection request 172.178.117.18 TCP(2070)
    24-8-02 17:22:43 Connection request 24.57.51.183 TCP(1915)
    24-8-02 17:05:47 Connection request 128.211.223.134 TCP(1666)
    24-8-02 16:59:25 Connection request 128.211.223.134 TCP(1543)
    24-8-02 16:55:19 Connection request 68.101.149.105 TCP(1438)
    24-8-02 16:54:12 Connection request 68.2.38.187 TCP(1125)
    24-8-02 16:50:31 Connection request 24.150.17.76 TCP(1187)
    24-8-02 16:49:43 Connection request 68.59.17.235 TCP(1288)
    24-8-02 16:48:37 Connection request 161.184.164.149 TCP(1188)
    24-8-02 16:48:18 Connection request 68.100.229.150 TCP(1246)
    24-8-02 16:48:05 Connection request 24.49.18.33 TCP(1232)
    24-8-02 16:47:51 Port scanned 128.211.223.134 TCP(1261) TCP(1141)
    24-8-02 16:47:51 Connection request 128.211.223.134 TCP(1261)
    24-8-02 16:47:33 Connection request 128.211.223.134 TCP(1141)
    24-8-02 16:46:42 Connection request 68.154.1.160 TCP(4251)
    24-8-02 16:46:04 Connection request 68.0.24.224 TCP(2951)
    24-8-02 16:44:36 Connection request 161.184.164.149 TCP(1188)
    24-8-02 16:44:09 Connection request 24.150.17.76 TCP(1187)
    24-8-02 16:43:46 Connection request 24.49.18.33 TCP(4004)
    24-8-02 16:43:26 Connection request 128.211.223.134 TCP(1141)
    24-8-02 16:42:44 Connection request 68.154.1.160 TCP(4251)
    24-8-02 16:42:04 Connection request 68.0.24.224 TCP(2951)
    24-8-02 16:38:41 Connection request 68.154.1.160 TCP(4251)
    24-8-02 16:38:36 Connection request 161.184.164.149 TCP(4221)
    24-8-02 16:38:02 Connection request 68.0.24.224 TCP(2951)
    24-8-02 16:36:09 Connection request 24.175.106.94 TCP(3500)
    24-8-02 16:36:09 Connection request 172.141.198.240 TCP(3844)
    24-8-02 16:35:43 Connection request 12.246.82.225 TCP(4042)
    24-8-02 16:35:40 Connection request 68.97.156.253 TCP(4150)
    i m gone,thx everyone for so much fun and good info.
    cheers and good bye

  10. #10
    Senior Member
    Join Date
    Apr 2002
    Posts
    634
    You have a little more port scans than me, but it is comon during p2p connections.
    You have logs nears to mine, it seems correct for me.
    Life is boring. Play NetHack... --more--

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •