Strange loopback in firefox.

["Timothy Badenach" <tbadenach () iprimus com au>]

Dear list,

 

Two questions ?

 

I was wondering if anyone could give me their opinion of Agnitum’s Outpost
Personal Firewall 2.1. I have been using the trial version of this program
for a few days now and have had a few problems which I will detail below. 

 

Firstly I have had it crash on me when I was under what can only be
described as heavy attack from outside IP addresses. When the crash occurred
I had about ten different connections to my machine (all of them where
either using the Microsoft_DS port or epmap port to connect). It was while I
was creating rules to counteract these attacks that the crash occurred. My
question is has anyone else experienced this and is it a common problem with
Outpost. Any general opinions of this program and some decent alternatives
are also welcome as well. I have also had a few problem with removing rules
in that I remove them and the rules still seem to be in place. This just
maybe my inexperience or is it another bug? 

 

 

Secondly, I haven’t seen it for a day or so ( actually since I changed my
rules to stop the Microsoft_DS and epmap attacks, so maybe that has to
something to do with it?) but it seemed that when ever I started up Firefox
browser there was a loop-back connection made between two ports on my
laptop. For example a connection from port 3014 to 3015 and the next entry
(this is in netstat)would have a connection from 3015 back to 3014. Is this
an attempt at a DOS attack on my machine? The outpost firewall has also been
detecting RST attack ( again I haven’t seen any since I changed the
rules)attacks but it has been blocking them and the fact that this seems
only to appear when I start Firefox is weird. The ports are never the same
either but they are always consecutive numbers like 1035 and 1036 etc . Is
this a peculiarity of Firefox that my fiddling with rules has stopped? Or
was it a genuine attempt by some idiot to compromise my laptop. To be sure I
have scanned with AVG with the latest definitions in both normal and
safe-mode, as well as running trial version of Tauscan (again with the
latest defs) as well as ad aware and Spybot, ( the only thing that Spybot
found was some tracking cookies and I removed them) otherwise my scanning
found nothing unusual.

 

I admit that I have hopefully fixed this problem with the adjustment of some
rules within Outpost but to be sure ( and to maybe get a little more insight
to the nature of this strange loop-back thingy) I thought I might ask the
wider world J

 

Cheers to you all 

 

Tim

 

PS It probably may have no relevance but I only have a 19.2kbs connection as
well ( problems with living on a cattle farm with 10KV electric fences and
using dial up )

 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004
 


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------