RE: Strange loopback in firefox.

From: Andrew Shore (andrew.shore_at_holistecs.com)
Date: 07/07/04

  • Next message: Ognen Duzlevski: "RE: firewall setup"
    Date: Wed, 7 Jul 2004 17:43:33 +0100
    To: "Timothy Badenach" <tbadenach@iprimus.com.au>, <security-basics@securityfocus.com>
    
    

    Not meaning to be sarcastic but if I'd experienced the problem you have
    then that app would no longer be on any of my machines.

     
    Andrew Shore
    Senior Security Specialist
    DDI. 01302 308 165
    andrew.shore@holistecs.com
     
     
     
    Company Number 04943010
    VAT Number 828 8635 82
     
     
    Holistic Technologies Ltd
    Unit 7 Shaw Wood Business Park
    Shaw Wood Way
    Doncaster
    South Yorkshire
    DN2 5TB
    T. 0870 240 1442
    F. 0870 240 1443
    www.holistecs.com
     
     
     
     
     
     
     
     
     
     
     
     
     
     

    -----Original Message-----
    From: Timothy Badenach [mailto:tbadenach@iprimus.com.au]
    Sent: 07 July 2004 02:46
    To: security-basics@securityfocus.com
    Subject: Strange loopback in firefox.

    Dear list,

     

    Two questions ?

     

    I was wondering if anyone could give me their opinion of Agnitum's
    Outpost
    Personal Firewall 2.1. I have been using the trial version of this
    program
    for a few days now and have had a few problems which I will detail
    below.

     

    Firstly I have had it crash on me when I was under what can only be
    described as heavy attack from outside IP addresses. When the crash
    occurred
    I had about ten different connections to my machine (all of them where
    either using the Microsoft_DS port or epmap port to connect). It was
    while I
    was creating rules to counteract these attacks that the crash occurred.
    My
    question is has anyone else experienced this and is it a common problem
    with
    Outpost. Any general opinions of this program and some decent
    alternatives
    are also welcome as well. I have also had a few problem with removing
    rules
    in that I remove them and the rules still seem to be in place. This just
    maybe my inexperience or is it another bug?

     

     

    Secondly, I haven't seen it for a day or so ( actually since I changed
    my
    rules to stop the Microsoft_DS and epmap attacks, so maybe that has to
    something to do with it?) but it seemed that when ever I started up
    Firefox
    browser there was a loop-back connection made between two ports on my
    laptop. For example a connection from port 3014 to 3015 and the next
    entry
    (this is in netstat)would have a connection from 3015 back to 3014. Is
    this
    an attempt at a DOS attack on my machine? The outpost firewall has also
    been
    detecting RST attack ( again I haven't seen any since I changed the
    rules)attacks but it has been blocking them and the fact that this seems
    only to appear when I start Firefox is weird. The ports are never the
    same
    either but they are always consecutive numbers like 1035 and 1036 etc .
    Is
    this a peculiarity of Firefox that my fiddling with rules has stopped?
    Or
    was it a genuine attempt by some idiot to compromise my laptop. To be
    sure I
    have scanned with AVG with the latest definitions in both normal and
    safe-mode, as well as running trial version of Tauscan (again with the
    latest defs) as well as ad aware and Spybot, ( the only thing that
    Spybot
    found was some tracking cookies and I removed them) otherwise my
    scanning
    found nothing unusual.

     

    I admit that I have hopefully fixed this problem with the adjustment of
    some
    rules within Outpost but to be sure ( and to maybe get a little more
    insight
    to the nature of this strange loop-back thingy) I thought I might ask
    the
    wider world J

     

    Cheers to you all

     

    Tim

     

    PS It probably may have no relevance but I only have a 19.2kbs
    connection as
    well ( problems with living on a cattle farm with 10KV electric fences
    and
    using dial up )

     

    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004
     
    ------------------------------------------------------------------------
    ---
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    off 
    any course! All of our class sizes are guaranteed to be 10 students or
    less 
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of
    in-the-field 
    pen testing experience in our state of the art hacking lab. Master the
    skills 
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ------------------------------------------------------------------------
    ----
    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
    any course! All of our class sizes are guaranteed to be 10 students or less 
    to facilitate one-on-one interaction with one of our expert instructors. 
    Attend a course taught by an expert instructor with years of in-the-field 
    pen testing experience in our state of the art hacking lab. Master the skills 
    of an Ethical Hacker to better assess the security of your organization. 
    Visit us at: 
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------
    

  • Next message: Ognen Duzlevski: "RE: firewall setup"

    Relevant Pages

    • FW: Legal? Road Runner proactive scanning.[Scanned]
      ... You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Strange loopback in firefox.
      ... I was wondering if anyone could give me their opinion of Agnitumís Outpost ... described as heavy attack from outside IP addresses. ... either using the Microsoft_DS port or epmap port to connect). ... For example a connection from port 3014 to 3015 and the next entry ...
      (Security-Basics)
    • Re: Protected WLAN
      ... under attack, for you to take some action to prevent it.) ... if an attack on a wireless access point was to be made by ... Likewise, it's technically feasible, and desirable, to detect port scans ... configuration password is different to the connection password. ...
      (Fedora)
    • Re: FW: Legal? Road Runner proactive scanning.[Scanned]
      ... > You consider a port scan to be an attack? ... to facilitate one-on-one interaction with one of our expert instructors. ... Attend a course taught by an expert instructor with years of in-the-field ...
      (Security-Basics)
    • Re: port 0 not stealth
      ... will issue a proper RST whenever a connection attempt is made. ... to attack under some circumstances. ... While a port is in the established state, ... most secure state a port can be in, and simply will not accept any ...
      (comp.security.firewalls)