Re: Outpost attack from 192.168.1.47!?

From: Codex (no_at_email.here)
Date: 05/12/05 

Date: Thu, 12 May 2005 10:18:03 -0700

On Thu, 12 May 2005 03:44:48 GMT, Duane Arnold <notme@notme.com>
wrote:

>Like any PFW solution, they cry about nothing most of the time. You're
>setting behind a NAT router. So how can a machine that has a private LAN
>side IP behind the router have a DOS attack from a machine on the Internet
>coming through the router ran against it? It cannot happen. I could see
>someone saying that if the machine had a direct connection to the Internet
>and it doesn't.
>
>The information is flat-out bogus from Outpost, you don't have PFW solution
>configured properly for Windows networking behind the router if you have
>more than one machine, or another machine on your network 192.168.1.147
>which is a private side LAN IP and is running the attack.
>
>But as far as a DOS is happening and it was reaching the machine, the PFW
>and the O/S would be very busy stopping the attack. I think you're getting
>some bogus information from Outpost you need to ignore or not have Outpost
>report it.
>
>Duane :)

Yea, these Firewalls are on crack sometimes. Just yesterday I was
trying to download a soundcard driver via ftp from Turtlebeach and
Sygate allowed the connection but it kept blocking the download itself
and started crying about a portscan. I checked the traffick log and
the portscan was coming from Turtlebeach. I had to unload Sygate just
so I could download the file I needed from Turtlebeach's FTP server.
At first I was thinking the Turtlebeach ftp server was really slow and
it turned out Sygate was blocking it all along.

Relevant Pages

  • Re: recover from possible DOS attack!
    ... recover from possible DOS attack! ... > and RedHat) all connected via a router. ... > router connection (internet connection) and all will be well, ...
    (Security-Basics)
  • [Full-disclosure] RE: RLA ("Remote LanD Attack")
    ... if the router of my internet provider has ACL's to deny ... and the LAND attack no longer works. ... hping2 on Comcast Cable connection behind Linksys Router ...
    (Full-Disclosure)
  • [NEWS] Denial of Service Vulnerability in SMC Networks Barricade Wireless Router
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Latest attack techniques. ... Stateful Packet Inspection firewall security, network management, ... the router remains unresponsive to requests on the ...
    (Securiteam)
  • RE: recover from possible DOS attack!
    ... recover from possible DOS attack! ... If it is a Cisco router you can check and see what's going on ... A good ip to ping is your ISP's end of your Internet connection. ...
    (Security-Basics)
  • Re: security issue.
    ... the ISP now has a BCC of this email. ... > pings to and from the server at the router by putting in an ACL on ... >> For the past few days, i had troubles connecting to my KIFCO server ... >> Which consider a PORTSCAN and an ATTACK. ...
    (freebsd-questions)
Quantcast