RE: Strange loopback in firefox.

["Andrew Shore" <andrew.shore () holistecs com>]

Not meaning to be sarcastic but if I'd experienced the problem you have
then that app would no longer be on any of my machines.

 
Andrew Shore
Senior Security Specialist
DDI. 01302 308 165
andrew.shore () holistecs com
 
 
 
Company Number 04943010
VAT Number 828 8635 82
 
 
Holistic Technologies Ltd
Unit 7 Shaw Wood Business Park
Shaw Wood Way
Doncaster
South Yorkshire
DN2 5TB
T. 0870 240 1442
F. 0870 240 1443
www.holistecs.com
 
 
 
 
 
 
 
 
 
 
 
 
 
 

-----Original Message-----
From: Timothy Badenach [mailto:tbadenach () iprimus com au] 
Sent: 07 July 2004 02:46
To: security-basics () securityfocus com
Subject: Strange loopback in firefox.

Dear list,

 

Two questions ?

 

I was wondering if anyone could give me their opinion of Agnitum's
Outpost
Personal Firewall 2.1. I have been using the trial version of this
program
for a few days now and have had a few problems which I will detail
below. 

 

Firstly I have had it crash on me when I was under what can only be
described as heavy attack from outside IP addresses. When the crash
occurred
I had about ten different connections to my machine (all of them where
either using the Microsoft_DS port or epmap port to connect). It was
while I
was creating rules to counteract these attacks that the crash occurred.
My
question is has anyone else experienced this and is it a common problem
with
Outpost. Any general opinions of this program and some decent
alternatives
are also welcome as well. I have also had a few problem with removing
rules
in that I remove them and the rules still seem to be in place. This just
maybe my inexperience or is it another bug? 

 

 

Secondly, I haven't seen it for a day or so ( actually since I changed
my
rules to stop the Microsoft_DS and epmap attacks, so maybe that has to
something to do with it?) but it seemed that when ever I started up
Firefox
browser there was a loop-back connection made between two ports on my
laptop. For example a connection from port 3014 to 3015 and the next
entry
(this is in netstat)would have a connection from 3015 back to 3014. Is
this
an attempt at a DOS attack on my machine? The outpost firewall has also
been
detecting RST attack ( again I haven't seen any since I changed the
rules)attacks but it has been blocking them and the fact that this seems
only to appear when I start Firefox is weird. The ports are never the
same
either but they are always consecutive numbers like 1035 and 1036 etc .
Is
this a peculiarity of Firefox that my fiddling with rules has stopped?
Or
was it a genuine attempt by some idiot to compromise my laptop. To be
sure I
have scanned with AVG with the latest definitions in both normal and
safe-mode, as well as running trial version of Tauscan (again with the
latest defs) as well as ad aware and Spybot, ( the only thing that
Spybot
found was some tracking cookies and I removed them) otherwise my
scanning
found nothing unusual.

 

I admit that I have hopefully fixed this problem with the adjustment of
some
rules within Outpost but to be sure ( and to maybe get a little more
insight
to the nature of this strange loop-back thingy) I thought I might ask
the
wider world J

 

Cheers to you all 

 

Tim

 

PS It probably may have no relevance but I only have a 19.2kbs
connection as
well ( problems with living on a cattle farm with 10KV electric fences
and
using dial up )

 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004
 


------------------------------------------------------------------------
---
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off 
any course! All of our class sizes are guaranteed to be 10 students or
less 
to facilitate one-on-one interaction with one of our expert instructors.

Attend a course taught by an expert instructor with years of
in-the-field 
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.

Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
----




---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------