Security Basics mailing list archives
RE: Strange loopback in firefox.
From: "Andrew Shore" <andrew.shore () holistecs com>
Date: Wed, 7 Jul 2004 17:43:33 +0100
Not meaning to be sarcastic but if I'd experienced the problem you have then that app would no longer be on any of my machines. Andrew Shore Senior Security Specialist DDI. 01302 308 165 andrew.shore () holistecs com Company Number 04943010 VAT Number 828 8635 82 Holistic Technologies Ltd Unit 7 Shaw Wood Business Park Shaw Wood Way Doncaster South Yorkshire DN2 5TB T. 0870 240 1442 F. 0870 240 1443 www.holistecs.com -----Original Message----- From: Timothy Badenach [mailto:tbadenach () iprimus com au] Sent: 07 July 2004 02:46 To: security-basics () securityfocus com Subject: Strange loopback in firefox. Dear list, Two questions ? I was wondering if anyone could give me their opinion of Agnitum's Outpost Personal Firewall 2.1. I have been using the trial version of this program for a few days now and have had a few problems which I will detail below. Firstly I have had it crash on me when I was under what can only be described as heavy attack from outside IP addresses. When the crash occurred I had about ten different connections to my machine (all of them where either using the Microsoft_DS port or epmap port to connect). It was while I was creating rules to counteract these attacks that the crash occurred. My question is has anyone else experienced this and is it a common problem with Outpost. Any general opinions of this program and some decent alternatives are also welcome as well. I have also had a few problem with removing rules in that I remove them and the rules still seem to be in place. This just maybe my inexperience or is it another bug? Secondly, I haven't seen it for a day or so ( actually since I changed my rules to stop the Microsoft_DS and epmap attacks, so maybe that has to something to do with it?) but it seemed that when ever I started up Firefox browser there was a loop-back connection made between two ports on my laptop. For example a connection from port 3014 to 3015 and the next entry (this is in netstat)would have a connection from 3015 back to 3014. Is this an attempt at a DOS attack on my machine? The outpost firewall has also been detecting RST attack ( again I haven't seen any since I changed the rules)attacks but it has been blocking them and the fact that this seems only to appear when I start Firefox is weird. The ports are never the same either but they are always consecutive numbers like 1035 and 1036 etc . Is this a peculiarity of Firefox that my fiddling with rules has stopped? Or was it a genuine attempt by some idiot to compromise my laptop. To be sure I have scanned with AVG with the latest definitions in both normal and safe-mode, as well as running trial version of Tauscan (again with the latest defs) as well as ad aware and Spybot, ( the only thing that Spybot found was some tracking cookies and I removed them) otherwise my scanning found nothing unusual. I admit that I have hopefully fixed this problem with the adjustment of some rules within Outpost but to be sure ( and to maybe get a little more insight to the nature of this strange loop-back thingy) I thought I might ask the wider world J Cheers to you all Tim PS It probably may have no relevance but I only have a 19.2kbs connection as well ( problems with living on a cattle farm with 10KV electric fences and using dial up ) --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.715 / Virus Database: 471 - Release Date: 7/4/2004 ------------------------------------------------------------------------ --- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Strange loopback in firefox. Timothy Badenach (Jul 07)
- <Possible follow-ups>
- RE: Strange loopback in firefox. Andrew Shore (Jul 07)