Outpost Firewall Crashed because of Google ?

Discussion in 'other firewalls' started by tekkaman, Dec 11, 2012.

Thread Status:
Not open for further replies.
  1. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    Hello everyone.

    Yesterday my computer had a blue screen. When I checked the minidumps with whocrashed it seems Outpost driver was to blame. Is it common for software firewalls to crashed when there's an attack ? I'll paste what the logs said here:

    12/10/2012 11:41:29 AM 173.194.37.97 Intruder unblocked
    12/10/2012 11:41:29 AM 173.194.37.110 Intruder unblocked
    12/10/2012 11:41:03 AM 173.194.37.96 Intruder unblocked
    12/10/2012 11:41:01 AM 173.194.37.99 Intruder unblocked
    12/10/2012 11:36:29 AM 173.194.37.97 Host blocked for 5 min SCAN (6165, 4885, 5909)
    12/10/2012 11:36:29 AM 173.194.37.110 Host blocked for 5 min SCAN (5141, 5397, 5653)
    12/10/2012 11:36:27 AM 173.194.37.98 Detected attack, host not blocked SINGLE_SCAN_PORT (2837)
    12/10/2012 11:36:09 AM 173.194.37.105 Detected attack, host not blocked SINGLE_SCAN_PORT (3861)
    12/10/2012 11:36:06 AM 173.194.37.103 Detected attack, host not blocked SINGLE_SCAN_PORT (8981)
    12/10/2012 11:36:04 AM 173.194.37.107 Detected attack, host not blocked SINGLE_SCAN_PORT (8725)
    12/10/2012 11:36:04 AM 173.194.37.108 Detected attack, host not blocked SINGLE_SCAN_PORT (8469)
    12/10/2012 11:36:03 AM 173.194.37.110 Detected attack, host not blocked SINGLE_SCAN_PORT (5141)
    12/10/2012 11:36:03 AM 173.194.37.96 Host blocked for 5 min SCAN (6933, 6677, 6421)
    12/10/2012 11:36:03 AM 173.194.37.111 Detected attack, host not blocked SINGLE_SCAN_PORT (8213)
    12/10/2012 11:36:02 AM 173.194.37.96 Detected attack, host not blocked SINGLE_SCAN_PORT (6933)
    12/10/2012 11:36:02 AM 74.125.130.105 Detected attack, host not blocked SINGLE_SCAN_PORT (4629)
    12/10/2012 11:36:01 AM 173.194.37.99 Host blocked for 5 min SCAN (3093, 3349, 3605)
    12/10/2012 11:36:01 AM 173.194.37.99 Detected attack, host not blocked SINGLE_SCAN_PORT (3093)

    The Ip address seems to belong to Google ? Why is it scanning my computer ?
     
  2. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    google is always scanning the entire internet, if you are not behind a NAT and a firewall you are always being scanned by many unknown hosts.
     
  3. m0unds

    m0unds Guest

    which version of outpost? are you behind a NAT device of some sort?

    i stopped using outpost at 7.5.x because of what appeared to be a bug introduced with either 7.5.2 or .3 (can't remember which) that caused attack detection to trigger with legitimate traffic from akamai and other content distribution networks.

    i'd suggest contacting agnitum support w/your minidumps to see whether they can replicate it or at least look into a solution.
     
  4. mrtonyg

    mrtonyg Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    35
    Location:
    USA
    So Google is scanning for open ports?!!

    I believe that Google has public proxy servers and someone could be using them for not-so-nice reasons.
     
    Last edited: Jan 3, 2013
  5. Syobon

    Syobon Registered Member

    Joined:
    Dec 27, 2009
    Posts:
    469
    its public known google is indexing the entire web in real-time, but seeing how private webcams and other private storage media somehow appears in well crafted google searches, you can safely presume google does a lot more than they want us to believe.
     
  6. mrtonyg

    mrtonyg Registered Member

    Joined:
    Dec 27, 2012
    Posts:
    35
    Location:
    USA
    There is a difference between indexing a website's content to port scanning a server/computer looking for vulnerabilities.
     
  7. act8192

    act8192 Registered Member

    Joined:
    Nov 9, 2006
    Posts:
    1,272
    I think Outpost classifies some things as port scan. I don't recall the details from version 6 and early 7. But these might be totally normal packets keeping some connection you started alive. And it can persist for a while. Unlikely for google to sit there and do port scans against your computer. They do collect whatever info they can get when you click links, but doing port scans would seem totally unrealistic to me.
     
  8. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Regardless, a firewall should be able to withstand port scans without crashing, or it is basically useless.
     
  9. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    2,969
    Location:
    U.S.A.
    Wonder if Outpost firewall having a problem with BGP Tools which Hurricane Electric where those IP addresses are hosted at uses?

    http://www.bgp4.as/tools
     
  10. tekkaman

    tekkaman Registered Member

    Joined:
    Sep 22, 2008
    Posts:
    164
    Yes I still don't know why it crashed in the first place. Can someone clarify if this is normal behavior ? Version is 7.5.2

    Specs:

    Toshiba T235D
    AMD Turion Neo 1.5 Ghz
    8GB DDR 3 800Mhz
    Windows 7 64
     
    Last edited: Jan 13, 2013
  11. King Grub

    King Grub Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    814
    Of course it isn't. Blue screens caused by drivers and programs crashing when performing the duties they were created for is not normal.
     
  12. m0unds

    m0unds Guest

    i mentioned there was an issue with 7.5.x that caused erroneous attack detection to occur. i stopped using outpost because of it. it's also mentioned on agnitum's forums at outpostfirewall.com. update to a more recent version and you might not see those attack detection issues any longer.

    (quoting myself)
     
Loading...
Thread Status:
Not open for further replies.