Outpost Firewall Crashed because of Google ?

Hello everyone.

Yesterday my computer had a blue screen. When I checked the minidumps with whocrashed it seems Outpost driver was to blame. Is it common for software firewalls to crashed when there's an attack ? I'll paste what the logs said here:

12/10/2012 11:41:29 AM 173.194.37.97 Intruder unblocked
12/10/2012 11:41:29 AM 173.194.37.110 Intruder unblocked
12/10/2012 11:41:03 AM 173.194.37.96 Intruder unblocked
12/10/2012 11:41:01 AM 173.194.37.99 Intruder unblocked
12/10/2012 11:36:29 AM 173.194.37.97 Host blocked for 5 min SCAN (6165, 4885, 5909)
12/10/2012 11:36:29 AM 173.194.37.110 Host blocked for 5 min SCAN (5141, 5397, 5653)
12/10/2012 11:36:27 AM 173.194.37.98 Detected attack, host not blocked SINGLE_SCAN_PORT (2837)
12/10/2012 11:36:09 AM 173.194.37.105 Detected attack, host not blocked SINGLE_SCAN_PORT (3861)
12/10/2012 11:36:06 AM 173.194.37.103 Detected attack, host not blocked SINGLE_SCAN_PORT (8981)
12/10/2012 11:36:04 AM 173.194.37.107 Detected attack, host not blocked SINGLE_SCAN_PORT (8725)
12/10/2012 11:36:04 AM 173.194.37.108 Detected attack, host not blocked SINGLE_SCAN_PORT (8469)
12/10/2012 11:36:03 AM 173.194.37.110 Detected attack, host not blocked SINGLE_SCAN_PORT (5141)
12/10/2012 11:36:03 AM 173.194.37.96 Host blocked for 5 min SCAN (6933, 6677, 6421)
12/10/2012 11:36:03 AM 173.194.37.111 Detected attack, host not blocked SINGLE_SCAN_PORT (8213)
12/10/2012 11:36:02 AM 173.194.37.96 Detected attack, host not blocked SINGLE_SCAN_PORT (6933)
12/10/2012 11:36:02 AM 74.125.130.105 Detected attack, host not blocked SINGLE_SCAN_PORT (4629)
12/10/2012 11:36:01 AM 173.194.37.99 Host blocked for 5 min SCAN (3093, 3349, 3605)
12/10/2012 11:36:01 AM 173.194.37.99 Detected attack, host not blocked SINGLE_SCAN_PORT (3093)

The Ip address seems to belong to Google ? Why is it scanning my computer ?

 

google is always scanning the entire internet, if you are not behind a NAT and a firewall you are always being scanned by many unknown hosts.

 

which version of outpost? are you behind a NAT device of some sort?

i stopped using outpost at 7.5.x because of what appeared to be a bug introduced with either 7.5.2 or .3 (can't remember which) that caused attack detection to trigger with legitimate traffic from akamai and other content distribution networks.

i'd suggest contacting agnitum support w/your minidumps to see whether they can replicate it or at least look into a solution.

 

So Google is scanning for open ports?!!

I believe that Google has public proxy servers and someone could be using them for not-so-nice reasons.

 

its public known google is indexing the entire web in real-time, but seeing how private webcams and other private storage media somehow appears in well crafted google searches, you can safely presume google does a lot more than they want us to believe.

 

There is a difference between indexing a website's content to port scanning a server/computer looking for vulnerabilities.

 

I think Outpost classifies some things as port scan. I don't recall the details from version 6 and early 7. But these might be totally normal packets keeping some connection you started alive. And it can persist for a while. Unlikely for google to sit there and do port scans against your computer. They do collect whatever info they can get when you click links, but doing port scans would seem totally unrealistic to me.

 

Regardless, a firewall should be able to withstand port scans without crashing, or it is basically useless.

 

Wonder if Outpost firewall having a problem with BGP Tools which Hurricane Electric where those IP addresses are hosted at uses?

http://www.bgp4.as/tools

 

Yes I still don't know why it crashed in the first place. Can someone clarify if this is normal behavior ? Version is 7.5.2

Specs:

Toshiba T235D
AMD Turion Neo 1.5 Ghz
8GB DDR 3 800Mhz
Windows 7 64

 

Of course it isn't. Blue screens caused by drivers and programs crashing when performing the duties they were created for is not normal.

 

i mentioned there was an issue with 7.5.x that caused erroneous attack detection to occur. i stopped using outpost because of it. it's also mentioned on agnitum's forums at outpostfirewall.com. update to a more recent version and you might not see those attack detection issues any longer.

(quoting myself)