Question Regarding Outpost

Discussion in 'other firewalls' started by Pikachu762, May 1, 2005.

Thread Status:
Not open for further replies.
  1. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Hi everyone,

    I did a packet capture with Ethereal on my computer (running Win XP home SP1, and using dialup) and noticed a lot of MSN messenger spam coming in on 1025. Usually something along the lines of "There are serious vulnerabilities in your system! Go to www.we_will_pretend_to_fix_your_problems_and_give_you_spyware.com"

    Anyway, my system doesn't accept the incoming request, but it does send out an ICMP "Destination Unreachable" packet. Why? Outpost is set to "stealth" in the System options, when it comes to handling unwanted incoming requests. In the ICMP Settings, within the Options menu, "Destination Unreachable" is only allowed when it is incoming, not outgoing.

    So I'm wondering why these ICMP packets are being generated on my system in response to the crap MSN messenger spam, when Outpost is set to block outgoing "Destination Unreachable."


    Any ideas?
     
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    If you are not already running the latest version of Outpost (2.6.452.xxxx (403) at the time of posting) then it may be worth upgrading to this and checking to see if you still get the same results. If so, report them to Agnitum directly using their Support Form.
     
  3. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Hi Paranoid

    I am using the free version of Outpost, so I am not able to test the newer versions. I will head over to their forum and repost my finding with the free version there.
     
  4. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,086
    Have you disabled the Messenger service (not MSN Messenger) ?
     
  5. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Pikachu762,

    The ICMP issue may be a known bug with the free version (which is now unsupported) - there are more irritating bugs with it like blocking all traffic with the reason Learning Mode (if you encounter this, switch to Block Most policy) and losing configuration details on a crash (keep a regularly backed up configuration file under a different name to recover from this).

    Outpost Free is pretty dated now so if you are only considering free firewalls, another product would likely be a better decision.
     
  6. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Hi Defenestration,

    Yes, I have disabled the messenger service that uses those ports. I wish more people would do so, since my logs show a bazillion entries for traffic that is using this particular service. Argh :)

    I think I'm just gonna block every IP from China and S. Korea and be done with it.
     
  7. Pikachu762

    Pikachu762 Registered Member

    Joined:
    Jan 31, 2004
    Posts:
    41
    Hi Paranoid2000,

    Ahh, I see. I didn't know the free version was unsupported. Seems likely that what I've seen regarding ICMP is a bug, as you said.

    I tried to register at the Agnitum forums, but they said that my email address had been banned. That was interesting :)

    I'll keep using it for now, I suppose, til the next version of Sygate is released. The 2808 build crashes my machine with mega Dr. Watson logs and CPU hogging.

    Thanks to you and Defenestration for your posts.
     
  8. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Due to a previous problem poster, the admins decided to block all "free" email domains from being used to register. If you have not got an account with your ISP, then contact one of the admins for help in setting up your account (David would be the best bet for this).
     
  9. SSK

    SSK Registered Member

    Joined:
    Nov 28, 2004
    Posts:
    976
    Location:
    Amsterdam
    Hi, tried to register on the Outpost forums as well. Received the same message, and sent a question about this. Never received a reply, though. Maybe its a good idea to make a workaround available? :)
     
    Last edited: May 4, 2005
  10. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England

    Works for me!!!! almost a 85% reductuion.
     
Loading...
Thread Status:
Not open for further replies.