1. Home
  2. Networking Firewalls
  3. Outpost attack from 192.168.1.47!?

Outpost attack from 192.168.1.47!?

I installed Outpost a few days ago. About a couple of times every day, it pops up an alert in the system tray, telling me I'm under attack, with the site of the attacker, and type of attack - which so far is either Teardrop attack or Nestea attack. Today it was 192.1689.1.147 (teardrop attack). Isn't that a private IP address?? How is that possible? I'm behind a router, but that's not even an address on my network. Other times, the site was one I was recently or currently on, including that of a software publisher. Doesn't it seem odd a software publisher would be sitting there issuing a DOS attack against me?! Should I presume then that Outpost is giving out false alerts and lying to me? What would make it do that, and is this thing really any better than Kerio?

Reply to
rladbury
Loading thread data ...

snipped-for-privacy@kittymail.com wrote in news:1115847571.861201.207380 @g49g2000cwa.googlegroups.com:

Like any PFW solution, they cry about nothing most of the time. You're setting behind a NAT router. So how can a machine that has a private LAN side IP behind the router have a DOS attack from a machine on the Internet coming through the router ran against it? It cannot happen. I could see someone saying that if the machine had a direct connection to the Internet and it doesn't.

The information is flat-out bogus from Outpost, you don't have PFW solution configured properly for Windows networking behind the router if you have more than one machine, or another machine on your network 192.168.1.147 which is a private side LAN IP and is running the attack.

But as far as a DOS is happening and it was reaching the machine, the PFW and the O/S would be very busy stopping the attack. I think you're getting some bogus information from Outpost you need to ignore or not have Outpost report it.

Duane :)

Reply to
Duane Arnold

Yea, these Firewalls are on crack sometimes. Just yesterday I was trying to download a soundcard driver via ftp from Turtlebeach and Sygate allowed the connection but it kept blocking the download itself and started crying about a portscan. I checked the traffick log and the portscan was coming from Turtlebeach. I had to unload Sygate just so I could download the file I needed from Turtlebeach's FTP server. At first I was thinking the Turtlebeach ftp server was really slow and it turned out Sygate was blocking it all along.

Reply to
Codex

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.