Avast WEBforum

Other => General Topics => Topic started by: S.Z.Craftec on June 26, 2004, 12:24:35 AM

Title: Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 12:24:35 AM
Ok, I need expert opinion... I've got this pop-up alert from my Outpost firewall few minutes ago while I was checking some messages in avast! forum...

Can someone tell me what's that mean, please...

Cheers !
Title: Re:Really attack or... ?
Post by: radicalb21 on June 26, 2004, 12:34:35 AM
Hey Craftec,
     It's radicalb21. I just did a lookup and it comes back to avast. Here is the information i got back from the lookup. here it is:

rs1.avast.com = [ 66.98.166.72 ]
 
  Registrant:
  Alwil Software                    AS AVAST2-DOM
     Prubezna 76
     Praha 10  Czech republic 11000
     CZ
     Domain Name: AVAST.COM
     Administrative Contact  Technical Contact:
        Baudis  Pavel  baudis@ASW.CZ
 
        Alwil software
        Prubezna 76
        Praha 10 110 00
        CZ
        420 2 74005 666 fax: 420 2 74005 555
     Record expires on 05-Oct-2005.
     Record created on 06-Oct-1997.
     Database last updated on 25-Jun-2004 18: 30: 27 EDT.
     Domain servers in listed order:
     CAT.ASW.CZ
     NS1.AVAST.COM                67.15.0.83
     SNS.NEXTRA.CZ

An RST Attack is using a TCP Ip protocol     RST attack on RFC-based TCP stacks
Public Advisory
     
   
Attack ID:    CPAI-2004-17
Last Update:    21-Apr-2004
Category:    RST attack on RFC-based TCP stacks
Vulnerable Systems:    Any operating system or software that has implemented TCP based on RFC 793 and RFC 1323
Source:
Updated
22-Apr-04    NISCC
CAN-2004-0230
Description:    A security vulnerability has been discovered in the implementation of TCP designed in accordance with the TCP RFC. The vulnerability allows a malicious user to send a specially crafted TCP packet with a RST or SYN flag inside an existing connection and cause its termination.
Severity:    High
Read the FULL ADVISORY and SOLUTION
(ID and Password Required)
Updated
22-Apr-04

Hope this helps my friend. I would in the mean time blck access to from that IP until we hear something from AVAST guru's.

 
Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 12:40:22 AM
Oh no, I'm not worried at all. I'm behind Hardware firewall/router and I also use Outpost...

I was just wondering what that has to do with avast web site...
Title: Re:Really attack or... ?
Post by: radicalb21 on June 26, 2004, 12:52:16 AM
I have know idea either but am looking it up to try and find more information at this time. I have also sent an email to support@asw.cz and also to VLK to see if they can shed some light on the subject. As soon as I hear something I'll post back in this thread.
Title: Re:Really attack or... ?
Post by: techie101returns on June 26, 2004, 02:19:46 AM
No,

I don't think you are under attack by evil forces.  ;)

rs1 is a link string to the Avast main page.

Not sure why it is appearing in your Outpost.

I can only surmise that it is attempting to look for updates at the Avast site.

Run the link rs1.avast.com and see for yourself where it takes you.

Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 02:25:55 AM
Exactly same as I type www.avast.com in by browser...
I know it's not any kind of attack, but I wonder why Outpost reported it...
Title: Re:Really attack or... ?
Post by: Staind on June 26, 2004, 02:44:19 AM
Hey just out of curiosity, do you use Outpost free or their Pro version?
Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 03:00:52 AM
Free version 1.0, but I'm on trial 2.1 right now... why ?
Title: Re:Really attack or... ?
Post by: Staind on June 26, 2004, 03:49:05 AM
Was just curious, I was wondering if I should actually get a firewall or not...
Title: Re:Really attack or... ?
Post by: Lisandro on June 26, 2004, 04:11:28 AM
Was just curious, I was wondering if I should actually get a firewall or not...

You're doubt?
Firewall for sure  8)
Title: Re:Really attack or... ?
Post by: techie101returns on June 26, 2004, 07:05:56 AM
I would assume that Outpost reports it because it would appear as an uncommanded TCP request and connection.

Depending on how Outpost was set, it would set off an alarm.

I had this happen with other innocent programs and processes with Agnitum Outpost and discontinued using it a long time ago in favor of Sygate.

Have fun.
Title: Re:Really attack or... ?
Post by: RejZoR on June 26, 2004, 08:43:05 AM
Well you have avast! Pro now which encorporates PUSH update system that is initiated from the outside (from Alwil servers) so firewall probably thought that it was a attack,but in fact it was only a update sent from Alwil servers. Add Alwil servers to firewall exclussion i guess.
Title: Re:Really attack or... ?
Post by: Vlk on June 26, 2004, 11:19:22 AM
I have no idea what was causing this.
But a Google search for "rst attack" reveals a couple of Outpost-related matches on the first page. It seems that Outpost sometimes reports this for no particular reason.

RejZor, this doesn't have to do anything with the PUSH updates. PUSH updates are realized by SMTP (mails), no direct connection from our updating servers.
Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 02:21:24 PM
While we are here (PUSH updats)... I also have one question...

I saw that option somewhere inside my father's avast! Home Edition, but if I wanted to enable it it said something like "not available in Home Edition" or something... I'm not sure anymore... OK, I understand that completely and 100%

The problem is, I can not find for anything in the world, PUSH option in my avast! Pro version... why is that ?

See info about my version in attachment...
Title: Re:Really attack or... ?
Post by: Vlk on June 26, 2004, 02:47:35 PM
You mean avast -> Settings -> Updating (Basics) -> Advanced ? ;)
Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 02:50:59 PM
OK, now I know something is really wrong in here...

Just a sec I'll attach screenshot...
Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 02:52:31 PM
Screenshot...

Maybe it's my mistake... is it under DETAILS ? OK, I'll check now...
Title: Re:Really attack or... ?
Post by: S.Z.Craftec on June 26, 2004, 02:57:11 PM
No problem I found it... it's under DETAILS, not ADVANCED...  ;)