Author Topic: Really attack or... ?  (Read 9904 times)

0 Members and 1 Guest are viewing this topic.

S.Z.Craftec

  • Guest
Really attack or... ?
« on: June 26, 2004, 12:24:35 AM »
Ok, I need expert opinion... I've got this pop-up alert from my Outpost firewall few minutes ago while I was checking some messages in avast! forum...

Can someone tell me what's that mean, please...

Cheers !

Offline radicalb21

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 438
  • Be Safe. Be Smart. Use Common Sense.
Re:Really attack or... ?
« Reply #1 on: June 26, 2004, 12:34:35 AM »
Hey Craftec,
     It's radicalb21. I just did a lookup and it comes back to avast. Here is the information i got back from the lookup. here it is:

rs1.avast.com = [ 66.98.166.72 ]
 
  Registrant:
  Alwil Software                    AS AVAST2-DOM
     Prubezna 76
     Praha 10  Czech republic 11000
     CZ
     Domain Name: AVAST.COM
     Administrative Contact  Technical Contact:
        Baudis  Pavel  baudis@ASW.CZ
 
        Alwil software
        Prubezna 76
        Praha 10 110 00
        CZ
        420 2 74005 666 fax: 420 2 74005 555
     Record expires on 05-Oct-2005.
     Record created on 06-Oct-1997.
     Database last updated on 25-Jun-2004 18: 30: 27 EDT.
     Domain servers in listed order:
     CAT.ASW.CZ
     NS1.AVAST.COM                67.15.0.83
     SNS.NEXTRA.CZ

An RST Attack is using a TCP Ip protocol     RST attack on RFC-based TCP stacks
Public Advisory
     
   
Attack ID:    CPAI-2004-17
Last Update:    21-Apr-2004
Category:    RST attack on RFC-based TCP stacks
Vulnerable Systems:    Any operating system or software that has implemented TCP based on RFC 793 and RFC 1323
Source:
Updated
22-Apr-04    NISCC
CAN-2004-0230
Description:    A security vulnerability has been discovered in the implementation of TCP designed in accordance with the TCP RFC. The vulnerability allows a malicious user to send a specially crafted TCP packet with a RST or SYN flag inside an existing connection and cause its termination.
Severity:    High
Read the FULL ADVISORY and SOLUTION
(ID and Password Required)
Updated
22-Apr-04

Hope this helps my friend. I would in the mean time blck access to from that IP until we hear something from AVAST guru's.

 
« Last Edit: June 26, 2004, 12:48:51 AM by radicalb21 »
iMac 21.5 " Mid 2011 2.7 GHz Intel Core i5
4 GB 1333 MHz DDR3
AMD Radeon HD 6770M 512 MB

S.Z.Craftec

  • Guest
Re:Really attack or... ?
« Reply #2 on: June 26, 2004, 12:40:22 AM »
Oh no, I'm not worried at all. I'm behind Hardware firewall/router and I also use Outpost...

I was just wondering what that has to do with avast web site...
« Last Edit: June 26, 2004, 12:40:51 AM by S.Z.Craftec »

Offline radicalb21

  • Avast Evangelist
  • Poster
  • ***
  • Posts: 438
  • Be Safe. Be Smart. Use Common Sense.
Re:Really attack or... ?
« Reply #3 on: June 26, 2004, 12:52:16 AM »
I have know idea either but am looking it up to try and find more information at this time. I have also sent an email to support@asw.cz and also to VLK to see if they can shed some light on the subject. As soon as I hear something I'll post back in this thread.
iMac 21.5 " Mid 2011 2.7 GHz Intel Core i5
4 GB 1333 MHz DDR3
AMD Radeon HD 6770M 512 MB

techie101

  • Guest
Re:Really attack or... ?
« Reply #4 on: June 26, 2004, 02:19:46 AM »
No,

I don't think you are under attack by evil forces.  ;)

rs1 is a link string to the Avast main page.

Not sure why it is appearing in your Outpost.

I can only surmise that it is attempting to look for updates at the Avast site.

Run the link rs1.avast.com and see for yourself where it takes you.


S.Z.Craftec

  • Guest
Re:Really attack or... ?
« Reply #5 on: June 26, 2004, 02:25:55 AM »
Exactly same as I type www.avast.com in by browser...
I know it's not any kind of attack, but I wonder why Outpost reported it...

Staind

  • Guest
Re:Really attack or... ?
« Reply #6 on: June 26, 2004, 02:44:19 AM »
Hey just out of curiosity, do you use Outpost free or their Pro version?

S.Z.Craftec

  • Guest
Re:Really attack or... ?
« Reply #7 on: June 26, 2004, 03:00:52 AM »
Free version 1.0, but I'm on trial 2.1 right now... why ?
« Last Edit: June 26, 2004, 03:09:44 AM by S.Z.Craftec »

Staind

  • Guest
Re:Really attack or... ?
« Reply #8 on: June 26, 2004, 03:49:05 AM »
Was just curious, I was wondering if I should actually get a firewall or not...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re:Really attack or... ?
« Reply #9 on: June 26, 2004, 04:11:28 AM »
Was just curious, I was wondering if I should actually get a firewall or not...

You're doubt?
Firewall for sure  8)
The best things in life are free.

techie101

  • Guest
Re:Really attack or... ?
« Reply #10 on: June 26, 2004, 07:05:56 AM »
I would assume that Outpost reports it because it would appear as an uncommanded TCP request and connection.

Depending on how Outpost was set, it would set off an alarm.

I had this happen with other innocent programs and processes with Agnitum Outpost and discontinued using it a long time ago in favor of Sygate.

Have fun.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re:Really attack or... ?
« Reply #11 on: June 26, 2004, 08:43:05 AM »
Well you have avast! Pro now which encorporates PUSH update system that is initiated from the outside (from Alwil servers) so firewall probably thought that it was a attack,but in fact it was only a update sent from Alwil servers. Add Alwil servers to firewall exclussion i guess.
Visit my webpage Angry Sheep Blog

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Really attack or... ?
« Reply #12 on: June 26, 2004, 11:19:22 AM »
I have no idea what was causing this.
But a Google search for "rst attack" reveals a couple of Outpost-related matches on the first page. It seems that Outpost sometimes reports this for no particular reason.

RejZor, this doesn't have to do anything with the PUSH updates. PUSH updates are realized by SMTP (mails), no direct connection from our updating servers.
If at first you don't succeed, then skydiving's not for you.

S.Z.Craftec

  • Guest
Re:Really attack or... ?
« Reply #13 on: June 26, 2004, 02:21:24 PM »
While we are here (PUSH updats)... I also have one question...

I saw that option somewhere inside my father's avast! Home Edition, but if I wanted to enable it it said something like "not available in Home Edition" or something... I'm not sure anymore... OK, I understand that completely and 100%

The problem is, I can not find for anything in the world, PUSH option in my avast! Pro version... why is that ?

See info about my version in attachment...

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11658
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:Really attack or... ?
« Reply #14 on: June 26, 2004, 02:47:35 PM »
You mean avast -> Settings -> Updating (Basics) -> Advanced ? ;)
If at first you don't succeed, then skydiving's not for you.