Ok, I need expert opinion… I’ve got this pop-up alert from my Outpost firewall few minutes ago while I was checking some messages in avast! forum…

Can someone tell me what’s that mean, please…

Cheers !

Hey Craftec,
It’s radicalb21. I just did a lookup and it comes back to avast. Here is the information i got back from the lookup. here it is:

rs1.avast.com = [ 66.98.166.72 ]

Registrant:
Alwil Software AS AVAST2-DOM
Prubezna 76
Praha 10 Czech republic 11000
CZ
Domain Name: AVAST.COM
Administrative Contact Technical Contact:
Baudis Pavel baudis@ASW.CZ

    Alwil software 
    Prubezna 76 
    Praha 10 110 00 
    CZ 
    420 2 74005 666 fax: 420 2 74005 555 
 Record expires on 05-Oct-2005. 
 Record created on 06-Oct-1997. 
 Database last updated on 25-Jun-2004 18: 30: 27 EDT. 
 Domain servers in listed order: 
 CAT.ASW.CZ 
 NS1.AVAST.COM                67.15.0.83 
 SNS.NEXTRA.CZ 

An RST Attack is using a TCP Ip protocol RST attack on RFC-based TCP stacks
Public Advisory

Attack ID: CPAI-2004-17
Last Update: 21-Apr-2004
Category: RST attack on RFC-based TCP stacks
Vulnerable Systems: Any operating system or software that has implemented TCP based on RFC 793 and RFC 1323
Source:
Updated
22-Apr-04 NISCC
CAN-2004-0230
Description: A security vulnerability has been discovered in the implementation of TCP designed in accordance with the TCP RFC. The vulnerability allows a malicious user to send a specially crafted TCP packet with a RST or SYN flag inside an existing connection and cause its termination.
Severity: High
Read the FULL ADVISORY and SOLUTION
(ID and Password Required)
Updated
22-Apr-04

Hope this helps my friend. I would in the mean time blck access to from that IP until we hear something from AVAST guru’s.

Oh no, I’m not worried at all. I’m behind Hardware firewall/router and I also use Outpost…

I was just wondering what that has to do with avast web site…

I have know idea either but am looking it up to try and find more information at this time. I have also sent an email to support@asw.cz and also to VLK to see if they can shed some light on the subject. As soon as I hear something I’ll post back in this thread.

No,

I don’t think you are under attack by evil forces.

rs1 is a link string to the Avast main page.

Not sure why it is appearing in your Outpost.

I can only surmise that it is attempting to look for updates at the Avast site.

Run the link rs1.avast.com and see for yourself where it takes you.

Exactly same as I type www.avast.com in by browser…
I know it’s not any kind of attack, but I wonder why Outpost reported it…

Hey just out of curiosity, do you use Outpost free or their Pro version?

Free version 1.0, but I’m on trial 2.1 right now… why ?

Was just curious, I was wondering if I should actually get a firewall or not…

You’re doubt?
Firewall for sure 8)

I would assume that Outpost reports it because it would appear as an uncommanded TCP request and connection.

Depending on how Outpost was set, it would set off an alarm.

I had this happen with other innocent programs and processes with Agnitum Outpost and discontinued using it a long time ago in favor of Sygate.

Have fun.

Well you have avast! Pro now which encorporates PUSH update system that is initiated from the outside (from Alwil servers) so firewall probably thought that it was a attack,but in fact it was only a update sent from Alwil servers. Add Alwil servers to firewall exclussion i guess.

I have no idea what was causing this.
But a Google search for “rst attack” reveals a couple of Outpost-related matches on the first page. It seems that Outpost sometimes reports this for no particular reason.

RejZor, this doesn’t have to do anything with the PUSH updates. PUSH updates are realized by SMTP (mails), no direct connection from our updating servers.

While we are here (PUSH updats)… I also have one question…

I saw that option somewhere inside my father’s avast! Home Edition, but if I wanted to enable it it said something like “not available in Home Edition” or something… I’m not sure anymore… OK, I understand that completely and 100%

The problem is, I can not find for anything in the world, PUSH option in my avast! Pro version… why is that ?

See info about my version in attachment…

You mean avast → Settings → Updating (Basics) → Advanced ?

OK, now I know something is really wrong in here…

Just a sec I’ll attach screenshot…

Screenshot…

Maybe it’s my mistake… is it under DETAILS ? OK, I’ll check now…

No problem I found it… it’s under DETAILS, not ADVANCED…