help with SyGate needed
From: curious (heyimjustcurious_at_yahoo.com)
Date: 01/30/04
- Next message: sean weintz: "Re: Sonicwall soho3 vs Sonicwall TZ 170"
- Previous message: curious: "Re: Stopping SPAM"
- Next in thread: D McAuliffe: "Re: help with SyGate needed"
- Reply: D McAuliffe: "Re: help with SyGate needed"
- Reply: Jarmo P: "Re: help with SyGate needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jan 2004 15:09:09 -0800
Question 1: Once installed, do I have to leave the Sygate window
opened to have the firewall be 'on'?
Question 2:
After I installed Sygate and the computer restarted, the registration
window opened up and so I connected the PC to internet to do the
registration. Right after that, a message window popped up asking me
whether I want to say "yes" or "No" to this: "An application named
NDIS User mode I/O Driver (file name ndisuio.sys) is trying to access
Internet."
Instead of choosing yes or no, I closed the window. Imediate, a window
popped up AT THE BOTTOM OF THE SCREEN saying that "An application
named NDIS User mode I/O Driver (file name ndisuio.sys) 'HAS BEEN
BLOCKED' from accessing the network.
It disppeared on tis own and right away another window with the same
type of message appeared, this time for a different application with
file anme "svchost.exe" asking the same thing. I did the same thing
and experienced the same response.
After that, it was for the application with file name "msmsgs.exe".
The same experience.
I think I was supposed to have said "No", fo example, when asking "An
application named NDIS User mode I/O Driver (file name ndisuio.sys) is
trying to access Internet. Would you allow it?".
Because, I just closed that window, it opted to block it and every so
often, the message would appear to inform me that "An application
named NDIS User mode I/O Driver (file name ndisuio.sys) is HAS BEEN
BOCKED accessing to network.", until I checked marked on 'Do not show
this message again".
Question 3:
Then, I would get messages like the ones shown below, which I do not
know what to answer sometimes.
[NDIS User Mode I/O Driver (ndisuio.sys) is beign contacted from a
remote machine 1608.mail.yahoo.com (216.155.***.**) using local port
####. Do you want to allow this program to access them?]; I said
"yes" to this one.
{Generic Host Process for Win 32 services (svchost.exe) is trying to
broadcast to [239.255.255.250] using remote port 1**0 [SSDP – Simple
Service Directory Protocol0. Do you want to allow the program to
access the network?]; I moved this window to the bottom of the page
and then noticed that it disappeared.
Later, I went to "tool" menu and did 'test your firewall' which took
me to Sygate website where I let do scanning. Then I did all other
avaialbe scanning option, i.e the follwoing five types of scans:
Quick, Stealth, Trojan, TCP, and UDP where it said that UDP scan
cannot be performed.
The results for other scans are shown below. Can any on guide me on
how things should be. I will read help section but I need to know what
the end results should be. I know that it I am asking a lot but I am
learning. I used to have my computer networked to my roommate which
has a firewalll.
(i) Quick Scan; it said that I should see 'BLOCK' on all ports but
ports 21, 25, 80, 1307 are 'OPEN'. So, it said this: "You are not
fully protetced".
(ii) Stealth Scan; ...... same as above......
(iii) Trojan scan shows the following:
Service Ports Status Possible Trojans
Scanning . . .
Trojan 21 OPEN Back Construction, Blade Runner, Doly
Trojan, Fore,
FTP trojan, Invisible FTP, Larva, WebEx,
WinCrash
Trojan 25 OPEN Ajan, Antigen, Email Password Sender, Haebu
Coceda (=
Naebi), Happy 99, Kuang2, ProMail trojan,
Shtrilitz,
Stealth, Tapiras, Terminator, WinPC, WinSpy
Trojan 80 OPEN Executor, RingZero
scanning....
scanning....
scanning....
scanning....
scanning....
scanning....
You are not fully protected:
We have detected that some of our probes connected with your
computer.
(iv) TCP scan
Service Ports Status Additional Information
Scanning ports 1 to 10 . . .
Scanning ports 11 to 20 . . .
Scanning ports 21 to 30 . . .
FTP 21 OPEN File Transfer Protocol is used to transfer files
between computers. A misconfigured FTP
server can
allow an attacker to transfer files, Trojan
horses,
and virus programs at will.
SMTP 25 OPEN SMTP is used to send email across the internet.
This
allows an attacker to verify user accounts
on your
system, send anonymous (spam) email, or even
access
files on your hard drive.
Scanning ports 31 to 40 . . .
Scanning ports 41 to 50 . . .
Scanning ports 51 to 60 . . .
Scanning ports 61 to 70 . . .
Scanning ports 71 to 80 . . .
WEB 80 OPEN HTTP web services publish web pages. A misconfigured
web server can not only offer an attacker
needed
information about his target, but it can allow
for
various security breaches.
Scanning ports 81 to 90 . . .
Scanning ports 91 to 100 . . .
Scanning ports 101 to 110 . . .
Scanning ports 111 to 120 . . .
Scanning ports 121 to 130 . . .
Scanning ports 131 to 140 . . .
Scanning ports 141 to 150 . . .
Scanning ports 151 to 160 . . .
Scanning ports 161 to 170 . . .
Scanning ports 171 to 180 . . .
Scanning ports 181 to 190 . . .
Scanning ports 191 to 200 . . .
Scanning ports 201 to 210 . . .
Scanning ports 211 to 220 . . .
Scanning ports 221 to 230 . . .
Scanning ports 231 to 240 . . .
..
..
Scanning ports 741 to 750 . . .
. .
Scanning ports 1021 to 1024 . . .
You are not fully protected:
We have detected that some of our probes connected with your
computer.
NOTE: Is 1024 the last prots to eb tested?
(v) UDP Scan
We are now determining if you have a firewall blocking UDP ports on
IP: **.***. Note: this may take a while on highly secure systems...
Testing . . .
Testing . . .
Testing . . .
We have determined that you have a firewall blocking UDP ports!
We are unable to scan any more UDP ports on IP: **.***.***.***. . .
Another Question: Is the UDP scan results OK? Do I need to block
those OPEN ports in other scans? How bad is my Trojan scan results?
What to do?
Thanks a lot.
- Next message: sean weintz: "Re: Sonicwall soho3 vs Sonicwall TZ 170"
- Previous message: curious: "Re: Stopping SPAM"
- Next in thread: D McAuliffe: "Re: help with SyGate needed"
- Reply: D McAuliffe: "Re: help with SyGate needed"
- Reply: Jarmo P: "Re: help with SyGate needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
