Re: Firewall Sygate

In article <1ecj8zmeh60tf.psoarc9kbb9h.dlg@xxxxxxxxxx>, vivekm1234
@cyberspace.org says...
On Sat, 15 Jul 2006 20:45:30 -0700, Kerodo wrote:
You've got something weird going on there. Sygate won't prompt for any
incoming TCP unless you have something listening on that/those ports.
It will automatically block unsolicited inbound traffic. So I'd suggest
you look at what's running on that machine and listening on those ports.

I get a lot of popups for "Services and Controller App" port 1026; Any idea
what ports above 1024 are to be blocked? What port range does win 2000
allot to outgoing apps (firefox/thunderbird etc)

If you get a popup for Services.Exe then just Deny it and tell Sygate to
remember your answer. From then on, you shouldn't get any more popups
for Services. Port 1026 is most likely ordinary Messenger Spam
incoming.

Outgoing apps will use any number of local ports in the 1024-5000 range.
But that shouldn't matter.

You should also go thru all your apps and make sure "act as server" is
unticked. And you can always create an advanced rule to block inbound
traffic to a specific port or range I think.


Again, it sounds more like your machine is compromised.. I'd do some
serious scanning and try to find out what's going on there. Either
that, or wipe it clean and reformat/reinstall, which always takes care
of any problems for sure...
I doubt it; the incidents occured at different machines and at different
times; mine and 3 other friends with a gap of a few months (only once, in
each case). I'm not saying it's impossible that the machines were infected,
just that it has to be via Sygate or through Sygate. I'm not sure how
though..It doesn't happen now that i've enabled both the password and
disable network on exit options.


If you're really getting Sygate shutting down on it's own, and you think
there is no malware on the machine, then I'd just dump Sygate. I used
it on a Win2k PC for some time without too many problems, but I'd never
use something that shuts down for no reason or BSODs on me. There are
many others to choose from. If you want a great packet filter, you
might also try CHX-I as well as the other one mentioned by Volker.

Link to CHX-I: http://www.idrci.net/

It's free, just have to register to get a key. Sample rule set is
available. See the online docs for a good overview.

--
Kerodo
.

Relevant Pages

  • Re: A poor mans activity check :)
    ... >The only free firewall that hasn't given me problems with my new DSL ... I've found Sygate to be exactly what I need and want, ... >>default your ports are always open, ... have any server running on those ports. ...
    (comp.security.firewalls)
  • Re: Firewall Sygate
    ... you look at what's running on that machine and listening on those ports. ... I get a lot of popups for "Services and Controller App" port 1026; ... just that it has to be via Sygate or through Sygate. ...
    (comp.security.firewalls)
  • Re: SyGate 5.0 Default Setup
    ... So doesn't Sygate block all inbound ports by default? ... > run it and disable that feature. ...
    (comp.security.firewalls)
  • Re: Sygate Open Ports
    ... > I have just installed Sygate Personal Firewall on Windows XP Pro.When I ... presently has been Allowed if ports ... There is an example of block udp on 135-139. ...
    (comp.security.firewalls)
  • Re: Software Firewall or NAT Router or Both?
    ... Sygate says both ports ... >> passing it on to you to block the ports on the router that didn't pass ... >> then run the test at Sygate or any other testing site like PCFlank, ...
    (comp.security.firewalls)