Motorola Moto G6 review: Hands-on
Having used AVG for a couple of years, I decided when I signed up for Broadband to install Sygate Personal Firewall. I must admit I don't fully understand all the technicalities about hackers gaining access through ports etc. but feel that with AVG and Sygate I should be reasonably secure.
I believe that Sygate operates in a "stealth" mode, which if I understand it correctly means that would be intruders a unaware of my system being connected to the Internet. During the past week Sygate has warned me on twelve occasions that "Someone is scanning your computer", and of these, eleven have been from the same source - 18.104.22.168. Running a BackTrace gives the following information:-
Latin American and Caribbean IP address Regional Registry (NET-LACNIC-200)
Chucarro 1110 ap. 5
Netblock: 22.214.171.124 - 126.96.36.199
Latin American and Caribbean IP address Regional Registry (LACNIC-ARIN)
I am not sure what all this means and what action (if any) I can take to stop scanning attempts from that source.
More importantly, am I correct in thinking that this "scanner" is not aware of my existence on the Internet because of Sygate's "stealth" mode?
As my O/S is W98 I do not believe I am vulnerable to the Sobig virus, but am rather disturbed by the McAfee test report that I am otherwise vulnerable despite the fact that Sygate was running at the time of the test.
I would be grateful for any views and / or suggestions re my dilemma.
Any PC that is connected to a network (such as the Internet) communicates with other PCs via specific 'ports'. It is a similar system to radio broadcasts - just as you will find Radio 4 on a certain frequency and Radio 2 on another, so all web browsers expect to be able to use a certain port, and file transfers take place on another.
A firewall's job is to close unneeded ports, and to act as a 'bouncer' or doorman on those ports that are left open, checking whether the data should be allowed into or out of your PC.
If you want to test the effectiveness of your firewall, go to one of many sites that will test it for you, such as click here (the ShieldsUp section).
The other 'vulnerabilities' that McAfee refer to are nothing to do with your firewall.
The proper tool to protect yourself from these sort of things is a good (and regularly updated) anti-virus program, such as Norton's anti-virus. As I am sure you know, McAfee also make an anti-virus program. Presumably, that is why they want you to know about the other vulnerabilities, so that they can sell you a solution. Nothing wrong with that, but perhaps they should make the distinctions clearer.
There are also certain settings that you can adjust in your browser to go some way to protect yourself (Tools > Options > Security, if you are using IE), but they are not a substitute for a good AV program.
Incidentally, Sygate's site also offers to check the effectiveness of your firewall for free.
I hope this makes things clearer, not more muddled :)
P.S. - You can not prevent anyone from scanning your firewall - but a decent one will not reply to the scan ('stealth mode'), so the scanner thinks that no PC exists.
Ummm, You have as much parranoia as me.
If click here shows your ports as stealth do not worry.
However looks like McAffe "The internet security specialists" have decided to go to scare tactics like anonymizer.com
I would also download click here and click here also click here (Spyware Blaster and Guard) and sleap easy.
Run every month or so click here
Many thanks for your very prompt responses. Sorry for the delay in coming back but I have been rather busy for a couple of days, plus it took quite some time to read all the info in the various links you both supplied.
I ran the ShieldsUp test and was re-assured to find that Sygate's stealth mode does (ALMOST) completely hide me when on the Internet. Inadvertently I ran the test twice; the first time it reported "No unsolicited packets were received", but the second time it said "Received one or more unsolicited packets". Running two more tests have both reported no unsolicited packets. I am a bit puzzled why the second test failed.
However all four tests have reported "A ping reply (ICMP echo) was received". I haven't been able to find any means to stop this. In fact on the Sygate Help Site click here the following appears: -
Enable stealth mode browsing
"Stealth mode" is a term used to describe a computer that is hidden from other computers while on a network. A computer on the Internet, for instance, if in stealth mode, can not be detected by port scans or communication attempts, such as ping. If you enable this feature, your computer will be invisible to other computers on any network you are on.
Surely this implies that Sygate should have prevented the ping reply from being sent, and the ShieldsUp test would then not have detected it. Does anyone have any thoughts on this?
Refresh. Please does anyone have any thoughts re the apparent problem with pings, and if there is a Sygate or IE setting that I need to adjust?
Anyone on the afternoon shift care to respond?
A bit late to be classed as the afternoon shift, I'm afraid, but as I have just got in from work perhaps you'll forgive me :)
I can't explain the erratic performance of the ShieldsUp test with regard to unsolicited packets. Perhaps if you try the test again in a week or two, when all the current web traffic caused by the rash of viruses has died down, then you will get more consistent results.
With regard to ICMP - the ICMP protocol is a background networking protocol that has several uses. One of them is to generate a 'ping' in response to a request from an IP address, as you have already identified. This can be a bad thing in terms of security, as it identifies that an IP address exists and is online, as is therefore a potentially 'attackable' target.
However, many ISPs also use ICMP to ping their customers to verify that they are still online - a null response to a ping can result in an ISP dropping a user's connection.
ICMP is also used by many games servers to establish the most efficient route for sending data packets - a blocked ICMP can result in routing inefficiencies and therefore severe 'lag' when gaming.
To explicitly block ICMP, you need to become familiar with Sygate's rules.
The simplest way is to direct you to one of many helpful sites, such as at click here which will clearly explain the many options available 'behind the scenes' of Sygate's default settings.
Personally, I would not lose too much sleep over an ICMP response being reported for a specific application.
Many thanks for your further post and the helpful link you gave. I feel a bit easier now, since although the ping echo problem indicates a small chink in my armour, it would seem to be not too serious. At least all my ports are "stealthed" and I have up-to-date AVG looking at emails etc. so feel reasonably secure.
I have had another quick look at Sygate's Help site and their users forum where ICMP and Sygate's rules are mentioned. I will need to go back and study the topic so I can perhaps formulate a rule to stop the echo bing given to "unauthorised pingers".
In the meantime I will 'green tick' this thread.
This thread is now locked and can not be replied to.