Questions re Sygate Personal Firewall

  Nosmas 23:56 22 Aug 2003

Having used AVG for a couple of years, I decided when I signed up for Broadband to install Sygate Personal Firewall. I must admit I don't fully understand all the technicalities about hackers gaining access through ports etc. but feel that with AVG and Sygate I should be reasonably secure.

I believe that Sygate operates in a "stealth" mode, which if I understand it correctly means that would be intruders a unaware of my system being connected to the Internet. During the past week Sygate has warned me on twelve occasions that "Someone is scanning your computer", and of these, eleven have been from the same source - Running a BackTrace gives the following information:-

Latin American and Caribbean IP address Regional Registry (NET-LACNIC-200)

Chucarro 1110 ap. 5

Montevideo, 11300


Netname: LACNIC-200

Netblock: -

Maintainer: LNIC

Latin American and Caribbean IP address Regional Registry (LACNIC-ARIN)

I am not sure what all this means and what action (if any) I can take to stop scanning attempts from that source.

More importantly, am I correct in thinking that this "scanner" is not aware of my existence on the Internet because of Sygate's "stealth" mode?

One thing that does puzzle me is that having come across this site click here a McAfee pop-up appeared entitled "Internet Security Bulletin" inviting me to "Test and Protect your PC". Clicking the test button produced a "Test Result", according to which my system was unprotected and vulnerable to hackers using JavaScript, ActiveX, Web Bugs and Cookies. A further test button for "Malicious File Downloads" produced another (allegedly) McAfee window inviting me to download a "non-infectious harmless file". At this point I decided to go no further just in case this was not genuine.

As my O/S is W98 I do not believe I am vulnerable to the Sobig virus, but am rather disturbed by the McAfee test report that I am otherwise vulnerable despite the fact that Sygate was running at the time of the test.

I would be grateful for any views and / or suggestions re my dilemma.

  krypt1c 00:07 23 Aug 2003

Have a look at the free tools on this site for testing vulnerability of ports etc click here
You should run the on-line check Shields Up. You c

  jazzypop 00:12 23 Aug 2003

Any PC that is connected to a network (such as the Internet) communicates with other PCs via specific 'ports'. It is a similar system to radio broadcasts - just as you will find Radio 4 on a certain frequency and Radio 2 on another, so all web browsers expect to be able to use a certain port, and file transfers take place on another.

A firewall's job is to close unneeded ports, and to act as a 'bouncer' or doorman on those ports that are left open, checking whether the data should be allowed into or out of your PC.

If you want to test the effectiveness of your firewall, go to one of many sites that will test it for you, such as click here (the ShieldsUp section).

The other 'vulnerabilities' that McAfee refer to are nothing to do with your firewall.

If you allow a file (such as an email) to enter your PC, it can carry a variety of nasty surprises, using a wide variety of methods such as the Javascript, ActiveX etc that you list above.

The proper tool to protect yourself from these sort of things is a good (and regularly updated) anti-virus program, such as Norton's anti-virus. As I am sure you know, McAfee also make an anti-virus program. Presumably, that is why they want you to know about the other vulnerabilities, so that they can sell you a solution. Nothing wrong with that, but perhaps they should make the distinctions clearer.

There are also certain settings that you can adjust in your browser to go some way to protect yourself (Tools > Options > Security, if you are using IE), but they are not a substitute for a good AV program.

Incidentally, Sygate's site also offers to check the effectiveness of your firewall for free.

I hope this makes things clearer, not more muddled :)

  jazzypop 00:14 23 Aug 2003

P.S. - You can not prevent anyone from scanning your firewall - but a decent one will not reply to the scan ('stealth mode'), so the scanner thinks that no PC exists.

  Gaz 25 00:25 23 Aug 2003

Ummm, You have as much parranoia as me.

If click here shows your ports as stealth do not worry.

However looks like McAffe "The internet security specialists" have decided to go to scare tactics like

I would also download click here and click here also click here (Spyware Blaster and Guard) and sleap easy.

Run every month or so click here

  Nosmas 23:55 25 Aug 2003

Many thanks for your very prompt responses. Sorry for the delay in coming back but I have been rather busy for a couple of days, plus it took quite some time to read all the info in the various links you both supplied.

I ran the ShieldsUp test and was re-assured to find that Sygate's stealth mode does (ALMOST) completely hide me when on the Internet. Inadvertently I ran the test twice; the first time it reported "No unsolicited packets were received", but the second time it said "Received one or more unsolicited packets". Running two more tests have both reported no unsolicited packets. I am a bit puzzled why the second test failed.

However all four tests have reported "A ping reply (ICMP echo) was received". I haven't been able to find any means to stop this. In fact on the Sygate Help Site click here the following appears: -

Enable stealth mode browsing

"Stealth mode" is a term used to describe a computer that is hidden from other computers while on a network. A computer on the Internet, for instance, if in stealth mode, can not be detected by port scans or communication attempts, such as ping. If you enable this feature, your computer will be invisible to other computers on any network you are on.

Surely this implies that Sygate should have prevented the ping reply from being sent, and the ShieldsUp test would then not have detected it. Does anyone have any thoughts on this?

  Nosmas 08:31 26 Aug 2003

Refresh. Please does anyone have any thoughts re the apparent problem with pings, and if there is a Sygate or IE setting that I need to adjust?

  Nosmas 12:55 26 Aug 2003

Anyone on the afternoon shift care to respond?

  jazzypop 21:04 26 Aug 2003

A bit late to be classed as the afternoon shift, I'm afraid, but as I have just got in from work perhaps you'll forgive me :)

I can't explain the erratic performance of the ShieldsUp test with regard to unsolicited packets. Perhaps if you try the test again in a week or two, when all the current web traffic caused by the rash of viruses has died down, then you will get more consistent results.

With regard to ICMP - the ICMP protocol is a background networking protocol that has several uses. One of them is to generate a 'ping' in response to a request from an IP address, as you have already identified. This can be a bad thing in terms of security, as it identifies that an IP address exists and is online, as is therefore a potentially 'attackable' target.

However, many ISPs also use ICMP to ping their customers to verify that they are still online - a null response to a ping can result in an ISP dropping a user's connection.

ICMP is also used by many games servers to establish the most efficient route for sending data packets - a blocked ICMP can result in routing inefficiencies and therefore severe 'lag' when gaming.

To explicitly block ICMP, you need to become familiar with Sygate's rules.

The simplest way is to direct you to one of many helpful sites, such as at click here which will clearly explain the many options available 'behind the scenes' of Sygate's default settings.

Personally, I would not lose too much sleep over an ICMP response being reported for a specific application.

  Nosmas 08:40 27 Aug 2003

Many thanks for your further post and the helpful link you gave. I feel a bit easier now, since although the ping echo problem indicates a small chink in my armour, it would seem to be not too serious. At least all my ports are "stealthed" and I have up-to-date AVG looking at emails etc. so feel reasonably secure.

I have had another quick look at Sygate's Help site and their users forum where ICMP and Sygate's rules are mentioned. I will need to go back and study the topic so I can perhaps formulate a rule to stop the echo bing given to "unauthorised pingers".

In the meantime I will 'green tick' this thread.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Motorola Moto G6 review: Hands-on

The best smart speaker: Apple HomePod vs Google Home vs Amazon Echo

Les meilleurs jeux gratuits pour Mac (2018)