Questions re Sygate Personal Firewall

  Nosmas 23:56 22 Aug 2003
Locked

Having used AVG for a couple of years, I decided when I signed up for Broadband to install Sygate Personal Firewall. I must admit I don't fully understand all the technicalities about hackers gaining access through ports etc. but feel that with AVG and Sygate I should be reasonably secure.

I believe that Sygate operates in a "stealth" mode, which if I understand it correctly means that would be intruders a unaware of my system being connected to the Internet. During the past week Sygate has warned me on twelve occasions that "Someone is scanning your computer", and of these, eleven have been from the same source - 200.152.97.160. Running a BackTrace gives the following information:-

Latin American and Caribbean IP address Regional Registry (NET-LACNIC-200)

Chucarro 1110 ap. 5

Montevideo, 11300

UY

Netname: LACNIC-200

Netblock: 200.0.0.0 - 200.255.255.255

Maintainer: LNIC

Coordinator:
Latin American and Caribbean IP address Regional Registry (LACNIC-ARIN)

I am not sure what all this means and what action (if any) I can take to stop scanning attempts from that source.

More importantly, am I correct in thinking that this "scanner" is not aware of my existence on the Internet because of Sygate's "stealth" mode?

One thing that does puzzle me is that having come across this site click here a McAfee pop-up appeared entitled "Internet Security Bulletin" inviting me to "Test and Protect your PC". Clicking the test button produced a "Test Result", according to which my system was unprotected and vulnerable to hackers using JavaScript, ActiveX, Web Bugs and Cookies. A further test button for "Malicious File Downloads" produced another (allegedly) McAfee window inviting me to download a "non-infectious harmless file". At this point I decided to go no further just in case this was not genuine.

As my O/S is W98 I do not believe I am vulnerable to the Sobig virus, but am rather disturbed by the McAfee test report that I am otherwise vulnerable despite the fact that Sygate was running at the time of the test.

I would be grateful for any views and / or suggestions re my dilemma.

  Nosmas 23:55 25 Aug 2003

Many thanks for your very prompt responses. Sorry for the delay in coming back but I have been rather busy for a couple of days, plus it took quite some time to read all the info in the various links you both supplied.

I ran the ShieldsUp test and was re-assured to find that Sygate's stealth mode does (ALMOST) completely hide me when on the Internet. Inadvertently I ran the test twice; the first time it reported "No unsolicited packets were received", but the second time it said "Received one or more unsolicited packets". Running two more tests have both reported no unsolicited packets. I am a bit puzzled why the second test failed.

However all four tests have reported "A ping reply (ICMP echo) was received". I haven't been able to find any means to stop this. In fact on the Sygate Help Site click here the following appears: -

Enable stealth mode browsing

"Stealth mode" is a term used to describe a computer that is hidden from other computers while on a network. A computer on the Internet, for instance, if in stealth mode, can not be detected by port scans or communication attempts, such as ping. If you enable this feature, your computer will be invisible to other computers on any network you are on.

Surely this implies that Sygate should have prevented the ping reply from being sent, and the ShieldsUp test would then not have detected it. Does anyone have any thoughts on this?

  Nosmas 08:31 26 Aug 2003

Refresh. Please does anyone have any thoughts re the apparent problem with pings, and if there is a Sygate or IE setting that I need to adjust?

  Nosmas 12:55 26 Aug 2003

Anyone on the afternoon shift care to respond?

  Nosmas 08:40 27 Aug 2003

Many thanks for your further post and the helpful link you gave. I feel a bit easier now, since although the ping echo problem indicates a small chink in my armour, it would seem to be not too serious. At least all my ports are "stealthed" and I have up-to-date AVG looking at emails etc. so feel reasonably secure.

I have had another quick look at Sygate's Help site and their users forum where ICMP and Sygate's rules are mentioned. I will need to go back and study the topic so I can perhaps formulate a rule to stop the echo bing given to "unauthorised pingers".

In the meantime I will 'green tick' this thread.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Forza Horizon 4 review

Be Warned Mac users - Mojave Breaks Photoshop

iPhone tips & tricks

OnePlus 6T : date de sortie, prix et autres rumeurs