Sygate and its backtracing

Discussion in 'other firewalls' started by babyhack, Nov 11, 2002.

Thread Status:
Not open for further replies.
  1. babyhack

    babyhack Registered Member

    Joined:
    Oct 27, 2002
    Posts:
    12
    Hi,
    I've got Windows98se2nd edition and Sygate Personal firewall 5.0 1150.
    My backtracing function (in logs>Traffic logs) don't run : I obtain this message "Unable to get whois information for this IP address."
    whereas with an other computer (Windows Xp and the same Sygate) it runs very well.
    Any idea ?
    Thx,
    regards
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Hi babyhack,

    Do you by any chance have Socketlock (or any similar program) installed on the computer where the backtrace won't work?
    In this case you'll have to turn it off when using the backtrace option.

    Regards,

    Pieter
     
  3. babyhack

    babyhack Registered Member

    Joined:
    Oct 27, 2002
    Posts:
    12
    Well, indeed in the past I ever installed neotrace pro and Visual route evaluations (tracer programs too). I have uninstalled them for a long time but maybe the uninstall hasn't been so effective. I'm using Regcleaner and I didn't see any signs of presence of these programs.

    Do you know how to find the remaining files to delete ?
    thx for your help,
    regards
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    There's an easy way to test if this is the problem.
    Download SocketToMe to see if raw sockets are available.

    Let me know,

    Pieter
     
  5. babyhack

    babyhack Registered Member

    Joined:
    Oct 27, 2002
    Posts:
    12
    I followed your instructions and (I didn't understand the aim of the process) I obtained :

    Safe (partial) raw sockets available

    What does it mean ? What is a raw socket ?

    regards,
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    Can't explain it better then this: http://www.linuxchix.org/content/courses/security/raw_sockets
    Since I was obviously on the wrong track in solving your problem, you may also want to take a look here: http://forums.sygatetech.com/ if you can find anything related.
    Or wait untill our own firewall experts show up.

    Regards,

    Pieter
     
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    babyhack

    Is the querry getting through and just no information available? Or is the outbound request not getting through?

    Not that familiar with Sygate, but do you have anything in your advanced rules that might be blocking/not allowing the Who Is querry?

    (it would require outbound to remote service/port 43).
     
  8. Luthorcrow

    Luthorcrow Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    56
    Location:
    California
    This thread looks a little old, but you do you get this everytime? I am using Sygate Pro 5 as well, and I believe I have seen this message as well from time to time just as I get something similar when using trace functions in TDS-3. Some addresses are registered in databases other than ARIN or some such nonesense.

    Sometimes you have to scracth a little harder to backtrace an IP (i.e. seach in databases for other parts of the world)
     
Thread Status:
Not open for further replies.