Sygate f'wall-warning (?)

Discussion in 'other firewalls' started by SG1, Dec 21, 2005.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Jan 16, 2003
    Can anyone tell me, "in English," what below warning from firewall means?

    Thanks, SG1 (Pat)

    Attached Files:

  2. Kerodo

    Kerodo Registered Member

    Oct 5, 2004
    Looks like lsass.exe is listening on your port 500 and you're getting an inbound packet to that port. Sygate is asking you if it's ok to allow incoming traffic to that program since it knows it's listening on that port. Just block it and then don't worry about it.
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    May 9, 2005
    You said plain English - so no master(de)bating about ipsec and such.
    Your firewall is monitoring your ports. Sometimes, spam machines send packets to ranges of ips (sometimes you are included). Standard pings are dropped so you get no warnings. But other types of communication are logged and you are asked about them. This is pure spam.
    You can open the warning popup and look into details. You will see the hexadecimal data and its ascii translation - usually it's something like visit or visit to repair your critical windows errors.
    Two most likely to be contacted are lsass.exe through port 500 udp and svchost.exe through ports 1020-1035 udp.
    Create a few custom rules so you block these always and not bother with popups.
    I've had similar issue, since I switched provider and got a new modem. The last one had better routering capabilities and would block this incoming alone. The new modem is crappier so it lets more garbage come to firewall.
    It's nothing you should lose too much sleep over.
Thread Status:
Not open for further replies.