Firewall Q?

Discussion in 'other firewalls' started by Beautified_Chaos, May 6, 2004.

Thread Status:
Not open for further replies.
  1. Beautified_Chaos

    Beautified_Chaos Registered Member

    Joined:
    May 4, 2004
    Posts:
    10
    Sorry if this is in the wrong section, couldnt decide where the appropriate one was but since I had previously posted in this one and recieved the help I needed I figured I'd post again. Im running Sygate firewall protection and I don't know all that much about firewall programs, slowly learning and have read the help topics. I recently recieved a critical warning and the message that somebody was scanning my computer, even though the security setting went back to Normal. I just wanted to know what to do in that situation where somebody is scanning, sorry for seeming so dense.. all this stuff is so foreign to me. My skills are in HTML web design not here unfortauntely.

    Regards.

    Matt.
     
  2. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Matt,

    I've moved your thread from the Hijack cleaning forum to this one so it will get the appropriate responses for firewall questions.

    The alerts that someone is scanning your computer is quite normal, especially with all the worms and viruses out there now. As long as your computer showed that it blocked the scan, then you should be fine.

    You can go to http://grc.com/ and scan your computer to test if there are any open ports (click on the "ShieldsUP!" link, then follow the instructions).

    Or you can go to the link within Sygate to test your firewall. Open Sygate and click on "Tools" then choose "Test your firewall". It will take you to Sygae's Online Services where you can choose fromt he different types of scans to test with.

    I am not a firewall expert or anything, but I use Sygate too and getting scans all the time, but they are all blocked. ;)

    Let us know what your scan results from the above test come back with. I am sure our firewall experts will be able to help more if there is something unusual happening, or any of your ports show as open from the scan results.

    Regards,

    snap
     
  3. Beautified_Chaos

    Beautified_Chaos Registered Member

    Joined:
    May 4, 2004
    Posts:
    10
    Hi Dragin,

    Thanks for the quick reply, and thanks for relocating the post under the appropriate thread.

    I get the Somebody is scanning your computer message alot, but I never get any messages saying it was blocked.. only that the attack was logged. I guess I'm missing something somewhere.

    After downloading 6 required programs I only just removed a trojan that was sent through Y! to my computer so call me paranoid, lol. My sleepless nights are doing my head in.

    I ran the tests you suggested through Sygate and below are my results:

    The Quick Scan shows all ports blocked.
    Message - This port has not responded to any of our probes. It appears to be completely stealthed.

    The Stealth, Trojan, TCP and UDP scan showed the same result as the above.

    I'm assuming all looks good.

    Regards.

    Matt.
     
  4. dog

    dog Guest

    Hi Matt, :)

    Yah, those are good results - on SOS - blocked = stealthed - there's alot of internet traffic being generated by the latest worms ... that's probably the traffic your seeing - but the results show inbound traffic is being blocked

    But you should consider posting a log in the Hijack forum ... just to make sure everything is gone in regards to the trojan bit.

    dog - *puppy*
     
  5. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Matt, Yes, the scan results sounds very good. :)

    There is the option to have Sygate pop up a warning that there was a blocked scan, but after the 50th warning, you'd want to turn that off as it can get quite distracting.

    You can check the logs in Sygate to see what was blocked. Open Sygate and click on the down arrow beside 'Logs". The Security Log it will show you the information of the scan to your computer, and the severity level along with the IP that scanned you. You can check what was blocked by going into the Traffic Log. There should be a red X on the arrow for inbound for any unsolicited traffic (scans).

    If you are using Application filtering, then be sure that no applications have server rights. Sygate automatically gives "server rights" to any application that goes out to the internet, like your IE browser, or when you update an application, etc. To check for that, click on "Applications" on the menu bar in Sygate. You will see a list of the different applications that have connected to the internet at one point in time. Just go through the list of them (one at a time) and click to highlight, then click "Advanced" button near the bottom, and remove the check mark in the box beside "Act as a Server". There are very few programs that would ever need server rights.

    And always have the applications set to "Ask" unless you know for sure you do not want them ever asking, then set those one's to "Block".

    It does take awhile to learn about a firewall (still learning it myself.) :D But as long as applications do not have server rights, and the scan you are seeing are blocked, and your ports showing stealth, then that is what counts and gives you time to learn about firewalls a bit safer.

    KING's site is still a great site to learn more about Sygate's configurations. :)

    HTH,

    snap
     
  6. Beautified_Chaos

    Beautified_Chaos Registered Member

    Joined:
    May 4, 2004
    Posts:
    10
    Dragin, Dog. Thanks for all your help.

    God bless.

    Matt.
     
Loading...
Thread Status:
Not open for further replies.