Sygate and Apache

Discussion in 'other firewalls' started by lolka_bolka, Nov 27, 2007.

Thread Status:
Not open for further replies.
  1. lolka_bolka

    lolka_bolka Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    3
    hi!

    There was a post about it, but that is not solution for my problem.

    I installed Apache 2.2.6 and sygate personal firewall.
    I used apache 2.2.2, and 2.2.4, and every time, when sygate asked it, i sad NO to access the network.

    Since i'v intalled this 2.2.6 i am always geting this message:
    The executable has changed since the last time you used.

    But i did not upgrade or do anything with this exe.

    Why is it ?
     
  2. lolka_bolka

    lolka_bolka Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    3
    Exactly the entry:

    The executable has changed since the last time you used: D:\apache\bin\httpd.exe
    File Version : 2.2.6.0
    File Description : Apache HTTP Server
    File Path : D:\apache\bin\httpd.exe
    Process ID : 0x650 (Heximal) 1616 (Decimal)

    Connection origin : remote initiated
    Protocol : TCP
    Local Address : 217.20.142.189
    Local Port : 80 (HTTP - World Wide Web)
    Remote Name :
    Remote Address : 85.255.170.100
    Remote Port : 4813

    Ethernet packet details:
    Ethernet II (Packet Length: 62)
    Destination: 00-00-02-00-00-00
    Source: 02-00-20-00-02-00
    Type: IP (0x0800)
    Internet Protocol
    Version: 4
    Header Length: 20 bytes
    Flags:
    .1.. = Don't fragment: Set
    ..0. = More fragments: Not set
    Fragment offset:0
    Time to live: 117
    Protocol: 0x6 (TCP - Transmission Control Protocol)
    Header checksum: 0x44e0 (Correct)
    Source: 85.255.170.100
    Destination: 217.20.142.189
    Transmission Control Protocol (TCP)
    Source port: 4813
    Destination port: 80
    Sequence number: 2314073152
    Acknowledgment number: 0
    Header length: 28
    Flags:
    0... .... = Congestion Window Reduce (CWR): Not set
    .0.. .... = ECN-Echo: Not set
    ..0. .... = Urgent: Not set
    ...0 .... = Acknowledgment: Not set
    .... 0... = Push: Not set
    .... .0.. = Reset: Not set
    .... ..1. = Syn: Set
    .... ...0 = Fin: Not set
    Checksum: 0x9e49 (Correct)
    Data (0 Bytes)

    Binary dump of the packet:
    0000: 00 00 02 00 00 00 02 00 : 20 00 02 00 08 00 45 00 | ........ .....E.
    0010: 00 30 BD 4D 40 00 75 06 : E0 44 55 FF AA 64 D9 14 | .0.M@.u..DU..d..
    0020: 8E BD 12 CD 00 50 89 ED : F4 40 00 00 00 00 70 02 | .....P...@....p.
    0030: 40 00 49 9E 00 00 02 04 : 05 B4 01 01 04 02 | @.I...........
     
  3. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Have you tried disabling the appropriate option in Sygate.

    May be disable anti-application hijacking? (I'm not using Sygate so working from memory)

    Regarding the above information, you need some serious firewall expert to interpret that! :eek: But there should be definitely someone at Wilders who can.
     
  4. dmenace

    dmenace Registered Member

    Joined:
    Nov 29, 2006
    Posts:
    275
    Regarding the contents of packet / type of network connection. That is irrelevent I think.

    The application was changed earlier (a software update possibly)

    Now it is trying to connect to the internet to continue working normally. (So network data probably irrelevent)

    If Sygate doesn't remember the application's file checksum, try reinstalling Sygate / adding application to exclusion list.
     
  5. lolka_bolka

    lolka_bolka Registered Member

    Joined:
    Nov 23, 2007
    Posts:
    3
    I understand you.

    But my problem is:
    You know, when i installed my machine, first time, sygate asked all the applications, do i want to enable to access that for network or not.
    There is a checkbox about, remember this settings or not ?

    When there are a portscan, sygate aksked me, do i want to allow the mysql (for example), to access the network. So i sad no, and since that time, sygate never asked it again.

    When my AVG update itself, sygate ask me, do i want to allow the network, becase before the update i allowed that, but since that time the executable has changed. Of course i want, because i know that it has changed, bacuase it has updated.

    BUT!
    Apache web server not that kind of application, what make changes day by day. And this question comes 5-6 times a day.

    I think i should ask the apache foundation, what could be the problem.
    If i will get the answer, i will tell it here.
     
  6. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,698
    Hello,

    If the executable got changed somehow, it will ask you that.

    You need to know if the change should have happened - and accordingly allow or deny. But for your reference, this happens all the time with software updates, for example, when Firefox updates, the first time it launches after the update, Sygate will ask about the change. If it's harmless, you allow it. If not, you investigate what could have happened.

    Most likely, apache got updated. Compare the version you have to the one you think you have, check the file sizes etc.

    Mrk
     
Thread Status:
Not open for further replies.