Sygate f'wall-warning (?)

Discussion in 'other firewalls' started by SG1, Dec 21, 2005.

Thread Status:
Not open for further replies.
  1. SG1

    SG1 Registered Member

    Joined:
    Jan 16, 2003
    Posts:
    430
    Can anyone tell me, "in English," what below warning from firewall means?

    Thanks, SG1 (Pat)
    =============
     

    Attached Files:

  2. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Looks like lsass.exe is listening on your port 500 and you're getting an inbound packet to that port. Sygate is asking you if it's ok to allow incoming traffic to that program since it knows it's listening on that port. Just block it and then don't worry about it.
     
  3. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,693
    Hi,
    You said plain English - so no master(de)bating about ipsec and such.
    Your firewall is monitoring your ports. Sometimes, spam machines send packets to ranges of ips (sometimes you are included). Standard pings are dropped so you get no warnings. But other types of communication are logged and you are asked about them. This is pure spam.
    You can open the warning popup and look into details. You will see the hexadecimal data and its ascii translation - usually it's something like visit edipus-iluvmemommy.com or visit goodfixxx.com to repair your critical windows errors.
    Two most likely to be contacted are lsass.exe through port 500 udp and svchost.exe through ports 1020-1035 udp.
    Create a few custom rules so you block these always and not bother with popups.
    I've had similar issue, since I switched provider and got a new modem. The last one had better routering capabilities and would block this incoming alone. The new modem is crappier so it lets more garbage come to firewall.
    It's nothing you should lose too much sleep over.
    Mrk
     
Thread Status:
Not open for further replies.