Sygate traffic log-need help please

Discussion in 'other firewalls' started by Honyak, Jul 22, 2004.

Thread Status:
Not open for further replies.
  1. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    Attached is an image of traffic log from SPF, from yesterday that shows incoming traffic that I have no idea why or how it got thru.
    One of these trace back to stats.esomniture.com, I googled it and could not find much other than some problem fo ebay users veiwing certain auctions.
    AVK PRO, PREVX, AND EWIDO show nothing when run and ADAWARE OR SPYBOT show nothing either. I also have a router attached with spi enabled.
    I cleared cookies and cache and did not see this again until today. The remote host 10.116.225.1 and 66.151.146.216(stats.esomniture.com) showed up again.
    Does anyone have any suggestions?

    Thank you in advance.
     

    Attached Files:

  2. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hello Honyak,

    You can start by blocking (in and out) these two addresses and logging it to the Packet log for easier spotting. See what the effects if any are.

    There may be a program on your system initiating this. What programs are you giving "Server Rights" to? As a general rule, none should be, but some may have to have that.

    Have you tested your ports? https://grc.com/x/ne.dll?bh0bkyd2

    Regards - Charles
     
  3. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    Hello Charles and thank you for the reply.
    I tested yesterday at grc and sygate with no open ports. No programs have server rights.
    Also, this is a single comp not on a network, I installed the router for extra security.

    The rest of the log shows blank under application name except the first one which states "allow ping".

    I am puzzled by this because it just started and I have not been to any seedy sites. I pretty much go to the same sites that I have bookmarked, usually forums like this.
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Honyak,

    There is no spyware or malware at work here, these are just network error messages. ICMP is the Internet Control Message Protocol (defined in RFC 792) which handles error and control messages.

    ICMP Type 3 is a Destination Unreachable response which indicates that your computer tried to connect to an invalid port, address or network (Sygate does not appear to indicate the subtype which would specify which of these). You may wish to check back in the logs to find any outgoing traffic to that IP address which could have triggered this response.

    While it is not in itself a problem, one of the sites involved does track online activity (most likely using cookies with unique IDs). To better protect your privacy online, I would suggest (if you have not already done so) you tighten up your browsers' cookie settings (to ensure that it is not accepting third party cookies specifically) and to use a web filter like Proxomitron (very powerful, but takes some learning) or WebWasher Classic (easier to use). Both are free and can filter ads and potential harmful active content (Java, Javascript, ActiveX, etc), speeding up web page downloads and providing some protection from browser hijackers, etc. They should also filter out access to such "tracking sites".

    ICMP Type 15 is an information request, typically sent by a PC to find out which network number it is on (presumably the originating IP address is on your local network). I would be inclined to ignore it as a once off.
     
  5. Honyak

    Honyak Registered Member

    Joined:
    Jul 19, 2004
    Posts:
    346
    Location:
    Deep South
    Thank you Paranoid2000, I had pretty well come to that conclusion after doing further research and you have reinforced it. I have my cookie settings in Mozilla set to not accept third party cookies but will give web washer a try. I tried proxomitron and it was a bit difficult but I may try again and spend more time learning it.
    Thanks again for the help.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Proxmitron has a great help file that explains many things. It is great in the default configuration.
     
Loading...
Thread Status:
Not open for further replies.