[pchelpers] Re: Firewall access

I have found that Sygate has to be specifically told to block ICMP traffic
to keep pings from being returned.

George
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++
My darkness inside is full of stars - and each one has a name.

----- Original Message ----- 
From: "John Durham" <john.modec@xxxxxxxxxx>
To: <pchelpers@xxxxxxxxxxxxx>
Sent: Friday, April 23, 2004 4:37 PM
Subject: [pchelpers] Re: Firewall access


I just did a trace on one of those addresses, which you can see in entry
23 on the table below. My location is entry 1. The signal originated
(apparently) on adelphia.net (or a related server). They may be just
pinging the system to see what responds. Your firewall would probably
have prevented any response in order to keep others from identifying
your system.
NeoTrace  Version 2.02 - Shareware (7-18-99)
Destination: 67.20.201.140

-#--------------Node Name---------------IP
Address------Location-----------RT*--High---Low---Avg-Tot---D-Who
 1                                 xtra 10.0.0.8
41.300S,174.783E    0    0    0    0   1   0
 2                          No Response 0.0.0.0
Unknown              -    0    0    0  10  10
 3    219-88-164-1.jetstream.xtra.co.nz 219.88.164.1
Unknown            49   49   44   47   5   0
 4                                      210.55.205.123
Unknown            43   47   43   44   5   0
 5                          No Response 0.0.0.0
Unknown              -    0    0    0  10  10
 6                                      202.50.245.197
Unknown            54   55   54   54   5   0
 7   g2-0-3.tkbr3.global-gateway.net.nz 202.37.245.140
Unknown            52   54   51   51   5   0
 8 p1-1-0-0.labr3.global-gateway.net.nz 202.50.119.126
Unknown           181  181  179  180   5   0
 9       sl-gw15-ana-6-0.sprintlink.net 144.232.241.81
33.842N,117.950W  184  184  182  183   5   0
10      sl-bb24-ana-10-2.sprintlink.net 144.232.1.205
33.842N,117.950W  180  194  180  180   5   0
11       sl-st21-la-13-0.sprintlink.net 144.232.20.69
Unknown           182  184  182  182   5   0
12 so-2-2-0.gar1.losangeles1.level3.net 64.152.193.73
34.000N,118.167W  194  194  184  188   5   0
13 so-0-0-0.gar2.losangeles1.level3.net 209.247.9.222
34.000N,118.167W  184  184  182  183   5   0
14                                      67.72.116.18
Unknown           184  186  183  183   5   0
15 g1-00-02-00.r0.lax91.adelphiacom.net 66.109.3.133
Unknown           184  186  184  184   5   0
16 p3-01-00-00.n0.dfw91.adelphiacom.net 66.109.0.221
Unknown           194  195  194  194   5   0
17 p3-00-02-00.n0.sjc75.adelphiacom.net 66.109.0.21
Unknown           194  196  193  195   5   0
18 p3-00-02-00.n0.den75.adelphiacom.net 66.109.0.62
Unknown           242  244  242  242   5   0
19 p3-00-00-00.r0.den75.adelphiacom.net 66.109.0.214
Unknown           242  244  242  242   5   0
20         unk-426d0322.adelphiacom.net 66.109.3.34
Unknown           244  244  243  244   5   0
21                                      68.69.129.246
Unknown           246  246  245  245   5   0
22                                      24.53.86.43
Unknown           246  246  245  245   5   0
23 co-widfld-u1-c3g-140.clspco.adelphia.net 67.20.201.140
Unknown           332  546  264  344   5   0
----------------------------------------------------------------------------
----------------------------
*All times in milliseconds (ms), D=Dropped packets
----------------------------------------------------------------------------
--------------------------------
April 24, 2004 8:31:21
NeoTrace Copyright ©1997-1999 NeoWorx inc
http://www.neoworx.com


Cyril Halbach wrote:

>    I have reinstalled Sygate Firewall and it apparently is working
>normally. I have set it up to notify me if any site, other than the
>approved, tries to get access. Occasionally I will be notified of a blocked
>access.  Is it possible that the following hits  could  be sites that are
>involved with PIOLET File Sharing?  When I subscribed to Piolet and
>installed the program it set up a Piolet shared folder.  Port 80 was
allowed
>in Sygate for Piolet access.
>
>When I looked at the security log today I found the following.
>    4 of these
>04/23/2004 15:14:45 Port Scan Minor Incoming TCP 67.20.201.140
>00-07-EB-BE-A2-08 67.20.57.204 00-A0-CC-7A-61-A6  Cyril Halbach HOME Normal
>1 04/23/2004 15:14:45 04/23/2004 15:14:45
>    4 of these
>04/23/2004 15:04:33 Port Scan Minor Incoming TCP 67.20.65.244
>00-07-EB-BE-A2-08 67.20.57.204 00-A0-CC-7A-61-A6  Cyril Halbach HOME Normal
>1 04/23/2004 15:04:33 04/23/2004 15:04:33
>    then 2 more of these.
>04/23/2004 14:29:25 Port Scan Minor Incoming TCP 67.20.201.140
>00-07-EB-BE-A2-08 67.20.57.204 00-A0-CC-7A-61-A6  Cyril Halbach HOME Normal
>1 04/23/2004 14:29:24 04/23/2004 14:29:24
>
>     Cy
>

-- 
Regards, John Durham <http://modecideas.com/contact.html?sig>
ICQ number 112663246
Fax/Phone 64 4 5286786
Award winning web site at http://modecideas.com?sig
Order my latest e-book at http://modecideas.com/dmaxhits.htm?sig
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.


Regards, John Durham (list moderator)
<http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.

Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: