Firewall issue (Sygate)
Results 1 to 5 of 5

Thread: Firewall issue (Sygate)

  1. October 18th, 2002, 11:01 PM #1
    Ice9
    Ice9 is offline Virtual Med Student
    Join Date
    Apr 2000
    Location
    Canada
    Posts
    73

    Firewall issue (Sygate)

    Hi, I recently discovered something very strange happening with regards to my firewall.

    I use "Sygate Personal Firewall", and I noticed that when my computer was idle, I was seeing traffic being blocked in the firewall icon far more often than normal.

    So I just looked in the log and I see what was going on, and I discovered 100s of hits, all from the same IP (10.x.x.x), all going to the "Destination Host" 255.255.255.255 on my machine. The rate of hits seems random, but I get about 5 per minute on average. I have a cable connection and just got a new modem from my ISP, and I think the problem has only been happening since then, but I can't be sure.

    I don't think anything malicious is going on, but this can't be normal. It might be some issue between my ISP and myself, and I would appreciate any help stopping this, because it is very annoying.
    Last edited by Ice9; October 19th, 2002 at 10:35 PM.
    Reply With Quote Reply With Quote
  2. October 19th, 2002, 02:06 PM #2
    Adriweb
    Adriweb is offline Virtual Intern
    Join Date
    Jan 2000
    Location
    Ottawa, Canada
    Posts
    299
    Do you have a home network? A 10.x.x.x address is a private address.
    It is probably not coming from your isp. That address may be the firewall testing itself.
    Reply With Quote Reply With Quote
  3. October 19th, 2002, 07:03 PM #3
    Pakrat's Avatar
    Pakrat
    Pakrat is offline Virtual Resident
    Join Date
    Oct 2000
    Location
    Edina, MN USA
    Posts
    862
    I'm not completely clear on this, but cable modems use an internal IP, this way the cable company can check on the modem.

    Do a tracert to yahoo.com or something, What I get is a 10.x.x.x address as the first hop.
    Pakrat - A+, Network+
    Reply With Quote Reply With Quote
  4. October 19th, 2002, 10:41 PM #4
    Ice9
    Ice9 is offline Virtual Med Student
    Join Date
    Apr 2000
    Location
    Canada
    Posts
    73
    Originally posted by Pakrat
    I'm not completely clear on this, but cable modems use an internal IP, this way the cable company can check on the modem.

    Do a tracert to yahoo.com or something, What I get is a 10.x.x.x address as the first hop.
    Thanks Pakrat, that was a good idea.

    That 10.x.x.x address was indeed the first hop on the tracert, so the idea that is an "internal" IP makes sense.

    I still don't get why modem is trying to connect with "255.255.255.255" though. I did check my "winipcfg" and my subnet mask shows up as "255.255.255.0". I don't know if that has anything to do with this or not.
    Reply With Quote Reply With Quote
  6. October 19th, 2002, 11:45 PM #5
    Newt's Avatar
    Newt
    Newt is offline Verbose Old Fud
    Join Date
    Sep 2002
    Location
    Concord, NC, USA
    Posts
    937
    Unless you are trying to set up an internet server with lots of aliases, you are almost certainly seeing the efforts of a script kiddy to work with a trojan. If you ain't got a trojan, you are safe. If your firewall is blocking the stuff, you are safe.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules