Does anyone know why Sygate listens on my port 1027 UDP? I asked this
in the Sygate forum and got nowhere. And the part that bothered me is
that Sygate let's random packets to port 1027 UDP IN. Why? What the
heck is it listeing for anyway? I'm pretty sure it's got nothing to do
with it's version checking or IDS updates. Anyone know on this?
--
Kerodo
Kerodo
@news.west.cox.net:
> Does anyone know why Sygate listens on my port 1027 UDP? I asked this
> in the Sygate forum and got nowhere. And the part that bothered me is
> that Sygate let's random packets to port 1027 UDP IN. Why? What the
> heck is it listeing for anyway? I'm pretty sure it's got nothing to do
> with it's version checking or IDS updates. Anyone know on this?
>
http://www.bekkoame.ne.jp/~s_ita/port/port1024-1199.html
http://www.google.com/search?hl=en&q=ExoSee&btnG=Google+Sear ch
Google and Dogpile.com are your friends.
Duane :)
Duane Arnold
news:Xns9651F979F034notmenotmecom@204.127.199.17:
>
>
> http://www.bekkoame.ne.jp/~s_ita/port/port1024-1199.html
> http://www.google.com/search?hl=en&q=ExoSee&btnG=Google+Sear ch
What the hell does Exosee have to do with Sygate Personal Firewall?
--
"No sports writers were harmed during the making of this post. And what I
want to know is - why not?"
elaich
> Duane Arnold
> news:Xns9651F979F034notmenotmecom@204.127.199.17:
>
>>
>>
>> http://www.bekkoame.ne.jp/~s_ita/port/port1024-1199.html
>> http://www.google.com/search?hl=en&q=ExoSee&btnG=Google+Sear ch
>
> What the hell does Exosee have to do with Sygate Personal Firewall?
>
I believe the OP was asking about a port. Now what the HELL a PFW solution
may have to do with the port is another story and I don't care. I only told
OP about the port.
Duane :)
In article
loopback@localhost.com says...
> Does anyone know why Sygate listens on my port 1027 UDP? I asked this
> in the Sygate forum and got nowhere. And the part that bothered me is
> that Sygate let's random packets to port 1027 UDP IN. Why?
You have not blocked them out. You need a couple of Advanced Rules.
1. Allow UDP remote port 53. (also at tools/options/security
select Smart DNS)
2. Block UDP, all addresses, remote ports 1-65535,local ports
1-65535, in/out.
(note: rule 2 should immediately follow rule 1)
What the
> heck is it listeing for anyway? I'm pretty sure it's got nothing to do
> with it's version checking or IDS updates. Anyone know on this?
>
>
Casey
On Sun, 8 May 2005 17:19:19 -0700, Kerodo
wrote:
>Does anyone know why Sygate listens on my port 1027 UDP? I asked this
>in the Sygate forum and got nowhere. And the part that bothered me is
>that Sygate let's random packets to port 1027 UDP IN. Why? What the
>heck is it listeing for anyway? I'm pretty sure it's got nothing to do
>with it's version checking or IDS updates. Anyone know on this?
Mines listening on port 1026 UDP, local IP 0.0.0.0. How else is it
going to act as a firewall if it isn't listening? I used a port
monitor to check. It's not connecting remotely to anything on my PC.
In article
says...
> On Sun, 8 May 2005 17:19:19 -0700, Kerodo
> wrote:
>
> >Does anyone know why Sygate listens on my port 1027 UDP? I asked this
> >in the Sygate forum and got nowhere. And the part that bothered me is
> >that Sygate let's random packets to port 1027 UDP IN. Why? What the
> >heck is it listeing for anyway? I'm pretty sure it's got nothing to do
> >with it's version checking or IDS updates. Anyone know on this?
>
> Mines listening on port 1026 UDP, local IP 0.0.0.0. How else is it
> going to act as a firewall if it isn't listening? I used a port
> monitor to check. It's not connecting remotely to anything on my PC.
>
Thanks (to all) for posting. Yep, mines listening on 1027 too.
Although this has nothing whatsoever to do with the proper functioning
of the firewall. I can create rules to block it, no problem. Just
wondered if anyone knew specifically why Sygate does that.
Thanks...
--
Kerodo
On Mon, 9 May 2005 19:43:24 -0700, Kerodo
wrote:
>Thanks (to all) for posting. Yep, mines listening on 1027 too.
>Although this has nothing whatsoever to do with the proper functioning
>of the firewall. I can create rules to block it, no problem. Just
>wondered if anyone knew specifically why Sygate does that.
>
>Thanks...
Well, I look at my port monitor again and I see 3 that say system
listening on UDP and 2 that say listing on TCP, and then there is
svchost.exe listening on TCP and alg.exe listening on TCP, plus
smc.exe (Sygate) listening on UDP, the only one connected remotely is
agent.exe (news reader). What are they all listening for? Haven't a
clue. :-)
In article <792281tjk7el3oqoag7vejprp6dprfrlp9@4ax.com>, no@email.here
says...
> On Mon, 9 May 2005 19:43:24 -0700, Kerodo
> wrote:
>
>
> >Thanks (to all) for posting. Yep, mines listening on 1027 too.
> >Although this has nothing whatsoever to do with the proper functioning
> >of the firewall. I can create rules to block it, no problem. Just
> >wondered if anyone knew specifically why Sygate does that.
> >
> >Thanks...
>
> Well, I look at my port monitor again and I see 3 that say system
> listening on UDP and 2 that say listing on TCP, and then there is
> svchost.exe listening on TCP and alg.exe listening on TCP, plus
> smc.exe (Sygate) listening on UDP, the only one connected remotely is
> agent.exe (news reader). What are they all listening for? Haven't a
> clue. :-)
I don't know either, but I see no reason why Sygate needs to listen for
anything.. Oh well.. :)
--
Kerodo
Ok, I just did some snooping around about the ports and the services
that were mentioned ;)
I am not sure about the system process that are listening to/for udp
communication...
However, about the Sygate smc.exe listening to port 1027 - this is for
2 reasons:
1st- smc.exe is a part of the Sygate Secure Enterprise, more
specifically the firewall product. This piece of software blocks
attacks from Internet-bound viruses and hackers. This program is
important for the stable and secure running of your computer and should
not be terminated.
(quoted from:
http://www.liutilities.com/products/wintaskspro/processlibra ry/smc/ )
2nd - Microsoft operating systems tend to allocate one or more
unsuspected, publicly exposed services (probably DCOM, but who knows)
among the first handful of ports immediately above the end of the
service port range (1024+).
(and)
The most distressing aspect of this, is that these service ports are
wide open to the external Internet. If Microsoft wants to allow DCOM
services and clients operating within a single machine to
inter-operate, that's fine. But in that case the DCOM service ports
should be "locally bound" so that they are not wide open and flapping
in the Internet breeze.
(from: http://grc.com/port_1027.htm )
Sooo....on Port 1027 having a tool from the firewall snooping/sniffing
about is not a terrible thing to have.
Search on Google for the other services and ports and it will give ya
Tons of info!
~Demon