I recently had a BIG problem with a virus and it took me three days to solve it. The name of the virus is Vundo.gen!R. I got rid of it using Malware's Anti Malware program. I found out that I had lost my Windows Firewall when I upgraded to Service Pack3. It disabled it and put it on Group policy. I still haven't solved that one! Anyway, I installed Sygate as a firewall and left Windows Firewall disabled. I use AVG as anti-virus protection with Sygate as a firewall. It has been four days now without a problem. I happy! I have a question I hope someone will be able to answer. When Sygate blocks program from getting into the computer, you have an option to do a backtrace and know where it is coming from. There is one persistent program that keeps getting blocked. I'll try to paste it here. Blocked Trace OrgName: Internet Assigned Numbers Authority OrgID: IANA Address: 4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country: US NetRange: 192.168.0.0 - 192.168.255.255 CIDR: 192.168.0.0/16 NetName: IANA-CBLK1 NetHandle: NET-192-168-0-0-1 Parent: NET-192-0-0-0-0 NetType: IANA Special Use NameServer: BLACKHOLE-1.IANA.ORG NameServer: BLACKHOLE-2.IANA.ORG Comment: This block is reserved for special purposes. Comment: Please see RFC 1918 for additional information. Comment: http://www.arin.net/reference/rfc/rfc1918.txt RegDate: 1994-03-15 Updated: 2007-11-27 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: abuse@iana.org OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: abuse@iana.org # ARIN WHOIS database, last updated 2008-08-31 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. 9/1/2008 5:27:46 AM - Blocked - 10 - Incoming - ICMP - 192.168.0.1 00-0F-B3-5A-54-36 - 3 - 192.168.0.3 - 00-17-31-8C-87-F0 3 HP_Administrator - MAXDESK - Normal = 1 - 9/1/2008 5:26:41 AM 9/1/2008 5:26:41 AM Block_all (The above was on one long line on the report) The following describes the 'hops' it took. The first one is mine. Hops 1. 192.168.01 6. 63.237.224.30 2. 63.231.1.10.217 7. 207.46.36.249 3. 71.217.184.193 8. 207.46.34.14 4. 67.14.1.194 9. 10.22.8.10 5 205.171.26.38 xxx xxx 65.55.15.122(R… The "hops" seem to indicate that they are trying to hide where they are coming from; is that true? I can understand part of it, but I need to know if I have anything to worry about, or should I just ignore it, or set Sygate to allow the program to access my computer. If anyone can enlighten me, I would appreciate it. Thanks, ever so much, Lewitt
Woah... I didn't know that Sygate was that advanced, being able to backtrace all the way through routed destinations. However, it may seem that inbound protection is not exactly configurable in most firewalls, and I suppose you can only set the level of security or something. I'm not too familiar with Sygate. Last I heard, it got absorbed into Norton's Firewall. That is why I don't think my interpretation of the Sygate log will be accurate, but I do know that Sygate used to be a very effective firewall, and if it blocks something, it has a valid reason for doing so, so all you have to do is trust it. Also, you have recently just gotten rid of Vundo? Vundo is notorious for changing settings on your computer. Perhaps some setting is calling for a program to access your computer. It would be best to check further. Best Regards
D, I started a reply and hit ctrl + ?? (mant to hit shift) and everything disappeared. Starting over. I had also queried another forum about IANA and was sent this link, which was interesting to say the least. I am sort of a neophyte in urls and tracing stuff on the net, but I'm learning. I intend to query Quest about this to see if they know something about the incoming traffic to my computer. I am not on any local network that the letter from IANA mentioned, but it might have something to do with Quest and their use of urls. Here is the link: http://www.iana.org/abuse/ I just did another scaan with Malwarebyte's Anti Malware and it came up clean, as did another scan by AVG. If you know of another scan that would provide deeper probing, I'd like to know about it. You are right about Sygate being purchased by Symantec's Norton, but they still have a spearate site that provides some support, and they still have the free version available. Thanks for your reply. Like I said, I'm still learning and help from pros like yourself is valuable for a guy like me. Regards, Lewitt
I read the Iana abuse page, and it seemed just fine with me. Research on IANA shows nothing malicious, so it can be trusted. So I guess you're fine. Best Regards