Misleading?

[nix347]

I am running XP, i use sygate, and a linksys router. The only port open on my computer is TCP port 135, i have no UDP ports open. I have gone into services.msc and disabled all the services i dont want to use, including UPnP(Universal Plug'n play), i also use xp-antispy and have the option enabled that shuts down this service, and i use the "unplug'n pray" from grc.com,(which is redundant i know). But i have checked in services.msc and it is disabled for sure.

This is what troubles me, when i go to http://scan.sygatetech.com/ and run all of the scanning options i get a complete stealth response across the board,however, when i run the UDP scan i get this response: "We have determined that you do not have any firewall blocking UDP ports!".
For all of the ports scanned in the UDP scan i get a closed result, except one: UPnP. Is this sygate being misleading? or is there something i am missing, because it sure seems suspicious.

I have also run the scan at https://grc.com/x/ne.dll?bh0bkyd2 and i get a stealthed response on UPnP.

[wacky_sung]

i use the "unplug'n pray" from grc.com

To manual check whether your plug and play are disable go here http://www.winguides.com/registry/display.php/1131/

If you wanna configure which port to allow UDP or TCP,pls follow the steps below.
1>My Computer
2>Right click My Network Places and then properties.
3>Right click your Local Area Connection,then properties again.
4>Internet Protocol(TCP/IP),then click the Properties button.
5>Click Advance button.
6>Click Option,then Properties.
7>From here you can configure which ports which allow TCP or UDP.

[nix347]

If you wanna configure which port to allow UDP or TCP,pls follow the steps below.
1>My Computer
2>Right click My Network Places and then properties.
3>Right click your Local Area Connection,then properties again.
4>Internet Protocol(TCP/IP),then click the Properties button.
5>Click Advance button.
6>Click Option,then Properties.
7>From here you can configure which ports which allow TCP or UDP.

Have you ever actually used this method? All my experiences with it shows me that its rather crude. Like i said wacky, i have UPnP disabled in services.msc.

[Shakira]

Dear nix347,

I am using Linksys router too & I received the same message when I was using MacAffee. It is strange because previously when I scanned at the same site all of my ports were stealthed. Later, I switched to Zone Alarm & received the same message at Systech's scan site. I just installed Systech firewall a few days ago & haven't scan my system at the site yet.

To all firewall experts out there:

I need to know what are these running applications shown in my Systech firewall:

swagent.exe
ntoskrnl.exe
lsass.exe
svchost.exe
swsoc.exe

If anyone what are the above applications in my Win XP, please let me know as I appreciate it very much. Thank you.

[noODle]

nix347 have you disabled SSDP Discovery service ?
UPnP uses that also.

[tonybradley]

I need to know what are these running applications shown in my Systech firewall:

swagent.exe
ntoskrnl.exe
lsass.exe
svchost.exe
swsoc.exe

Ntoskrnl.exe is a core system file- it is the NT Operating System Kernel.

Lsass.exe is the Windows Local Security Authority Server. The process handles security in Windows.

Svchost.exe is a generic host service for other services that run from DLL's

Swagent.exe and swsoc.exe are associated with having a Dreamweaver file server. Do you have Dreamweaver installed?

Check out this web site for explanations of various programs and processes you may find running on your system: WinTasks Process Library

[nix347]

nix347 have you disabled SSDP Discovery service ?

Yes noodle. I have a list that i printed out about services that can typically be disabled, and the list mentioned that SSDP should also be disabled while trying to eliminate UPnP.

[wacky_sung]

Nix347,do you know what the sygate website did for your UDP scan?What they did is just only port scan your ports while not a doing a UDP flood test for you.If you are really interested whether are you stealth in your firewall,please get a port scanner to scan it yourself for open ports.What their scan is mainly looking in your system for UDP response which mean that to test whether are you prone to DDOS.

As what you say about the grc plug and pray which you use to disable it,is not really reliable.Why don't you manual check it yourself since i have given you the website.If you think your system is prone to UDP test which is not stealth,you better port scan your own router instead of your system.I have also used sygate Pro before and they are really stealth when doing their online test.The problem is that you may not have properly configure your system well such as updated your update patches by MS,disable useless services,etc.I have no doubt about sygate firewall but i do have doubt about your experience in configure it properly.I have seem lot of people complaining the firewall which mainly are those newbie.Use the shawdow scanner to scan your system but this is a shareware.

Here is the link -->http://www.safety-lab.com/en/

[ZomBieMann77]

hey wacky im not sure but i think that shadow scan might be kinda worthless. just for fun i opened up EVERYTHING and ran a scan with it and it still gave me a scan saying i was "cloacked" i will look into it more when i have a little bit more time but its something to think about

[nix347]

If you are really interested whether are you stealth in your firewall,please get a port scanner to scan it yourself for open ports.

Well your on target there wacky, however, the real question in my thread was "is sygate being misleading?".

And yes, when i do a port scan on my computer the only port open is TCP 135.