HELP! I need Sygate to permit inbound UDFs

Discussion in 'Computer Security' started by Martin C.E., Dec 7, 2003.

  1. Martin C.E.

    Martin C.E. Guest

    I am using Sygate Pro 5.0 with XP Pro and I have been having getting
    a lot of trouble connecting to the Net.

    I notice in the Sygate traffic log that
    C:\WINDOWS\System32\Drivers\ndisuio
    issues a UDP but that the UDP reply from the remote end is blocked by
    Sygate.

    How do I permit those responses to get through Sygate?

    Sygate refers to the rule which blocks the incoming UDPs as this:

    GUI%GUICONFIG#SRULE@APPCONFIG-LOCK#...
    ....C:\WINDOWS\System32\Drivers\ndisuio
    [The dots are mine to permit legibility]

    How do I disable the rule which this is referring to?

    I can't find it anywhere! :-( Help.
    Martin C.E., Dec 7, 2003
    #1
    1. Advertising

  2. Martin C.E.

    J Jay Guest

    In article <944AE4EC65F7B835A@130.133.1.4>,
    says...
    > I am using Sygate Pro 5.0 with XP Pro and I have been having getting
    > a lot of trouble connecting to the Net.
    >
    > I notice in the Sygate traffic log that
    > C:\WINDOWS\System32\Drivers\ndisuio
    > issues a UDP but that the UDP reply from the remote end is blocked by
    > Sygate.
    >
    > How do I permit those responses to get through Sygate?
    >
    > Sygate refers to the rule which blocks the incoming UDPs as this:
    >
    > GUI%GUICONFIG#SRULE@APPCONFIG-LOCK#...
    > ....C:\WINDOWS\System32\Drivers\ndisuio
    > [The dots are mine to permit legibility]
    >
    > How do I disable the rule which this is referring to?
    >
    > I can't find it anywhere! :-( Help.
    >

    Hi, Your log is showing that the connection is being blocked
    by an Application Rule. Go to the Applications Window and find
    this application listed. Right click it and then click Allow in
    the popup window. Go back to the application listed and click
    (highlight) it. Click advanced. In the popup window check to
    see if there is a port number problem. There should be either
    no port numbers or if numbers are listed, they should agree
    with the port numbers listed in the traffic log for this
    attempted connection.
    JJ
    J Jay, Dec 7, 2003
    #2
    1. Advertising

  3. Martin C.E.

    J Jay Guest

    P.S.........

    In article <>,
    says...
    > In article <944AE4EC65F7B835A@130.133.1.4>,
    > says...
    > > I am using Sygate Pro 5.0 with XP Pro and I have been having getting
    > > a lot of trouble connecting to the Net.
    > >
    > > I notice in the Sygate traffic log that
    > > C:\WINDOWS\System32\Drivers\ndisuio
    > > issues a UDP but that the UDP reply from the remote end is blocked by
    > > Sygate.
    > >
    > > How do I permit those responses to get through Sygate?
    > >
    > > Sygate refers to the rule which blocks the incoming UDPs as this:
    > >
    > > GUI%GUICONFIG#SRULE@APPCONFIG-LOCK#...
    > > ....C:\WINDOWS\System32\Drivers\ndisuio
    > > [The dots are mine to permit legibility]
    > >
    > > How do I disable the rule which this is referring to?
    > >
    > > I can't find it anywhere! :-( Help.
    > >

    > Hi, Your log is showing that the connection is being blocked
    > by an Application Rule. Go to the Applications Window and find
    > this application listed. Right click it and then click Allow in
    > the popup window. Go back to the application listed and click
    > (highlight) it. Click advanced. In the popup window check to
    > see if there is a port number problem. There should be either
    > no port numbers or if numbers are listed, they should agree
    > with the port numbers listed in the traffic log for this
    > attempted connection.
    > JJ
    >

    Also, look in the Advanced Rules and see if there might be
    a UDP rule that is blocking the required ports.
    J Jay, Dec 8, 2003
    #3
  4. Martin C.E.

    Martin C.E. Guest

    J Jay <> wrote:

    > > says...
    >>
    >> I am using Sygate Pro 5.0 with XP Pro and I have been having
    >> getting a lot of trouble connecting to the Net.
    >>
    >> I notice in the Sygate traffic log that
    >> C:\WINDOWS\System32\Drivers\ndisuio
    >> issues a UDP but that the UDP reply from the remote end is
    >> blocked by Sygate.
    >>
    >> How do I permit those responses to get through Sygate?
    >>
    >> Sygate refers to the rule which blocks the incoming UDPs as
    >> this:
    >>
    >> GUI%GUICONFIG#SRULE@APPCONFIG-LOCK#...
    >> ....C:\WINDOWS\System32\Drivers\ndisuio
    >> [The dots are mine to permit legibility]
    >>
    >> How do I disable the rule which this is referring to?
    >>
    >>
    >>


    > Hi, Your log is showing that the connection is being blocked
    > by an Application Rule. Go to the Applications Window and find
    > this application listed. Right click it and then click Allow in
    > the popup window. Go back to the application listed and click
    > (highlight) it. Click advanced. In the popup window check to
    > see if there is a port number problem. There should be either
    > no port numbers or if numbers are listed, they should agree
    > with the port numbers listed in the traffic log for this
    > attempted connection.



    Hi J Jay, thanks for replying. I followed your steps above and found
    the following:

    (1) The application was already set to ALLOWED.

    (2) No IP numbers at all were listed in the advanced screen for the
    application. "Act As Client" and "Act As Server were both enabled.
    So was "Allow IMCP Traffic" and "Allow During Screensaver Mode". But
    "Enable Scheduling" was off.

    (3) There are no Advanced Rules being set.

    ---------

    Strangely, the problem seems to have moved on a bit. I was messing
    with the settings in order to permit more and more system services
    through the firewall and I touched SVCHOST.EXE and NTOSKRNL.EXE.

    (a) The Traffic Log is not listing DNISUIO anything like as
    frequently as before but *now* I see that incoming ICMP traffic from
    my own ISP is being blocked.

    (b) And now I *also* get a popup message from Sygate Pro saying:

    "F30002 DCE/RPC DCOM buffer overflow exploit atempt detected"

    and referring to an application name of "svchost.exe" and this is
    linked to an incoming TCP from my own ISP. I get this approx every
    20 minutes. Weird. I'm inclined to totally ignore it even though
    Sygate Pro calls it "critical" in the Security Log.

    Can you advice me further about this.
    Martin C.E., Dec 9, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U3RhckNoaWxk?=

    How do I permit users to share wireless connection?

    =?Utf-8?B?U3RhckNoaWxk?=, Nov 4, 2004, in forum: Wireless Networking
    Replies:
    1
    Views:
    913
    =?Utf-8?B?RWQ=?=
    Jan 12, 2005
  2. jmarkotic
    Replies:
    2
    Views:
    7,860
  3. Mark Matheney
    Replies:
    1
    Views:
    862
  4. macklo54
    Replies:
    4
    Views:
    3,004
    Salvatore
    May 16, 2006
  5. Peter Huebner

    UDFS - WinXP - can it be disabled?

    Peter Huebner, Oct 8, 2003, in forum: NZ Computing
    Replies:
    1
    Views:
    391
Loading...

Share This Page