Use this forum to post questions relating to WinGate, feature requests, technical or configuration problems
Jul 01 14 10:34 pm
Hello,
I am new to Wingate and encounter some port scanning by Wingate upon configuring the Symantec Endpoint Protection software to point to a centralized server to get the definition updates.
On Wingate, I only enabled the WWW proxy service, and disabled all other services. All the while using the Proxy function, it was working well. Recently, I configured the SEP to point to the centralized server, Wingate attempted a port scanning of port 137 on the network to many different servers.
Anyone know what trigger the port scanning by Wingate?
Jul 02 14 1:03 pm
Hi
port 137 is NetBIOS ports.
This is used when WinGate enumerates the computers on the netework. Which version of WinGate is this? I didn't think we did this any more since WinGate 7
Adrien
Jul 02 14 2:21 pm
Hello,
Thanks Adrien for the reply.
Currently I am using Wingate 6.6.4.1338. So I presume that when I configured my SEP to point to the centralized server, Wingate at the same time attempted to search for the targeted IP using port 137?
Wenxiang
Jul 02 14 3:44 pm
Hi
I think it's a coincidence, WinGate 6 did that network enumeration every 10 minutes. I think you could turn it off in the DNS client settings under enabling WINS enumeration.
We took this out in WinGate 7 - the feature was intended to provide support information for the VPN feature in WinGate - to show what computers were accessible over the VPN. It was never very reliable though, and especially later OSes (Vista onwards) stopped responding by default to netbios queries.
Adrien
Jul 02 14 4:24 pm
Hello,
Oh OK, currently under all the available services Wingate provide, i already disabled all except the WWW Proxy service, will the network enumeration situation occurs? Addition to it, this network enumeration I encounterd only happened once just after I configured the SEP software, it had never occurs before ever since I started using the WWW Proxy function.
Wenxiang
Jul 03 14 8:17 am
HI
it's a checkbox in the DNS client in WinGate, not in a service. You need to turn it off there.
Adrien
Jul 03 14 3:03 pm
Hello,
OK. Thanks. I will look for the option to disable and monitor the situation. Thanks for the great help.
Wenxiang
Powered by phpBB © phpBB Group.
phpBB Mobile / SEO by Artodia.