Hello guys,
When I turned-on the WinGate Firewall I found something unusual in the FIrewall Pane on the Gatekeeper, I found lots of Spoof Attempts and Port Range and its source IP with ports and destination IP.
I WHOIS those Source Ip addresses and it came from different countries e.g. CA, India, Australia, Great Britain, etc.
What thus it mean? Is there anyone outside there trying to go into my WinGate computer?
What do you mean by Spoof Attempts & Port Ranges?
Moderator: Qbik Staff
3 posts
• Page 1 of 1
What do you mean by Spoof Attempts & Port Ranges?
by tj » Feb 19 08 2:24 pm
- tj
- Posts: 8
- Joined: Feb 04 08 10:03 pm
- Location: philippines
by logan » Feb 19 08 4:27 pm
What you are noticing is simply the nature of the internet now. There are computers all over the internet that are constantly scanning random IP addresses, trying to find unsecure networks that can be taken advantage of or hacked into. This is the reason why we must have firewalls like WinGate protecting our networks.
When you see notifications in the Firewall tab, it means that WinGate is doing it's job and protecting your network from malicious activity.
A Spoof Attempt notification means that the incoming packets source IP address was spoofed, so the packet was dropped.
A Port Range notification means that the incoming packet was destined to a disallowed port and dropped. Allowed and disallowed ports are controlled by the Port Security section of the Extended Networking properties.
When you see notifications in the Firewall tab, it means that WinGate is doing it's job and protecting your network from malicious activity.
A Spoof Attempt notification means that the incoming packets source IP address was spoofed, so the packet was dropped.
A Port Range notification means that the incoming packet was destined to a disallowed port and dropped. Allowed and disallowed ports are controlled by the Port Security section of the Extended Networking properties.
- logan
- Qbik Staff
- Posts: 671
- Joined: Oct 19 06 2:49 pm
- Location: Auckland, New Zealand
by adrien » Feb 20 08 12:07 am
p.s. WinGate determines if a packet is spoofed or not by checking whether the source and destination IP addresses are private, and the interface it is received on is external.
Depending on your ISP's setup however, if it allocates you private IP addresses, or uses private IP addresses on it's network that you need to access, this could cause invalid rejection of packets.
The rules for whether WinGate blocks a packet are as follows.
1. If the packet is received on an external interface, and the source address is private, and the destination is not private it is dropped.
2. If the source address is localhost (127.X.X.X) it is dropped.
If you look at some of the other attributes of the packets that are being dropped for spoofing, you should get a better picture about whether they are really spoofed traffic or not. You may need to uncheck the option to block spoofed packets.
Depending on your ISP's setup however, if it allocates you private IP addresses, or uses private IP addresses on it's network that you need to access, this could cause invalid rejection of packets.
The rules for whether WinGate blocks a packet are as follows.
1. If the packet is received on an external interface, and the source address is private, and the destination is not private it is dropped.
2. If the source address is localhost (127.X.X.X) it is dropped.
If you look at some of the other attributes of the packets that are being dropped for spoofing, you should get a better picture about whether they are really spoofed traffic or not. You may need to uncheck the option to block spoofed packets.
- adrien
- Qbik Staff
- Posts: 5448
- Joined: Sep 03 03 2:54 pm
- Location: Auckland
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 5 guests