Help please - do I want to allow this program to access the network?

Anic

Hi

I hope someone can advise me.

I uninstalled Norton Internet Security from my computer and installed AVG Anti Virus and Sygate Personal Firewall instead.

This morning when I have been working on the computer I have been given themessage by Sygate

"Win32 Kernel core component (kernel32.dll) has received a Broadcast packet from the remote machine (xx.xxx.xxx.xxx). Do you want to allow this program to access the network?"

I have put x's instead of the numbers above in case it is my own machine and I am showing my own numbers - I just don't know.

I only have one PC so am not on a network but am not very technical and don't know if I should be allowing this or not as I have no idea what it is or does. I looked at the Detail bit and it confused me even more.

Any help would be appreciated

Fran

If you're not sure then deny it, but not "remember this answer". If something doesn't work because of it you will then know what it means and can choose to allow it.

LincsLad_3

Sounds very much like an attempt by a remote PC to connect to yours. You should DENY access.

Remember that you ARE on a network - called the Internet. I would check your firewall logs to see if there are repeated attempts by the computer at address xxx.xxx.xxx.xxx to contact yours. If you want to PM me the actual numbers I can tell you if the PC if yours or not - but I doubt that it is.

I would also recommend a visit to http://www.grc.com and follow the links to 'Shields Up' which will check to see if your PC is visible to others on the 'Net - ideally it should not be.

Let us know if you need any more help.

Patr100

It may be a harmless ping from your ISP or Windows checking for updates if it is automatocally set to do so, but just disallow it - as long as you can surf and send emails then there's no problem, if you have difficulty running windws update when you need to then look to see if it needs to be allowed for it to function.

Toxteth_OGrady

I have put x's instead of the numbers above in case it is my own machine and I am showing my own numbers - I just don't know.

Go here and search for the remote IP address. It'll tell you what it is and may give you a clue as to whether you can allow it or not.

:cool:

TOG

DVB_3

Are you on NTL? First two numbers (that you covered with xs) - where they 1 and 0 (10)?

Anic

DVB wrote:

Are you on NTL? First two numbers (that you covered with xs) - where they 1 and 0 (10)?

Hi,

Yes I am with NTL and the firs two numbers are 1 and 0.

I also used Toxteth O'Grady's suggestion and the number belongs to:

OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US


Does this suggest that it is something to do with NTL? and if so is it safe to allow the program?

I have been saying no but don't want to "remember the answer" in case it causes problems later but the box keeps popping up every few minutes.

I didn't know if this was something that my computer needs to update all the time or not so wasn't sure what to do.

Also, thanks Lincs Lad - I tried the Shields Up and it said everything was "Stealth" so seemed fine (I think).

Toxteth_OGrady

The reason you got IANA is because it's an internal network address. It'll be the LAN address of your modem or router/firewall. The 10.xx.xx.xx is an internal address so nothing to worry about - you can allow it. Here's a description:

Special-Use Addresses
Several address ranges are reserved for "Special Use". These addresses all have restrictions of some sort placed on their use, and in general should not appear in normal use on the public Internet. The following briefly documents these addresses – in general they are used in specialized technical contexts. They are described in more detail in RFC 3330.
"Private Use" IP addresses:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

The above address blocks are reserved for use on private networks, and should never appear in the public Internet. There are hundreds of thousands of such private networks (for example home firewalls sometimes make use of them). The IANA has no record of who uses these address blocks. Anyone may use these address blocks within their own network without any prior notification to IANA.

The point of private address space is to allow many organizations in different places to use the same addresses, and as long as these disconnected or self-contained islands of IP-speaking computers (private intranets) are not connected, there is no problem. If you see an apparent attack, or spam, coming from one of these address ranges, then either it is coming from your local environment, or the address has been "spoofed".

The Private addresses are documented in RFC 1918. If you have further questions about RFC 1918 usage, please contact your ISP.

DVB_3

If you're on NTL and you get such a message with address that looks like 10.x.x.x - you should permit it and save this response. This is the way NTL checks for the presense of the networking equipment (computer, router, etc) on your side, more often than not during network peak times. If no response is received from a number of such packets (pings) your connection cuts off, and to reestablish it you might need to reboot your computer, or even your set-top box. Only two source address of this type are used by NTL to check on any one connection, so after saying yes twice and remembering your answer you should have no further issues.

It is quite safe to allow those pings, as these address are "private" addresses, so essentially they are non-routable, which is why NTL chose such a solution. Toxteth_OGrady has already provided information about those addresses in the post above.