Message from Sygate

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

axkman

Thread Starter
Joined
May 23, 2003
Messages
123
I ahve recently installed Sygate Personal Firewall, and the following appeared on my screen:

"NDIS User mode I/O driver (indisuio.sys has received an ICMP Type O (Echo Reply) packet from (192.168.1.254). Do you want to allow this program to access the network?"

This is in addition to regular pop-ups from Sygate concerning NDIS User mode I/O driver.

I understand that this has something to do with Windows XP that I am running, but mine is a stand-alone PC ie not networked, and I am connected through ADSL, not wireless.

Can I safely deny access to this program, which seems to be constantly trying to send and receive messages from somewhere.

Many thanks for any help with what seems to be (I hope) just a minor irritation. :confused:
 

Blink182

Banned
Joined
Jul 8, 2006
Messages
602
Howdy axkman! :)


Look at the Information below and also look at some links at the end.

I would suspect that it's the Wireless Zero Configuration service using
ndisuio.sys.

Are you using a wireless setup?


You can for sure determine if traffic/packets are leaving your machine by
using a packet sniffer like Ethereal (free use Google) and what IP(s) the
packets are going too.

You may have a Trojan or Spyware you may need to find so use Process
Explorer or PRCview (both free) to look at processes running on the
machine, you can look inside a running process to see what's using the
process.
It may be that some spyware is using NIDS to get out.

Go to Administrative Tools/Services and find the Wireless Zero
Configuration and disable it. You can look at the Dependencies and see that
it's using NDIS.

You don't need WZC running on the machine even if you do have a wireless
setup on the machine.


Use IPsec that's on the XP O/S to supplement Sygate, which can be used
block inbound or outbound by IP, port, protocol, DNS etc., etc. I use IPsec
to supplement BlackIce. I use BalckIce to shutdown something like
ndisuio.sys from communicating but allow it to run.

You should *harden* the XP O/S to attack and shutdown some of the stuff you
don't need running or accessible.


LINK 1
LINK 2
LINK 3
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top