jsac Posted October 15, 2005 Report Posted October 15, 2005 i keep gettin a sygate warning popup constantly even after tellin it to allow utorrent access... drivin me frikkin crazy!!heres what it includes:The executable has changed since the last time you used: E:PROGRAM FILES 2BitCometutorrent.exeFile Version : File Description : E:PROGRAM FILES 2BitCometutorrent.exeFile Path : E:PROGRAM FILES 2BitCometutorrent.exeProcess ID : 0xCAC (Heximal) 3244 (Decimal)Connection origin : remote initiatedProtocol : TCPLocal Address : xx.xx.xx.xxxLocal Port : 3306 (MYSQL - MySQL)Remote Name : Remote Address : 70.28.1.163Remote Port : 50000 Ethernet packet details:Ethernet II (Packet Length: 104) Destination: 00-30-4f-36-57-57 Source: 00-0b-bf-50-58-70Type: IP (0x0800)Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 113 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x3810 (Correct) Source: 70.28.1.163 Destination: 72.28.44.107Transmission Control Protocol (TCP) Source port: 50000 Destination port: 3306 Sequence number: 2263711004 Acknowledgment number: 146848504 Header length: 20 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 1... = Push: Set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Checksum: 0xbf27 (Correct) Data (50 Bytes)Binary dump of the packet:0000: 00 30 4F 36 57 57 00 0B : BF 50 58 70 08 00 45 00 | .0O6WW...PXp..E.0010: 00 5A 3D 20 40 00 71 06 : 10 38 46 1C 01 A3 48 1C | .Z= @.q..8F...H.0020: 2C 6B C3 50 0C EA 86 ED : 7D 1C 08 C0 BA F8 50 18 | ,k.P....}.....P.0030: FF FF 27 BF 00 00 00 00 : 00 01 01 00 00 00 05 04 | ..'.............0040: 00 00 02 78 00 00 00 05 : 04 00 00 36 BB 00 00 00 | ...x.......6....0050: 05 04 00 00 11 F6 00 00 : 00 05 04 00 00 1C 46 00 | ..............F.0060: 00 00 05 04 00 00 05 C0 : | ........
chaosblade Posted October 15, 2005 Report Posted October 15, 2005 Remove the rules you have for it in the firewall and try again.It seems to not recognize the new version (diff exe size, date stamp, etc).
jsac Posted October 16, 2005 Author Report Posted October 16, 2005 grrrr, i removed all rules and reapplied em... what its doin is detcting change of the .exe after ive clicked yes to let it access the network.. then 2 seconds later it pops up to tell me its changed again....
jsac Posted October 16, 2005 Author Report Posted October 16, 2005 maybe some1 can make sense of this.... heres 2 consecutive popup details.... the first :The executable has changed since the last time you used: E:PROGRAM FILES 2BitCometutorrent.exeFile Version : File Description : E:PROGRAM FILES 2BitCometutorrent.exeFile Path : E:PROGRAM FILES 2BitCometutorrent.exeProcess ID : 0xD10 (Heximal) 3344 (Decimal)Connection origin : remote initiatedProtocol : TCPLocal Address : xxxxxxxxxLocal Port : 7141 Remote Name : Remote Address : 82.92.193.226Remote Port : 2510 Ethernet packet details:Ethernet II (Packet Length: 66) Destination: 00-30-4f-36-57-57 Source: 00-0b-bf-50-58-70Type: IP (0x0800)Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 48 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0x899c (Correct) Source: 82.92.193.226 Destination: 72.28.44.107Transmission Control Protocol (TCP) Source port: 2510 Destination port: 7141 Sequence number: 417570757 Acknowledgment number: 0 Header length: 32 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Checksum: 0xe0d (Correct) Data (0 Bytes)Binary dump of the packet:0000: 00 30 4F 36 57 57 00 0B : BF 50 58 70 08 00 45 00 | .0O6WW...PXp..E.0010: 00 34 25 75 40 00 30 06 : 9C 89 52 5C C1 E2 48 1C | .4%u@.0...R..H.0020: 2C 6B 09 CE 1B E5 18 E3 : 9F C5 00 00 00 00 80 02 | ,k..............0030: FA F0 0D 0E 00 00 02 04 : 05 AC 01 03 03 00 01 01 | ................0040: 04 02 : | .. then after i click yes to tell sygate its ok to let it access the network.. heres the next popup sayin its detected changes to the exe again...The executable has changed since the last time you used: E:PROGRAM FILES 2BitCometutorrent.exeFile Version : File Description : E:PROGRAM FILES 2BitCometutorrent.exeFile Path : E:PROGRAM FILES 2BitCometutorrent.exeProcess ID : 0xCAC (Heximal) 3244 (Decimal)Connection origin : remote initiatedProtocol : TCPLocal Address : xxxxxxxxxLocal Port : 8504 Remote Name : modemcable202.137-200-24.mc.videotron.caRemote Address : 24.200.137.202Remote Port : 63219 Ethernet packet details:Ethernet II (Packet Length: 60) Destination: 00-30-4f-36-57-57 Source: 00-0b-bf-50-58-70Type: IP (0x0800)Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 111 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0xddb5 (Correct) Source: 24.200.137.202 Destination: 72.28.44.107Transmission Control Protocol (TCP) Source port: 63219 Destination port: 8504 Sequence number: 3648990128 Acknowledgment number: 1233757983 Header length: 20 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...1 .... = Acknowledgment: Set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..0. = Syn: Not set .... ...0 = Fin: Not set Checksum: 0xb68a (Correct) Data (0 Bytes)Binary dump of the packet:0000: 00 30 4F 36 57 57 00 0B : BF 50 58 70 08 00 45 00 | .0O6WW...PXp..E.0010: 00 28 3E D9 40 00 6F 06 : B5 DD 18 C8 89 CA 48 1C | .(>.@.o.......H.0020: 2C 6B F6 F3 21 38 D9 7F : 2B B0 49 89 A7 1F 50 10 | ,k..!8..+.I...P.0030: FF FF 8A B6 00 00 00 00 : 00 00 00 00 | ............ probably just somethin stupid.. settings or whatever.. but its drivin me batty constantly poppin uplol
Firon Posted October 16, 2005 Report Posted October 16, 2005 Interesting, uTorrent's process ID changes in the second capture.Is there any way to turn off Sygate's checker for dll/exe changes?
oxymoron Posted October 16, 2005 Report Posted October 16, 2005 Yes, there is.But it strange. I'm using Sygate PFW (5.5, german) myself and don't have any problems...
jsac Posted October 16, 2005 Author Report Posted October 16, 2005 alright , kinda figured out the prob.... had something to do with the exe bein in bitcomets fodler as i was dumpin em in there to keep everything neat... i created a folder for the exe (now i can delete bitcomet : ) and the errors went away.... def weird tho....
r00ted Posted October 16, 2005 Report Posted October 16, 2005 get rid of sygate, and use the native firewall came packaged into the operating system you paid for? "Personal Firewalls" are Mostly Snake-oilMight be a little old, but some of the stuff still holds true.
Firon Posted October 16, 2005 Report Posted October 16, 2005 Are you the same r00ted from Phoenix Labs? I posted that snake-oil link of yours in another thread about software and hardware firewalls earlier today.
Firon Posted October 16, 2005 Report Posted October 16, 2005 Hurrah for Phoenix Labs and PG2! You guys rock for that. I just hope blocklist.org will come back up sometime soon, I miss the frequent updates and fast list downloads
jsac Posted October 16, 2005 Author Report Posted October 16, 2005 get rid of sygate, and use the native firewall came packaged into the operating system you paid for? ur jokin right?i see the word "pay" and "paid" alot in these articles.... again...ur jokin right?lol
Recommended Posts
Archived
This topic is now archived and is closed to further replies.