Application Layer Gateway Service

Topic

New Reply

Just got one of “those” calls from a person who did not have English as their first language.

They asked me to go to MSCONFIG and then Services. They directed me to “Application Layer Gateway Service”…

This is when I ended the conversation. I have googled this name, and haven’t come up with anything helpful. I looked it up in askwoody – and came up with nothing.

What is it, and why would they want me to do something with it?

1 user thanked author for this post.

woody

Reply | Quote

Replies

Per Wikipedia:

The Application Layer Gateway service in Microsoft Windows provides support for third-party plugins that allow network protocols to pass through the Windows Firewall and work behind it and Internet Connection Sharing.

Non-techy Win 10 Pro and Linux Mint experimenter

Reply | Quote

Digging deeper in Wikipedia’s information:

An ALG may offer the following functions:
– allowing client applications to use dynamic ephemeral TCP/ UDP ports to communicate with the known ports used by the server applications, even though a firewall configuration may allow only a limited number of known ports. In the absence of an ALG, either the ports would get blocked or the network administrator would need to explicitly open up a large number of ports in the firewall — rendering the network vulnerable to attacks on those ports.

I expect they were trying to take control of the computer, as you suspected @dturnidge

1 user thanked author for this post.

woody

Reply | Quote

Thank you. My assumption, based on the name, was that if I activated the service it would give him access to my system – which I wouldn’t allow to happen!

I just wondered if my assumption would be correct. What would they do if I DID activate the service? What other info would they need? What software on THEIR end would they use to do their damage?

Reply | Quote

If I feel up to it I lead these people on, argue with them, etc. BUT, I never do what they ask. NEVER believe unsolicited communications of any sort asking you to do something to your system.

--Joe

Reply | Quote

Agreed. That’s what I did. I wanted to see where he would take me, and I probably could have gone a little farther. But nothing that “changed” anything on my system!

Reply | Quote

For what it is worth, I have been receiving, and for some time already, the same pre-recorded call where a woman’s voice, speaking n a sort of threatening stage whisper, informs me that “your computer has been infected with a virus…”, and that is when I hang up.

It is a curious fact that the robocall systems never seem to learn that calling my number is just a waste of their crooked owners’ time. Too cheaply built for that?. Or designed that way, hoping that a different person might answer next time?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Predatory Scamming of people is a volume business, after hearing and watching some recorded calls those scammers are convinced any intended victims are all naive and they’ll destroy the ones who are.

Reply | Quote

..https://blog.malwarebytes.com/101/2019/02/the-lazy-persons-guide-to-cybersecurity-minimum-effort-for-maximum-protection/

.

* _ ... _ *

Reply | Quote

I think they just pick a couple of services at the top of the alphabetical list which they know are likely to show “Stopped”, so that they can convince you that you have some “problems” to be fixed:

Security disabled. How do I enable? (OR was someone trying to scam me?)

Reply | Quote

Yeah, I think I need to go to whatever the next step is. I’ll never actually change or start something… I think it would be good to be aware of where these people are actually going, maybe to be able to let them know that we know how off the wall they really are.

Reply | Quote

Just don’t grant them access or payment, and you may waste some of their time while they waste yours.

Reply | Quote

These people sending fake messages are criminals, maybe violent ones, and in this age of “you have absolutely no privacy, so forget about it”, they may even have means to know where one lives. So best not to tempt the devil and avoid trying to get in touch with them, even if it is to tell them off. Unless it is a live call from an actual person, so one is already in touch with them.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Definitely a live person… said they were from New York… but they need to look for an English training service… 

Reply | Quote

I would have been interested in what they were actually going to tell you to do. (w/o you doing it of course. ) It seems to be a service that could allow all manor of mischief if abused. FYI mine is stopped.

Just because you don't know where you are going doesn't mean any road will get you there.

Reply | Quote

Yeah, mine was stopped too. It has something to do with opening up your system. I’ll see if I can get a bit farther next time… WITHOUT actually changing anything on my system…

Reply | Quote

I’m disabling as it serves no purpose for my configuration, ALG does appear to be another idea which like UPnP & WPS configuration is now a problem.

1 user thanked author for this post.

Myst

Reply | Quote

Some of these hackers can turn around and behave in very malicious ways. It is best to simply tell them that you don’t have any Windows computers, that you have no issues, thank them for their concern, and hang up. The upshot is, do not egg them on in any way. I have been DDOSd twice. Once, for a comment I made here on this forum. That DDOS was from Russia. The other time (around 20 years ago) was from a specific person in Canada, yet again for a comment I made on another forum. The takeaway is that there are really bad people out there online.

I have never received one of these kinds of calls because I am extraordinarily careful about what I put “out there” on the Internet or on other public records. It is far better to be a ghost, in terms of your online identity everywhere and whenever possible, and to make sure that you never use the same password twice anywhere online, than to fall victim to either identity theft or to phishing scams or to robocalls.

Some food for thought…

(Forum mods, please feel free to consider moving and editing all of the following since it really belongs under some sort of Online Security topic. It would be nice to turn the following, and to expand on the following in terms of online security. After all, education is one of the goals of the AskWoody forum!)

Talk to one of your local bank’s representatives to discuss and learn how to implement every additional security measure which they have to offer for you — including receiving email alerts for all transactions above zero cents, and for implementing a verbal password so that your bank can confirm that they are talking to you and nobody else who is trying to impersonate you. Unfortunately, many banking institutions do not first offer a verbal “challenge” word, which you should know, before you give up your verbal password! Incoming phone numbers shown on your home phone or cell phone can so easily be faked. Learn more by simply Googling “phone swatting”.

Change your card pin numbers at least as often as every three months. Request replacement cards every year. If you are paranoid, request replacement cards every six months. Do not link bank accounts for overdraft protection. Additionally request  additional debit cards which you never use, unless the other debit cards become compromised, so that you have a fall back method. These additional “emergency” debit cards should have a different PIN number.

Create a separate bank account which you will use for all online transactions. Do not link this bank account to any of your other bank accounts. Replenish funds in this bank account only as needed in order to cover your online purchases. The point here is to limit how much money a hacker can steel from you in the event of a data breach of an online retailer from which you made purchases.

Try to do the same thing for your credit cards. Some banking institutions might object to you having more than one debit or credit card which is associated with one of your bank accounts. You must explain to the banking institution that these cards will be “emergency” cards which will only be used in the event that the other cards have become compromised, perhaps by a retailer data breach, et cetera.

Never travel internationally without having some way, in particular some never used way, to pay for any expenses in the dire event that all of your other payment methods have been compromised or suspended.

Many people pay their bills online. Most companies allow the user to save details about their payment method. That is a bad thing if a company becomes the victim of a data breach. Never save details for your payment method online. Yeah, you have to forgo the “convenience factor”. I never save my payment details online. Yeah, this is a real [annoyance], but this also prevents my payment method becoming part of a data breach.

Reply | Quote

Before asking your bank anything, check the security of their servers first: https://www.ssllabs.com/ssltest/

3 users thanked author for this post.

Rick Corbett, Elly, GoneToPlaid

Reply | Quote

Hello Satrow,

Very slick, although time consuming to perform (you have to wait a good while for all results). Yet well worth the effort in terms of waiting for all results to eventually be displayed.

Satrow, thank you so very much for the link to this most worthwhile utility which anyone can use to check the worthiness of any bank’s web site before anyone considers opening accounts with a new bank.

Satrow’s link to Qualis can also be used to check any web site. In particular, other online web sites which most people regularly use to pay their car insurance, to pay their utility bills, et cetera. I think that it is worthwhile for everyone to use Satrow’s link for the Qualis utility to check such sites, in particular for whether or not you decide to save your payment credentials with a given web site for convenience.

Obviously for online banking, one would expect the Qualis tests to report an A+ grade, even if there are a few issues in terms of users not having upgraded their web browsers to disallow older TLS protocols. Yeah, banks tend to choose to continue to support older TLS protocols in order to keep customers happy, even though those customers refuse to upgrade their web browsers or also refuse to upgrade to a more modern OS.

One big thing to look for in the Qualis report is that your online bank has implemented later and more secure versions of TLS. In particular, TLS with RSA and with AES 128 or AES 256. The AES level (128 or 256) really doesn’t matter. In the Qualis test report, you all will be looking for at least one green colored line under the Protocols and Cypher Suites sections. Further, you should also look at and consider the potential implications of any orange colored lines in the report.

I reckon that Satrow can elucidate further on Qualis reports much better than I can.

Again, satrow’s link is most remarkable in its usefulness, and in terms of helping you to decide whether or not you should consider allowing any given web site to store your payment credentials. Personally, I never allow any web sites to store my payment credentials — other than Paypal. Even with Paypal, I use a specific card which has very limited available funds. This is a real [pain] since I have to enter my payment credentials every single time on all other web sites. Yet I feel much safer by having to do so, versus allowing web sites to save my payment credentials in their databases.

I operate under two basic assumptions. First, is that data breeches are inevitable — even years down the road. Second, is that the US government will not do a thing about it, other than at most slaps on the wrist. I could rant about the latter, yet it is what it is.

Best regards and with a special thanks to satrow,

–GTP

2 users thanked author for this post.

satrow, Elly

Reply | Quote

Browsers make up the other side of the secure connection equation, test yours here.

1 user thanked author for this post.

Kirsty

Reply | Quote