Computer crashes


Advanced search

Message boards : Number crunching : Computer crashes
Message board moderation

To post messages, you must log in.

1 · 2 · Next

AuthorMessage
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 743453 - Posted: 24 Apr 2008, 8:25:54 UTC

In reference to this thread: Computer crashes
I noticed my computer was crunching REALLY slowly yesterday
I tried to reboot the whole computer this morning and it would not restart, gave me bios errors
I reflashed the bios and ran checkdisk, system seems to be back to normal for now.

I'm experiencing the same symptoms... Now I'm on a new machine, and 'sometimes' when I post on the seti boards, I've been seeing this in my firewall log:

Apr 22 18:36:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49207 from 128.32.18.150:80
Apr 22 18:36:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49208 from 128.32.18.150:80
Apr 22 18:36:27 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49207 from 128.32.18.150:80
Apr 22 18:36:28 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49221 from 128.32.18.150:80
Apr 22 18:36:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49208 from 128.32.18.150:80
Apr 22 18:36:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49207 from 128.32.18.150:80
Apr 22 18:36:38 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49221 from 128.32.18.150:80
Apr 22 18:38:34 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49252 from 128.32.18.150:80
Apr 22 19:03:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49420 from 128.32.18.150:80
Apr 22 19:03:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49420 from 128.32.18.150:80
Apr 22 19:50:44 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49449 from 128.32.18.150:80
Apr 22 19:50:44 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49450 from 128.32.18.150:80
Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49462 from 128.32.18.150:80
Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49464 from 128.32.18.150:80
Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49449 from 128.32.18.150:80
Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49450 from 128.32.18.150:80
Apr 22 19:50:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49463 from 128.32.18.150:80
Apr 22 19:50:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49464 from 128.32.18.150:80
Apr 22 19:50:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49462 from 128.32.18.150:80
Apr 22 19:50:54 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49449 from 128.32.18.150:80
Apr 22 19:50:54 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49450 from 128.32.18.150:80
Apr 22 19:50:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49463 from 128.32.18.150:80
Apr 22 19:50:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49464 from 128.32.18.150:80
Apr 22 19:50:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49462 from 128.32.18.150:80
Apr 22 19:51:09 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49463 from 128.32.18.150:80
Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49967 from 128.32.18.150:80
Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49969 from 128.32.18.150:80
Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49971 from 128.32.18.150:80
Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49972 from 128.32.18.150:80
Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49973 from 128.32.18.150:80
Apr 22 21:16:01 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49967 from 128.32.18.150:80
Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49969 from 128.32.18.150:80
Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49971 from 128.32.18.150:80
Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49973 from 128.32.18.150:80
Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49972 from 128.32.18.150:80
Apr 22 21:16:03 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49985 from 128.32.18.150:80
Apr 22 21:16:04 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49986 from 128.32.18.150:80
Apr 22 21:16:04 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49987 from 128.32.18.150:80
Apr 22 21:16:04 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49988 from 128.32.18.150:80
Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49986 from 128.32.18.150:80
Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49987 from 128.32.18.150:80
Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49967 from 128.32.18.150:80
Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49985 from 128.32.18.150:80
Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49969 from 128.32.18.150:80
Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49971 from 128.32.18.150:80
Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49988 from 128.32.18.150:80
Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49973 from 128.32.18.150:80
Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49972 from 128.32.18.150:80
Apr 22 21:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49986 from 128.32.18.150:80
Apr 22 21:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49987 from 128.32.18.150:80
Apr 22 21:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49985 from 128.32.18.150:80
Apr 22 21:16:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49988 from 128.32.18.150:80
Apr 22 21:54:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50472 from 128.32.18.150:80
Apr 22 21:54:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50473 from 128.32.18.150:80
Apr 22 21:54:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50472 from 128.32.18.150:80
Apr 22 21:54:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50473 from 128.32.18.150:80
Apr 22 21:54:19 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50472 from 128.32.18.150:80
Apr 22 21:54:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50473 from 128.32.18.150:80
Apr 22 22:50:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50730 from 128.32.18.150:80
Apr 22 22:50:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50730 from 128.32.18.150:80
Apr 23 04:31:43 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49312 from 128.32.18.150:80
Apr 23 04:31:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49312 from 128.32.18.150:80
Apr 23 04:31:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49312 from 128.32.18.150:80
Apr 23 04:48:28 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49471 from 128.32.18.150:80
Apr 23 05:14:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49636 from 128.32.18.150:80
Apr 23 06:10:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49924 from 128.32.18.150:80
Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49932 from 128.32.18.150:80
Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49933 from 128.32.18.150:80
Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49934 from 128.32.18.150:80
Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49924 from 128.32.18.150:80
Apr 23 06:10:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49932 from 128.32.18.150:80
Apr 23 06:10:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49934 from 128.32.18.150:80
Apr 23 06:10:18 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49933 from 128.32.18.150:80
Apr 23 06:10:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49924 from 128.32.18.150:80
Apr 23 06:10:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49932 from 128.32.18.150:80
Apr 23 06:10:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49934 from 128.32.18.150:80
Apr 23 06:10:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49933 from 128.32.18.150:80
Apr 23 06:11:42 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50009 from 128.32.18.150:80
Apr 23 06:11:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50009 from 128.32.18.150:80
Apr 23 06:11:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50009 from 128.32.18.150:80
Apr 23 13:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49183 from 128.32.18.150:80
Apr 23 13:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49184 from 128.32.18.150:80
Apr 23 13:16:16 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49183 from 128.32.18.150:80
Apr 23 13:16:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49184 from 128.32.18.150:80
Apr 23 13:16:22 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49183 from 128.32.18.150:80
Apr 23 13:16:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49184 from 128.32.18.150:80
Apr 23 15:40:40 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80
Apr 23 15:40:43 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80
Apr 23 15:40:49 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80
Apr 23 15:46:55 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80
Apr 23 15:46:55 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80
Apr 23 15:46:56 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80
Apr 23 15:46:56 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80
Apr 23 15:46:56 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80
Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49722 from 128.32.18.150:80
Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80
Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80
Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80
Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80
Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80
Apr 23 15:46:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49722 from 128.32.18.150:80
Apr 23 15:47:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80
Apr 23 15:47:05 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80
Apr 23 15:47:05 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80
Apr 23 15:47:06 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49722 from 128.32.18.150:80
Apr 23 15:47:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80
Apr 23 19:29:49 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49315 from 128.32.18.150:80
Apr 23 19:29:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49315 from 128.32.18.150:80

128.32.18.150 appears to belong to seti:

150.18.32.128.in-addr.arpa. 18403 IN PTR thinman.ssl.berkeley.edu.
18.32.128.in-addr.arpa. 18403 IN NS adns1.berkeley.edu.
18.32.128.in-addr.arpa. 18403 IN NS adns2.berkeley.edu.
adns1.berkeley.edu. 129769 IN A 128.32.136.3
adns2.berkeley.edu. 49319 IN A 128.32.136.14

The crashes on my other machine initially coincided with my posting habits too... I had my suspicions, but didn't investigate because I thought it was a power issue, until now... My G3 iMac crunched nonstop for almost ten years... The outcome of this thread will determine if my new Intel Mac will do any crunching at all...

Can anyone explain why seti is trying to communicate with a machine that doesn't even have boinc installed on it? ;(

(I'd like to at least think that in my country 'freedom of speech' has only been hindered by bullies and hasn't evolved into crashing computers too.)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 743453 · Report as offensive
Profile ML1
Volunteer moderator
Volunteer tester

Send message
Joined: 25 Nov 01
Posts: 20265
Credit: 7,508,002
RAC: 20
United Kingdom
Message 743514 - Posted: 24 Apr 2008, 12:27:57 UTC

What machine are you on?
What browser?

Have Berkeley got their web pages and data accesses spread across multiple servers in their closet?

Are you perhaps seeing the effects of your ISP trying to cache pages for you?...


Or, more likely if you're suffering booting problems before even getting to your web browser is that you have MS-Virus problems or that you really have hardware problems. The fact that you're surfing s@h is just a coincidence.

Any other websites with BIG pages that you can try?

Also note that you'll see a gazillion different IP addresses for all the avatars and sig graphics files that get downloaded. You might just be seeing your router/modem giving up due to IP address overload!


Investigate further?

Good luck,
Martin
See new freedom: Mageia Linux
Take a look for yourself: Linux Format
The Future is what We all make IT (GPLv3)
ID: 743514 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 743675 - Posted: 24 Apr 2008, 20:41:04 UTC - in response to Message 743514.  

note that you'll see a gazillion different IP addresses for all the avatars and sig graphics files that get downloaded.

You mean like this:
Safari ->www.boincstats.com:http (CLOSE_WAIT)
Safari ->host198.signonsandiego.com:http (ESTABLISHED)
Safari ->miamihost.net:http (ESTABLISHED)
Safari ->host198.signonsandiego.com:http (ESTABLISHED)
Safari ->a6.d8.5446.static.theplanet.com:http (SYN_SENT)
Safari ->thinman.ssl.berkeley.edu:http (ESTABLISHED)
Safari ->unknown79.82.200.74.defenderhosting.com:http (SYN_SENT)
Safari ->host198.signonsandiego.com:http (CLOSE_WAIT)
Safari ->brainsmashr.com:http (CLOSE_WAIT)
Safari ->carmack.ah-web.org:http (CLOSE_WAIT)
Safari ->millan.net:http (CLOSE_WAIT)
Safari ->66.7.192.165.static.dimenoc.com:http (CLOSE_WAIT)
Naw, my firewall doesn't seem to have a problem with that...

I also noticed a break on the 20th and on the 21st, followed by five more days... The weekend???
Apr 15 23:52:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51070 from 128.32.18.150:80
Apr 15 23:52:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51071 from 128.32.18.150:80
Apr 15 23:52:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51070 from 128.32.18.150:80
Apr 15 23:52:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51071 from 128.32.18.150:80
Apr 16 13:02:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:53092 from 128.32.18.150:80
Apr 16 13:56:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:53324 from 128.32.18.150:80
Apr 16 17:37:53 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49434 from 128.32.18.150:80
Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50345 from 128.32.18.150:80
Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50346 from 128.32.18.150:80
Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50347 from 128.32.18.150:80
Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50348 from 128.32.18.150:80
Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80
Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50350 from 128.32.18.150:80
Apr 17 22:11:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50347 from 128.32.18.150:80
Apr 17 22:11:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80
Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50348 from 128.32.18.150:80
Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50345 from 128.32.18.150:80
Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50346 from 128.32.18.150:80
Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50350 from 128.32.18.150:80
Apr 17 22:11:29 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80
Apr 17 22:11:29 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50347 from 128.32.18.150:80
Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50348 from 128.32.18.150:80
Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50345 from 128.32.18.150:80
Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50350 from 128.32.18.150:80
Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50346 from 128.32.18.150:80
Apr 17 22:11:41 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80
Apr 17 22:12:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50443 from 128.32.18.150:80
Apr 17 22:12:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50447 from 128.32.18.150:80
Apr 17 22:12:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50443 from 128.32.18.150:80
Apr 17 22:12:19 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50447 from 128.32.18.150:80
Apr 17 22:12:19 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50443 from 128.32.18.150:80
Apr 17 22:12:31 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50447 from 128.32.18.150:80
Apr 18 02:03:47 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50901 from 128.32.18.150:80
Apr 18 02:03:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50901 from 128.32.18.150:80
Apr 18 14:46:32 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80
Apr 18 14:46:41 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80
Apr 19 14:41:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49352 from 128.32.18.150:80
Apr 19 14:41:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49352 from 128.32.18.150:80
Apr 19 18:08:18 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50710 from 128.32.18.150:80
Also interesting is the fact that it hasn't happened again, (now that I've brought it up)...

So I ask my question again:

Can anyone explain why seti is trying to communicate with a machine that doesn't even have boinc installed on it? ;(
It may not be 1984 but George Orwell sure did see the future . . .
ID: 743675 · Report as offensive
paperdragon
Volunteer tester
Avatar

Send message
Joined: 27 Aug 99
Posts: 174
Credit: 1,452,115
RAC: 0
Canada
Message 743724 - Posted: 24 Apr 2008, 22:28:41 UTC

How is the network setup?

Is you ISP connection going to the non-BOINC machine, which in turn routes it to the other machine;

Or do you have your ISP connection going to a router, which in turn passes data to which machine requested it.

If it is the first option, the non-BOINC machine would see all the traffic since that traffic first has to go through it. Then that BOINC traffic is passed to the actual SETI machine.


You need a second life? Seconlife.com
ID: 743724 · Report as offensive
Josef W. Segur
Volunteer developer
Volunteer tester

Send message
Joined: 30 Oct 99
Posts: 4504
Credit: 1,414,761
RAC: 0
United States
Message 743726 - Posted: 24 Apr 2008, 22:32:48 UTC - in response to Message 743675.  

...
Can anyone explain why seti is trying to communicate with a machine that doesn't even have boinc installed on it? ;(

As you noted before, 128.32.18.150 is thinman. That's the Web server and mainly only interacts with BOINC when the core client fetches the "master page". But thinman will be interacting with your browser as you read and post in the forums. That doesn't explain what your firewall is calling stealth connection attempts, though. 
                                                                Joe
ID: 743726 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 743804 - Posted: 25 Apr 2008, 1:45:50 UTC - in response to Message 743726.  
Last modified: 25 Apr 2008, 2:34:08 UTC

That doesn't explain what your firewall is calling stealth connection attempts, though.

Exactly! The bottom line seems to be that the 'seti server' is/was initiating unauthorized connections to a standalone computer in search of a boinc program that was never installed on it... Prompted by me making my presence known by logging into the user forums...

There is definitely something fishy going on here... Actually, I believe something fishy was going on with my old computer... I just 'pulled a fast one on them' by switching computers... At this point, I can only assume that if I had installed boinc on this computer, I wouldn't be seeing stealth connection attempts, I'd be seeing crashes...

Please convince me that boinc isn't spyware or that someone hasn't intentionally destroyed my old machine... ;(
It may not be 1984 but George Orwell sure did see the future . . .
ID: 743804 · Report as offensive
1mp0£173
Volunteer tester

Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 743826 - Posted: 25 Apr 2008, 2:46:20 UTC - in response to Message 743804.  

That doesn't explain what your firewall is calling stealth connection attempts, though.

Exactly! The bottom line seems to be that the 'seti server' is/was initiating unauthorized connections to a standalone computer in search of a boinc program that was never installed on it... Prompted by me making my presence known by logging into the user forums...

There is definitely something fishy going on here... Actually, I believe something fishy was going on with my old computer... I just 'pulled a fast one on them' by switching computers... At this point, I can only assume that if I had installed boinc on this computer, I wouldn't be seeing stealth connection attempts, I'd be seeing crashes...

Please convince me that boinc isn't spyware or that someone hasn't intentionally destroyed my old machine... ;(

There is a saying, Never ascribe to malice what can be equally described by stupidity.

... and there is definitely such a thing as too much logging.

I'm sure the firewall in Darwin is based off of some *nix firewall code, but a few minutes reading what I found in Google suggests that this is common.

My take, based on almost no information, is that the firewall is closing down security before all of the TCP timers have run out. SETI thinks you might still be there, but the firewall is sure you're done.

Their server then sends an extra RST+ACK packet to make sure you closed down gracefully, and the firewall reports that as an exploit.

-- Ned
ID: 743826 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 743858 - Posted: 25 Apr 2008, 4:50:07 UTC - in response to Message 743826.  
Last modified: 25 Apr 2008, 5:22:53 UTC

SETI thinks you might still be there, but the firewall is sure you're done.

This is definitely a possibility, but I'm not fully convinced...

I tried to reproduce this theory by bouncing around the seti forums today... Here is my log:




Too many coincidences, and I don't believe in coincidences...


On the other hand:
Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

My computer is quite secure... But I already knew that... ;)

(FYI - ipfw is still part of the operating system, but Apple introduced a proprietary application based firewall with Leopard. ---> I use both.)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 743858 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 743861 - Posted: 25 Apr 2008, 5:40:21 UTC - in response to Message 743724.  
Last modified: 25 Apr 2008, 6:08:35 UTC

How is the network setup?

Let's just say: It's completely different than it was before my iMac passed away... ;)

(Considering the nature of this thread, did you really think I was gonna 'broadcast my ssid'?)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 743861 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 745988 - Posted: 30 Apr 2008, 5:21:05 UTC

Just to wrap this thread up, here are my logs for the past five days:

*** April 24th was quiet as a mouse ***

Apr 25 19:39:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52947 from 128.32.18.150:80
Apr 25 19:39:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52947 from 128.32.18.150:80

Apr 26 13:45:03 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49572 from 128.32.18.150:80
Apr 26 13:45:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49572 from 128.32.18.150:80

Apr 27 19:56:39 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49510 from 128.32.18.150:80
Apr 27 19:56:42 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49510 from 128.32.18.150:80
Apr 27 19:56:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49510 from 128.32.18.150:80
Apr 27 21:49:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49810 from 128.32.18.150:80

Apr 28 13:24:09 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49188 from 128.32.18.150:80
Apr 28 13:24:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49188 from 128.32.18.150:80
Apr 28 19:12:43 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80
Apr 28 19:12:44 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80
Apr 28 19:12:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50592 from 128.32.18.150:80
Apr 28 19:12:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80
Apr 28 19:12:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50587 from 128.32.18.150:80
Apr 28 19:12:46 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50592 from 128.32.18.150:80
Apr 28 19:12:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80
Apr 28 19:12:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50587 from 128.32.18.150:80
Apr 28 19:12:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50592 from 128.32.18.150:80
Apr 28 22:07:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51120 from 128.32.18.150:80
Apr 28 22:07:28 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51120 from 128.32.18.150:80

I've come to two conclusions... This could either be legitimate traffic and/or it could be someone exploiting an open source program...

The only way for me to figure it out is to install boinc again... I'm still pondering over that 'cause I can't afford to lose another 'puter...

For the record, I don't think boinc or seti is spyware, and if there was malice involved, I don't think that it came from boinc or seti...

Let's just say, I never really liked the idea of allowing external links in signatures... My computer is 'stealth' for a reason... ;)

(The main purpose of this post is because I didn't want anyone to read this thread and get the wrong idea about boinc or seti.)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 745988 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 749364 - Posted: 7 May 2008, 6:56:40 UTC
Last modified: 7 May 2008, 7:09:26 UTC

Now THIS is interesting:

May 6 15:58:13 Firewall[37]: ftpfs_agent is listening from xxx.xxx.xxx.xxx:52310 uid = 501 proto=6
May 6 15:58:13 Firewall[37]: Deny ftpfs_agent connecting from 128.32.112.248:20 uid = 0 proto=6
May 6 15:58:16 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52310 from 128.32.112.248:20
May 6 15:58:46: --- last message repeated 2 times ---
May 6 15:58:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52310 from 128.32.112.248:20

128.32.112.248
248.112.32.128.in-addr.arpa. 68452 IN PTR graft.XCF.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS ns.EECS.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS adns1.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS adns2.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS ns.CS.Berkeley.EDU.
ns.CS.Berkeley.EDU. 57727 IN A 169.229.60.61
ns.EECS.Berkeley.EDU. 57727 IN A 169.229.60.153
adns2.Berkeley.EDU. 138019 IN A 128.32.136.14
adns1.Berkeley.EDU. 45705 IN A 128.32.136.3

Apparently, someone doesn't know the consequences... ;)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 749364 · Report as offensive
Grant (SSSF)
Volunteer tester

Send message
Joined: 19 Aug 99
Posts: 13732
Credit: 208,696,464
RAC: 304
Australia
Message 749368 - Posted: 7 May 2008, 7:11:08 UTC


I've never bothered to look at my firewall logs (assuming Windows' Firewalls have ever had logs).
Once i setup a system i check that the ports are closed using Shileds up, and that's it. Whether they are "fully stealthed" or not makes no difference. The ports are closed, they can only be opened from the inside.

As long as it's not bringing the system or my internet connection to it's knees who cares what's happening on the other side?
Grant
Darwin NT
ID: 749368 · Report as offensive
Dr Who Fan
Volunteer tester
Avatar

Send message
Joined: 8 Jan 01
Posts: 3208
Credit: 715,342
RAC: 4
United States
Message 749378 - Posted: 7 May 2008, 7:56:02 UTC - in response to Message 749364.  

Jeffrey,

Sounds like your firewall might be filtering/blocking too much.

Port 52310 is used only by BOINC - to upload, download and schedule work.

This makes it appear to me you have a version of BOINC with SETI installed and running on that machine. Since you have your computers hidden we have no way to see when any of your machine(s) last made contact with the SETI servers.

I suggest you also post a message linking back to this thread in the Questions and Answers: Macintosh forum and ask the Mac experts for help.

Now THIS is interesting:

May 6 15:58:13 Firewall[37]: ftpfs_agent is listening from xxx.xxx.xxx.xxx:52310 uid = 501 proto=6
May 6 15:58:13 Firewall[37]: Deny ftpfs_agent connecting from 128.32.112.248:20 uid = 0 proto=6
May 6 15:58:16 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52310 from 128.32.112.248:20
May 6 15:58:46: --- last message repeated 2 times ---
May 6 15:58:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52310 from 128.32.112.248:20

128.32.112.248
248.112.32.128.in-addr.arpa. 68452 IN PTR graft.XCF.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS ns.EECS.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS adns1.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS adns2.Berkeley.EDU.
112.32.128.in-addr.arpa. 68452 IN NS ns.CS.Berkeley.EDU.
ns.CS.Berkeley.EDU. 57727 IN A 169.229.60.61
ns.EECS.Berkeley.EDU. 57727 IN A 169.229.60.153
adns2.Berkeley.EDU. 138019 IN A 128.32.136.14
adns1.Berkeley.EDU. 45705 IN A 128.32.136.3

Apparently, someone doesn't know the consequences... ;)

ID: 749378 · Report as offensive
Scarecrow

Send message
Joined: 15 Jul 00
Posts: 4520
Credit: 486,601
RAC: 0
United States
Message 749383 - Posted: 7 May 2008, 8:22:29 UTC

Just for grits and shiggles I snooped back through my firewall logs since May 1. There are a total of 11836 entries for various 'bogies' in that time frame, but nothing that equates to SETI/Berkeley/etc. I'm sure I at least browsed the forums most all of those days. Could someone have discovered the wonders of the -S switch in nmap?? ;)
ID: 749383 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 749391 - Posted: 7 May 2008, 9:31:18 UTC - in response to Message 749378.  
Last modified: 7 May 2008, 9:40:17 UTC

Port 52310 is used only by BOINC - to upload, download and schedule work.

This makes it appear to me you have a version of BOINC with SETI installed and running on that machine. Since you have your computers hidden we have no way to see when any of your machine(s) last made contact with the SETI servers.

Maybe I can help you with that:

Tue May 6 11:50:15 2008||Suspending network activity - user request
Tue May 6 15:58:13 <--- nada, nil, zip
Tue May 6 17:36:15 2008|SETI@home|Computation for task 26mr08ac.14343.11933.9.8.163_0 finished
Tue May 6 17:36:15 2008|SETI@home|Starting 26mr08ac.14343.11933.9.8.184_1
Tue May 6 17:36:15 2008|SETI@home|Starting task 26mr08ac.14343.11933.9.8.184_1 using setiathome_enhanced version 528
Tue May 6 18:17:18 2008|SETI@home|Computation for task 26mr08ac.14343.11933.9.8.181_1 finished
Tue May 6 18:17:18 2008|SETI@home|Starting 26mr08ac.14343.11933.9.8.187_0
Tue May 6 18:17:18 2008|SETI@home|Starting task 26mr08ac.14343.11933.9.8.187_0 using setiathome_enhanced version 528
Tue May 6 18:41:42 2008||Resuming network activity

Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means)

But apparently, someone discovered the wonders of something... ;)

(My other Leopard/Boinc oddities. Like I said, there is definitely something 'fishy' going on here.)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 749391 · Report as offensive
Scarecrow

Send message
Joined: 15 Jul 00
Posts: 4520
Credit: 486,601
RAC: 0
United States
Message 749528 - Posted: 7 May 2008, 18:11:12 UTC - in response to Message 749391.  

[Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means)

But apparently, someone discovered the wonders of something... ;)


"Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing."

It's also a very popular tool for port scanning and such. The -S switch is for spoofing the IP address of the machine running nmap. All that's required is to learn your IP address and a less than ethical person could fill your firewall log with entries appearing to be from most anywhere they choose including, but not limited to, berkeley.edu. (Using an IP from the U.S. Department of Justice is always good for a laugh as you watch your victim scramble to delete everything he isn't supposed to have.) :)
ID: 749528 · Report as offensive
OzzFan Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 9 Apr 02
Posts: 15691
Credit: 84,761,841
RAC: 28
United States
Message 749538 - Posted: 7 May 2008, 18:30:52 UTC - in response to Message 749528.  

(Using an IP from the U.S. Department of Justice is always good for a laugh as you watch your victim scramble to delete everything he isn't supposed to have.) :)


Aw shoot! That was you? I lost a lot of good stuff because of that incident! :-p
ID: 749538 · Report as offensive
1mp0£173
Volunteer tester

Send message
Joined: 3 Apr 99
Posts: 8423
Credit: 356,897
RAC: 0
United States
Message 749621 - Posted: 7 May 2008, 21:18:31 UTC - in response to Message 749528.  

[Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means)

But apparently, someone discovered the wonders of something... ;)


"Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing."

It's also a very popular tool for port scanning and such. The -S switch is for spoofing the IP address of the machine running nmap. All that's required is to learn your IP address and a less than ethical person could fill your firewall log with entries appearing to be from most anywhere they choose including, but not limited to, berkeley.edu. (Using an IP from the U.S. Department of Justice is always good for a laugh as you watch your victim scramble to delete everything he isn't supposed to have.) :)

Which really underscores why everyone should be doing egress filtering (making sure the source IP addresses leaving our networks really belong on our networks).

I've been reading the thread, and I've been mostly quiet, but there are lots of things that could cause this kind of stuff, and the best way to describe it is "mostly harmless."

For example, Windows used to use DNS and WINS to do reverse lookups, so if you tried to get the name to go with an IP, it'd query the remote machine on port 137 -- which usually dies at the firewall.

It's sloppy, it's not evil.

We see all kinds of trash hitting our company firewall all the time. It doesn't impress me all that much. It's like the guy walking down the street and pulling on storefront doors to see if any are unlocked.

Or, it could be Scarecrow having a good time.
ID: 749621 · Report as offensive
Michael Crowdfunding Project Donor*Special Project $75 donorSpecial Project $250 donor
Volunteer tester
Avatar

Send message
Joined: 21 Aug 99
Posts: 4608
Credit: 7,427,891
RAC: 18
United States
Message 749624 - Posted: 7 May 2008, 21:31:51 UTC - in response to Message 749621.  

[Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means)

But apparently, someone discovered the wonders of something... ;)


"Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing."

It's also a very popular tool for port scanning and such. The -S switch is for spoofing the IP address of the machine running nmap. All that's required is to learn your IP address and a less than ethical person could fill your firewall log with entries appearing to be from most anywhere they choose including, but not limited to, berkeley.edu. (Using an IP from the U.S. Department of Justice is always good for a laugh as you watch your victim scramble to delete everything he isn't supposed to have.) :)

Which really underscores why everyone should be doing egress filtering (making sure the source IP addresses leaving our networks really belong on our networks).

I've been reading the thread, and I've been mostly quiet, but there are lots of things that could cause this kind of stuff, and the best way to describe it is "mostly harmless."

For example, Windows used to use DNS and WINS to do reverse lookups, so if you tried to get the name to go with an IP, it'd query the remote machine on port 137 -- which usually dies at the firewall.

It's sloppy, it's not evil.

We see all kinds of trash hitting our company firewall all the time. It doesn't impress me all that much. It's like the guy walking down the street and pulling on storefront doors to see if any are unlocked.

Or, it could be Scarecrow having a good time.


Agree...I would be more concerened with what is going OUTBOUND from the box than the random (and sometimes volumous) packets that hit your interface....

ARP broadcasts and blah blah the list goes on...what's more important is that you stop things from going OUT.
ID: 749624 · Report as offensive
Profile Jeffrey
Avatar

Send message
Joined: 21 Nov 03
Posts: 4793
Credit: 26,029
RAC: 0
Message 749690 - Posted: 7 May 2008, 23:46:08 UTC - in response to Message 749621.  

the best way to describe it is "mostly harmless."

I agree... But now that it has my attention, I must continue to investigate... ;)

(I was gonna bring up 'spoofing the IP address' earlier, 'cause that's exactly what I thought was going on.)
It may not be 1984 but George Orwell sure did see the future . . .
ID: 749690 · Report as offensive
1 · 2 · Next

Message boards : Number crunching : Computer crashes


 
©2024 University of California
 
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.