Message boards :
Number crunching :
Computer crashes
Message board moderation
Author | Message |
---|---|
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
In reference to this thread: Computer crashes I noticed my computer was crunching REALLY slowly yesterday I'm experiencing the same symptoms... Now I'm on a new machine, and 'sometimes' when I post on the seti boards, I've been seeing this in my firewall log: Apr 22 18:36:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49207 from 128.32.18.150:80 Apr 22 18:36:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49208 from 128.32.18.150:80 Apr 22 18:36:27 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49207 from 128.32.18.150:80 Apr 22 18:36:28 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49221 from 128.32.18.150:80 Apr 22 18:36:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49208 from 128.32.18.150:80 Apr 22 18:36:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49207 from 128.32.18.150:80 Apr 22 18:36:38 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49221 from 128.32.18.150:80 Apr 22 18:38:34 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49252 from 128.32.18.150:80 Apr 22 19:03:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49420 from 128.32.18.150:80 Apr 22 19:03:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49420 from 128.32.18.150:80 Apr 22 19:50:44 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49449 from 128.32.18.150:80 Apr 22 19:50:44 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49450 from 128.32.18.150:80 Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49462 from 128.32.18.150:80 Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49464 from 128.32.18.150:80 Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49449 from 128.32.18.150:80 Apr 22 19:50:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49450 from 128.32.18.150:80 Apr 22 19:50:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49463 from 128.32.18.150:80 Apr 22 19:50:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49464 from 128.32.18.150:80 Apr 22 19:50:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49462 from 128.32.18.150:80 Apr 22 19:50:54 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49449 from 128.32.18.150:80 Apr 22 19:50:54 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49450 from 128.32.18.150:80 Apr 22 19:50:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49463 from 128.32.18.150:80 Apr 22 19:50:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49464 from 128.32.18.150:80 Apr 22 19:50:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49462 from 128.32.18.150:80 Apr 22 19:51:09 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49463 from 128.32.18.150:80 Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49967 from 128.32.18.150:80 Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49969 from 128.32.18.150:80 Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49971 from 128.32.18.150:80 Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49972 from 128.32.18.150:80 Apr 22 21:15:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49973 from 128.32.18.150:80 Apr 22 21:16:01 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49967 from 128.32.18.150:80 Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49969 from 128.32.18.150:80 Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49971 from 128.32.18.150:80 Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49973 from 128.32.18.150:80 Apr 22 21:16:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49972 from 128.32.18.150:80 Apr 22 21:16:03 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49985 from 128.32.18.150:80 Apr 22 21:16:04 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49986 from 128.32.18.150:80 Apr 22 21:16:04 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49987 from 128.32.18.150:80 Apr 22 21:16:04 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49988 from 128.32.18.150:80 Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49986 from 128.32.18.150:80 Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49987 from 128.32.18.150:80 Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49967 from 128.32.18.150:80 Apr 22 21:16:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49985 from 128.32.18.150:80 Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49969 from 128.32.18.150:80 Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49971 from 128.32.18.150:80 Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49988 from 128.32.18.150:80 Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49973 from 128.32.18.150:80 Apr 22 21:16:08 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49972 from 128.32.18.150:80 Apr 22 21:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49986 from 128.32.18.150:80 Apr 22 21:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49987 from 128.32.18.150:80 Apr 22 21:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49985 from 128.32.18.150:80 Apr 22 21:16:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49988 from 128.32.18.150:80 Apr 22 21:54:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50472 from 128.32.18.150:80 Apr 22 21:54:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50473 from 128.32.18.150:80 Apr 22 21:54:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50472 from 128.32.18.150:80 Apr 22 21:54:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50473 from 128.32.18.150:80 Apr 22 21:54:19 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50472 from 128.32.18.150:80 Apr 22 21:54:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50473 from 128.32.18.150:80 Apr 22 22:50:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50730 from 128.32.18.150:80 Apr 22 22:50:33 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50730 from 128.32.18.150:80 Apr 23 04:31:43 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49312 from 128.32.18.150:80 Apr 23 04:31:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49312 from 128.32.18.150:80 Apr 23 04:31:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49312 from 128.32.18.150:80 Apr 23 04:48:28 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49471 from 128.32.18.150:80 Apr 23 05:14:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49636 from 128.32.18.150:80 Apr 23 06:10:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49924 from 128.32.18.150:80 Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49932 from 128.32.18.150:80 Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49933 from 128.32.18.150:80 Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49934 from 128.32.18.150:80 Apr 23 06:10:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49924 from 128.32.18.150:80 Apr 23 06:10:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49932 from 128.32.18.150:80 Apr 23 06:10:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49934 from 128.32.18.150:80 Apr 23 06:10:18 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49933 from 128.32.18.150:80 Apr 23 06:10:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49924 from 128.32.18.150:80 Apr 23 06:10:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49932 from 128.32.18.150:80 Apr 23 06:10:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49934 from 128.32.18.150:80 Apr 23 06:10:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49933 from 128.32.18.150:80 Apr 23 06:11:42 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50009 from 128.32.18.150:80 Apr 23 06:11:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50009 from 128.32.18.150:80 Apr 23 06:11:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50009 from 128.32.18.150:80 Apr 23 13:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49183 from 128.32.18.150:80 Apr 23 13:16:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49184 from 128.32.18.150:80 Apr 23 13:16:16 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49183 from 128.32.18.150:80 Apr 23 13:16:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49184 from 128.32.18.150:80 Apr 23 13:16:22 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49183 from 128.32.18.150:80 Apr 23 13:16:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49184 from 128.32.18.150:80 Apr 23 15:40:40 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80 Apr 23 15:40:43 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80 Apr 23 15:40:49 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80 Apr 23 15:46:55 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80 Apr 23 15:46:55 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80 Apr 23 15:46:56 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80 Apr 23 15:46:56 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80 Apr 23 15:46:56 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80 Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49722 from 128.32.18.150:80 Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80 Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80 Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80 Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80 Apr 23 15:46:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80 Apr 23 15:46:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49722 from 128.32.18.150:80 Apr 23 15:47:02 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80 Apr 23 15:47:05 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49716 from 128.32.18.150:80 Apr 23 15:47:05 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49718 from 128.32.18.150:80 Apr 23 15:47:06 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49722 from 128.32.18.150:80 Apr 23 15:47:14 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49717 from 128.32.18.150:80 Apr 23 19:29:49 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49315 from 128.32.18.150:80 Apr 23 19:29:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49315 from 128.32.18.150:80 128.32.18.150 appears to belong to seti: 150.18.32.128.in-addr.arpa. 18403 IN PTR thinman.ssl.berkeley.edu. 18.32.128.in-addr.arpa. 18403 IN NS adns1.berkeley.edu. 18.32.128.in-addr.arpa. 18403 IN NS adns2.berkeley.edu. adns1.berkeley.edu. 129769 IN A 128.32.136.3 adns2.berkeley.edu. 49319 IN A 128.32.136.14 The crashes on my other machine initially coincided with my posting habits too... I had my suspicions, but didn't investigate because I thought it was a power issue, until now... My G3 iMac crunched nonstop for almost ten years... The outcome of this thread will determine if my new Intel Mac will do any crunching at all... Can anyone explain why seti is trying to communicate with a machine that doesn't even have boinc installed on it? ;( (I'd like to at least think that in my country 'freedom of speech' has only been hindered by bullies and hasn't evolved into crashing computers too.) It may not be 1984 but George Orwell sure did see the future . . . |
ML1 Send message Joined: 25 Nov 01 Posts: 20265 Credit: 7,508,002 RAC: 20 |
What machine are you on? What browser? Have Berkeley got their web pages and data accesses spread across multiple servers in their closet? Are you perhaps seeing the effects of your ISP trying to cache pages for you?... Or, more likely if you're suffering booting problems before even getting to your web browser is that you have MS-Virus problems or that you really have hardware problems. The fact that you're surfing s@h is just a coincidence. Any other websites with BIG pages that you can try? Also note that you'll see a gazillion different IP addresses for all the avatars and sig graphics files that get downloaded. You might just be seeing your router/modem giving up due to IP address overload! Investigate further? Good luck, Martin See new freedom: Mageia Linux Take a look for yourself: Linux Format The Future is what We all make IT (GPLv3) |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
note that you'll see a gazillion different IP addresses for all the avatars and sig graphics files that get downloaded. You mean like this: Safari ->www.boincstats.com:http (CLOSE_WAIT) Safari ->host198.signonsandiego.com:http (ESTABLISHED) Safari ->miamihost.net:http (ESTABLISHED) Safari ->host198.signonsandiego.com:http (ESTABLISHED) Safari ->a6.d8.5446.static.theplanet.com:http (SYN_SENT) Safari ->thinman.ssl.berkeley.edu:http (ESTABLISHED) Safari ->unknown79.82.200.74.defenderhosting.com:http (SYN_SENT) Safari ->host198.signonsandiego.com:http (CLOSE_WAIT) Safari ->brainsmashr.com:http (CLOSE_WAIT) Safari ->carmack.ah-web.org:http (CLOSE_WAIT) Safari ->millan.net:http (CLOSE_WAIT) Safari ->66.7.192.165.static.dimenoc.com:http (CLOSE_WAIT) Naw, my firewall doesn't seem to have a problem with that... I also noticed a break on the 20th and on the 21st, followed by five more days... The weekend??? Apr 15 23:52:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51070 from 128.32.18.150:80 Apr 15 23:52:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51071 from 128.32.18.150:80 Apr 15 23:52:57 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51070 from 128.32.18.150:80 Apr 15 23:52:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51071 from 128.32.18.150:80 Apr 16 13:02:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:53092 from 128.32.18.150:80 Apr 16 13:56:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:53324 from 128.32.18.150:80 Apr 16 17:37:53 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49434 from 128.32.18.150:80 Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50345 from 128.32.18.150:80 Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50346 from 128.32.18.150:80 Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50347 from 128.32.18.150:80 Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50348 from 128.32.18.150:80 Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80 Apr 17 22:11:20 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50350 from 128.32.18.150:80 Apr 17 22:11:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50347 from 128.32.18.150:80 Apr 17 22:11:23 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80 Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50348 from 128.32.18.150:80 Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50345 from 128.32.18.150:80 Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50346 from 128.32.18.150:80 Apr 17 22:11:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50350 from 128.32.18.150:80 Apr 17 22:11:29 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80 Apr 17 22:11:29 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50347 from 128.32.18.150:80 Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50348 from 128.32.18.150:80 Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50345 from 128.32.18.150:80 Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50350 from 128.32.18.150:80 Apr 17 22:11:30 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50346 from 128.32.18.150:80 Apr 17 22:11:41 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50349 from 128.32.18.150:80 Apr 17 22:12:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50443 from 128.32.18.150:80 Apr 17 22:12:10 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50447 from 128.32.18.150:80 Apr 17 22:12:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50443 from 128.32.18.150:80 Apr 17 22:12:19 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50447 from 128.32.18.150:80 Apr 17 22:12:19 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50443 from 128.32.18.150:80 Apr 17 22:12:31 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50447 from 128.32.18.150:80 Apr 18 02:03:47 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50901 from 128.32.18.150:80 Apr 18 02:03:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50901 from 128.32.18.150:80 Apr 18 14:46:32 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80 Apr 18 14:46:41 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49632 from 128.32.18.150:80 Apr 19 14:41:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49352 from 128.32.18.150:80 Apr 19 14:41:51 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49352 from 128.32.18.150:80 Apr 19 18:08:18 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50710 from 128.32.18.150:80 Also interesting is the fact that it hasn't happened again, (now that I've brought it up)... So I ask my question again: Can anyone explain why seti is trying to communicate with a machine that doesn't even have boinc installed on it? ;( It may not be 1984 but George Orwell sure did see the future . . . |
paperdragon Send message Joined: 27 Aug 99 Posts: 174 Credit: 1,452,115 RAC: 0 |
How is the network setup? Is you ISP connection going to the non-BOINC machine, which in turn routes it to the other machine; Or do you have your ISP connection going to a router, which in turn passes data to which machine requested it. If it is the first option, the non-BOINC machine would see all the traffic since that traffic first has to go through it. Then that BOINC traffic is passed to the actual SETI machine. You need a second life? Seconlife.com |
Josef W. Segur Send message Joined: 30 Oct 99 Posts: 4504 Credit: 1,414,761 RAC: 0 |
... As you noted before, 128.32.18.150 is thinman. That's the Web server and mainly only interacts with BOINC when the core client fetches the "master page". But thinman will be interacting with your browser as you read and post in the forums. That doesn't explain what your firewall is calling stealth connection attempts, though. Joe |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
That doesn't explain what your firewall is calling stealth connection attempts, though. Exactly! The bottom line seems to be that the 'seti server' is/was initiating unauthorized connections to a standalone computer in search of a boinc program that was never installed on it... Prompted by me making my presence known by logging into the user forums... There is definitely something fishy going on here... Actually, I believe something fishy was going on with my old computer... I just 'pulled a fast one on them' by switching computers... At this point, I can only assume that if I had installed boinc on this computer, I wouldn't be seeing stealth connection attempts, I'd be seeing crashes... Please convince me that boinc isn't spyware or that someone hasn't intentionally destroyed my old machine... ;( It may not be 1984 but George Orwell sure did see the future . . . |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
That doesn't explain what your firewall is calling stealth connection attempts, though. There is a saying, Never ascribe to malice what can be equally described by stupidity. ... and there is definitely such a thing as too much logging. I'm sure the firewall in Darwin is based off of some *nix firewall code, but a few minutes reading what I found in Google suggests that this is common. My take, based on almost no information, is that the firewall is closing down security before all of the TCP timers have run out. SETI thinks you might still be there, but the firewall is sure you're done. Their server then sends an extra RST+ACK packet to make sure you closed down gracefully, and the firewall reports that as an exploit. -- Ned |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
SETI thinks you might still be there, but the firewall is sure you're done. This is definitely a possibility, but I'm not fully convinced... I tried to reproduce this theory by bouncing around the seti forums today... Here is my log: Too many coincidences, and I don't believe in coincidences... On the other hand: Your system has achieved a perfect "TruStealth" rating. Not a single packet  solicited or otherwise  was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice. My computer is quite secure... But I already knew that... ;) (FYI - ipfw is still part of the operating system, but Apple introduced a proprietary application based firewall with Leopard. ---> I use both.) It may not be 1984 but George Orwell sure did see the future . . . |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
How is the network setup? Let's just say: It's completely different than it was before my iMac passed away... ;) (Considering the nature of this thread, did you really think I was gonna 'broadcast my ssid'?) It may not be 1984 but George Orwell sure did see the future . . . |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
Just to wrap this thread up, here are my logs for the past five days: *** April 24th was quiet as a mouse *** Apr 25 19:39:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52947 from 128.32.18.150:80 Apr 25 19:39:17 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52947 from 128.32.18.150:80 Apr 26 13:45:03 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49572 from 128.32.18.150:80 Apr 26 13:45:07 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49572 from 128.32.18.150:80 Apr 27 19:56:39 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49510 from 128.32.18.150:80 Apr 27 19:56:42 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49510 from 128.32.18.150:80 Apr 27 19:56:48 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49510 from 128.32.18.150:80 Apr 27 21:49:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49810 from 128.32.18.150:80 Apr 28 13:24:09 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49188 from 128.32.18.150:80 Apr 28 13:24:13 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:49188 from 128.32.18.150:80 Apr 28 19:12:43 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80 Apr 28 19:12:44 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80 Apr 28 19:12:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50592 from 128.32.18.150:80 Apr 28 19:12:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80 Apr 28 19:12:45 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50587 from 128.32.18.150:80 Apr 28 19:12:46 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50592 from 128.32.18.150:80 Apr 28 19:12:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50586 from 128.32.18.150:80 Apr 28 19:12:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50587 from 128.32.18.150:80 Apr 28 19:12:52 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:50592 from 128.32.18.150:80 Apr 28 22:07:24 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51120 from 128.32.18.150:80 Apr 28 22:07:28 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:51120 from 128.32.18.150:80 I've come to two conclusions... This could either be legitimate traffic and/or it could be someone exploiting an open source program... The only way for me to figure it out is to install boinc again... I'm still pondering over that 'cause I can't afford to lose another 'puter... For the record, I don't think boinc or seti is spyware, and if there was malice involved, I don't think that it came from boinc or seti... Let's just say, I never really liked the idea of allowing external links in signatures... My computer is 'stealth' for a reason... ;) (The main purpose of this post is because I didn't want anyone to read this thread and get the wrong idea about boinc or seti.) It may not be 1984 but George Orwell sure did see the future . . . |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
Now THIS is interesting: May 6 15:58:13 Firewall[37]: ftpfs_agent is listening from xxx.xxx.xxx.xxx:52310 uid = 501 proto=6 May 6 15:58:13 Firewall[37]: Deny ftpfs_agent connecting from 128.32.112.248:20 uid = 0 proto=6 May 6 15:58:16 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52310 from 128.32.112.248:20 May 6 15:58:46: --- last message repeated 2 times --- May 6 15:58:58 Firewall[37]: Stealth Mode connection attempt to TCP xxx.xxx.xxx.xxx:52310 from 128.32.112.248:20 128.32.112.248 248.112.32.128.in-addr.arpa. 68452 IN PTR graft.XCF.Berkeley.EDU. 112.32.128.in-addr.arpa. 68452 IN NS ns.EECS.Berkeley.EDU. 112.32.128.in-addr.arpa. 68452 IN NS adns1.Berkeley.EDU. 112.32.128.in-addr.arpa. 68452 IN NS adns2.Berkeley.EDU. 112.32.128.in-addr.arpa. 68452 IN NS ns.CS.Berkeley.EDU. ns.CS.Berkeley.EDU. 57727 IN A 169.229.60.61 ns.EECS.Berkeley.EDU. 57727 IN A 169.229.60.153 adns2.Berkeley.EDU. 138019 IN A 128.32.136.14 adns1.Berkeley.EDU. 45705 IN A 128.32.136.3 Apparently, someone doesn't know the consequences... ;) It may not be 1984 but George Orwell sure did see the future . . . |
Grant (SSSF) Send message Joined: 19 Aug 99 Posts: 13732 Credit: 208,696,464 RAC: 304 |
I've never bothered to look at my firewall logs (assuming Windows' Firewalls have ever had logs). Once i setup a system i check that the ports are closed using Shileds up, and that's it. Whether they are "fully stealthed" or not makes no difference. The ports are closed, they can only be opened from the inside. As long as it's not bringing the system or my internet connection to it's knees who cares what's happening on the other side? Grant Darwin NT |
Dr Who Fan Send message Joined: 8 Jan 01 Posts: 3208 Credit: 715,342 RAC: 4 |
Jeffrey, Sounds like your firewall might be filtering/blocking too much. Port 52310 is used only by BOINC - to upload, download and schedule work. This makes it appear to me you have a version of BOINC with SETI installed and running on that machine. Since you have your computers hidden we have no way to see when any of your machine(s) last made contact with the SETI servers. I suggest you also post a message linking back to this thread in the Questions and Answers: Macintosh forum and ask the Mac experts for help. Now THIS is interesting: |
Scarecrow Send message Joined: 15 Jul 00 Posts: 4520 Credit: 486,601 RAC: 0 |
Just for grits and shiggles I snooped back through my firewall logs since May 1. There are a total of 11836 entries for various 'bogies' in that time frame, but nothing that equates to SETI/Berkeley/etc. I'm sure I at least browsed the forums most all of those days. Could someone have discovered the wonders of the -S switch in nmap?? ;) |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
Port 52310 is used only by BOINC - to upload, download and schedule work. Maybe I can help you with that: Tue May 6 11:50:15 2008||Suspending network activity - user request Tue May 6 15:58:13 <--- nada, nil, zip Tue May 6 17:36:15 2008|SETI@home|Computation for task 26mr08ac.14343.11933.9.8.163_0 finished Tue May 6 17:36:15 2008|SETI@home|Starting 26mr08ac.14343.11933.9.8.184_1 Tue May 6 17:36:15 2008|SETI@home|Starting task 26mr08ac.14343.11933.9.8.184_1 using setiathome_enhanced version 528 Tue May 6 18:17:18 2008|SETI@home|Computation for task 26mr08ac.14343.11933.9.8.181_1 finished Tue May 6 18:17:18 2008|SETI@home|Starting 26mr08ac.14343.11933.9.8.187_0 Tue May 6 18:17:18 2008|SETI@home|Starting task 26mr08ac.14343.11933.9.8.187_0 using setiathome_enhanced version 528 Tue May 6 18:41:42 2008||Resuming network activity Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means) But apparently, someone discovered the wonders of something... ;) (My other Leopard/Boinc oddities. Like I said, there is definitely something 'fishy' going on here.) It may not be 1984 but George Orwell sure did see the future . . . |
Scarecrow Send message Joined: 15 Jul 00 Posts: 4520 Credit: 486,601 RAC: 0 |
[Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means) "Nmap ("Network Mapper") is a free and open source (license) utility for network exploration or security auditing." It's also a very popular tool for port scanning and such. The -S switch is for spoofing the IP address of the machine running nmap. All that's required is to learn your IP address and a less than ethical person could fill your firewall log with entries appearing to be from most anywhere they choose including, but not limited to, berkeley.edu. (Using an IP from the U.S. Department of Justice is always good for a laugh as you watch your victim scramble to delete everything he isn't supposed to have.) :) |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
(Using an IP from the U.S. Department of Justice is always good for a laugh as you watch your victim scramble to delete everything he isn't supposed to have.) :) Aw shoot! That was you? I lost a lot of good stuff because of that incident! :-p |
1mp0£173 Send message Joined: 3 Apr 99 Posts: 8423 Credit: 356,897 RAC: 0 |
[Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means) Which really underscores why everyone should be doing egress filtering (making sure the source IP addresses leaving our networks really belong on our networks). I've been reading the thread, and I've been mostly quiet, but there are lots of things that could cause this kind of stuff, and the best way to describe it is "mostly harmless." For example, Windows used to use DNS and WINS to do reverse lookups, so if you tried to get the name to go with an IP, it'd query the remote machine on port 137 -- which usually dies at the firewall. It's sloppy, it's not evil. We see all kinds of trash hitting our company firewall all the time. It doesn't impress me all that much. It's like the guy walking down the street and pulling on storefront doors to see if any are unlocked. Or, it could be Scarecrow having a good time. |
Michael Send message Joined: 21 Aug 99 Posts: 4608 Credit: 7,427,891 RAC: 18 |
[Maybe someone discovered the wonders of the -S switch in nmap?? (whatever that means) Agree...I would be more concerened with what is going OUTBOUND from the box than the random (and sometimes volumous) packets that hit your interface.... ARP broadcasts and blah blah the list goes on...what's more important is that you stop things from going OUT. |
Jeffrey Send message Joined: 21 Nov 03 Posts: 4793 Credit: 26,029 RAC: 0 |
the best way to describe it is "mostly harmless." I agree... But now that it has my attention, I must continue to investigate... ;) (I was gonna bring up 'spoofing the IP address' earlier, 'cause that's exactly what I thought was going on.) It may not be 1984 but George Orwell sure did see the future . . . |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.