Prev: Problems sending mail
Next: Alert - Paragon Virtualization Manager Free (for next 17 hours)
From: Duncan Kennedy on 10 Mar 2010 10:59
In message <1jf50gi.12beem810dd5c6N%pashby(a)blueyonder.co.ruk>, Peter
Ashby <pashby(a)blueyonder.co.ruk> writes
>Chris Ridd <chrisridd(a)mac.com> wrote:
>
>> On 2010-03-10 10:53:05 +0000, Peter Ashby said:
>>
>> > 3. The freezes that come and then resolve without freezing it solid
>> > always begin and end with some IP traffic, as shown by the iStatMenus
>> > network widget. So I was wandering around the airport logs and found
>> > regular bursts of "ipfw: Stealth Mode connection attempt to" this
>> > machine IP address from a variety of addresses to the extent that I
>> > monitor ipfw.log through the console. There was a flurry of attempts
>> > immediately prior to the crash that stimulated me to replace the
>> > keyboard.
>> >
>> > There have been absolutely no more since.
>> >
>> > Sadly the computer still freezes. Just not as often.
>> >
>> > Thoughts? can keyboards be used as a back door?
>>
>> Keyboards have firmware nowadays, so yes. They're great places to put
>> keyloggers :-)
>>
>> What sort of network are you on - a secured WPA2 network? Are you using
>> NAT? Are these packets from your subnet?
>
>The network is airport express hard wired to a cable modem. Security is
>WEP 128k, the reason being I can't get the wife's psp to connect any
>other way. It is not visible so you need to know the name and you need
>your wireless card ID to be entered and approved to get on.
>
>The packets are from a variety of IP addresses outside of our subnet:
>77.91.248.30:80
>122.56.19.100:80
>203.21.27.9:80
>
>Those alternate recently but they change over time. Tracing them just
>leads to ISPs and I am unsure whether it is worthwhile to bother
>reporting them for abuse.
>
Don't know if it helps but inserting 203.21.27.9 into Google produces
some interesting stuff from a security site about not clicking on
anything in the page without full protection - and seems to have
something to do with music downloads. Could you be signed up to P2P
music download sites which are trying to serve other users with files on
your box?

--
Duncan K
Downtown Dalgety Bay
From: Peter Ashby on 10 Mar 2010 11:34
Duncan Kennedy <no-spam(a)nospam.otterson-bg.couk> wrote:

> Don't know if it helps but inserting 203.21.27.9 into Google produces
> some interesting stuff from a security site about not clicking on
> anything in the page without full protection - and seems to have
> something to do with music downloads. Could you be signed up to P2P
> music download sites which are trying to serve other users with files on
> your box?

Hmm 'signed up' no. I have in the distant past used Bittorrent to
download some stuff I could not otherwise buy but I gave that up. Maybe
I should fire up Bittorrent and see what happens except Virgin did make
noises about jumping on people for torrenting, regardless of what was
being shared.

--
Add my middle initial to email me. It has become attached to a country
www.the-brights.net
From: Rowland McDonnell on 10 Mar 2010 12:11
Peter Ashby <pashby(a)blueyonder.co.ruk> wrote:

> In pursuit of why our G5 iMac iSight 10.4.11 keeps freezing I replaced
> the keyboard since the computer froze 5 times in succession while I was
> typing. The keyboard is a white Apple one and the left hand shift and
> alt keys are non functional and the apple key works only on some
> combinations.

That one's foobar, that one is.

> I replaced it with a Logitech keyboard we bought a couple of years ago
> as an emergency replacement after a coffee incident.
>
> Several things have changed since I did so:
>
> 1. we are using shedloads less RAM. I run iStat menus and the memory bar
> used to be full if Eudora, Firefox, iTunes and Vienna were all open at
> once. Now we are only using less than 200MB of the 1.5G available.
>
> 2. The scroll ball on the mouse works again. The logitech has no usb
> ports so it is plugged into a hub in one of the main usb ports. I had
> given up trying to clean it and couldn't make it work. It was plugged
> into the usb port on the keyboard.
>
> 3. The freezes that come and then resolve without freezing it solid
> always begin and end with some IP traffic, as shown by the iStatMenus
> network widget. So I was wandering around the airport logs and found
> regular bursts of "ipfw: Stealth Mode connection attempt to" this
> machine IP address from a variety of addresses to the extent that I
> monitor ipfw.log through the console. There was a flurry of attempts
> immediately prior to the crash that stimulated me to replace the
> keyboard.
>
> There have been absolutely no more since.
>
> Sadly the computer still freezes. Just not as often.

I had a G4 that wouldn't stop doing that sort of thing. Amsys tried to
repair it. They replaced all the parts with known-good parts and it was
*still* unreliable - so they claimed. So it seems that `haunted case'
is a valid Macintosh failure mode, according to at least one Apple
Authorised Service Provider.

But: why not try installing Applejack and running memtest (for the one
comes with the other)? Leave it running - could be iffy RAM.

Also run Applejack's various maintenance jobs.

<http://applejack.sourceforge.net/>

(s'great on 10.4.11; doesn't work on 10.6)

> Thoughts? can keyboards be used as a back door?

If you're worried about malware, get ClamXav:

<http://www.clamxav.com/>

Rowland.



--
Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org
Sorry - the spam got to me
http://www.mag-uk.org http://www.bmf.co.uk
UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
From: Peter Ashby on 10 Mar 2010 17:16
Rowland McDonnell <real-address-in-sig(a)flur.bltigibbet.invalid> wrote:

> But: why not try installing Applejack and running memtest (for the one
> comes with the other)? Leave it running - could be iffy RAM.
>
Done, passes all. I ran the computer for a couple of days without the
1GB ram chip, again no difference, apart from it was slower. Ran M-test
without the extra RAM too, passed.

> Also run Applejack's various maintenance jobs.
>
> <http://applejack.sourceforge.net/>

Do it after every forced restart, never finds anything wrong, never
changes anything. It was applejack kept the old HD limping along until I
managed to persuade my wife to let me replace it. An interesting bit of
surgery that. I had hoped the drive swap, bigger as well, might fix the
problem. But no dice, it just made it a bit better. I basically run it
by habit from before the drive swap and because I figure wiping the
V-RAM might help. I set it on auto restart and come back later. The log
is there via console if I want to see.
>
> > Thoughts? can keyboards be used as a back door?
>
> If you're worried about malware, get ClamXav:
>
> <http://www.clamxav.com/>

Been running it since all this first started. It has never found
anything. Virus definitions get updated regularly.

Thankyou for your thoughts though.
--
Add my middle initial to email me. It has become attached to a country
www.the-brights.net
From: Rowland McDonnell on 11 Mar 2010 12:25
Peter Ashby <pashby(a)blueyonder.co.ruk> wrote:

> Rowland McDonnell <real-address-in-sig(a)flur.bltigibbet.invalid> wrote:
>
> > But: why not try installing Applejack and running memtest (for the one
> > comes with the other)? Leave it running - could be iffy RAM.
> >
> Done, passes all. I ran the computer for a couple of days without the
> 1GB ram chip, again no difference, apart from it was slower. Ran M-test
> without the extra RAM too, passed.

:-/

Okay, so it's not that. Well, elimination of possible faults is useful
fault-finding. :-(

> > Also run Applejack's various maintenance jobs.
> >
> > <http://applejack.sourceforge.net/>
>
> Do it after every forced restart, never finds anything wrong, never
> changes anything.

<raised eyebrows> If you trash caches, that changes things.

>It was applejack kept the old HD limping along until I
> managed to persuade my wife to let me replace it.

Oh aye?

> An interesting bit of
> surgery that. I had hoped the drive swap, bigger as well, might fix the
> problem. But no dice, it just made it a bit better.

Describe the changes in symptoms - could be useful to nail the fault.

> I basically run it
> by habit from before the drive swap and because I figure wiping the
> V-RAM might help. I set it on auto restart and come back later. The log
> is there via console if I want to see.

If I trash caches, I find that it's useful to reboot *twice* before
logging on, to avoid oddness.

<shrug> Relevant to you, maybe?

> > > Thoughts? can keyboards be used as a back door?
> >
> > If you're worried about malware, get ClamXav:
> >
> > <http://www.clamxav.com/>
>
> Been running it since all this first started. It has never found
> anything. Virus definitions get updated regularly.

Argh.

> Thankyou for your thoughts though.

<shrug> Bloody useless ones, though.

Oh well. Maybe you've got another haunted Mac?

Back in the very old days, there was one model of (non-Apple) Macintosh
keyboard that had a malware infestation. Fairly harmless and burnt into
the ROM, one gathers[1]. But `malware in keyboards' is not a new
phenomenon.

Rowland.

[1] Ask, and I'll dig up the details, but I can't be bothered right
now.

--
Remove the animal for email address: rowland.mcdonnell(a)dog.physics.org
Sorry - the spam got to me
http://www.mag-uk.org http://www.bmf.co.uk
UK biker? Join MAG and the BMF and stop the Eurocrats banning biking
First  |  Prev  |  Next  |  Last
Pages: 1 2 3
Prev: Problems sending mail
Next: Alert - Paragon Virtualization Manager Free (for next 17 hours)