A strange keyboard phenomenon
in [UK Mac]
|
From: Peter Ashby on 10 Mar 2010 05:53 In pursuit of why our G5 iMac iSight 10.4.11 keeps freezing I replaced the keyboard since the computer froze 5 times in succession while I was typing. The keyboard is a white Apple one and the left hand shift and alt keys are non functional and the apple key works only on some combinations. I replaced it with a Logitech keyboard we bought a couple of years ago as an emergency replacement after a coffee incident. Several things have changed since I did so: 1. we are using shedloads less RAM. I run iStat menus and the memory bar used to be full if Eudora, Firefox, iTunes and Vienna were all open at once. Now we are only using less than 200MB of the 1.5G available. 2. The scroll ball on the mouse works again. The logitech has no usb ports so it is plugged into a hub in one of the main usb ports. I had given up trying to clean it and couldn't make it work. It was plugged into the usb port on the keyboard. 3. The freezes that come and then resolve without freezing it solid always begin and end with some IP traffic, as shown by the iStatMenus network widget. So I was wandering around the airport logs and found regular bursts of "ipfw: Stealth Mode connection attempt to" this machine IP address from a variety of addresses to the extent that I monitor ipfw.log through the console. There was a flurry of attempts immediately prior to the crash that stimulated me to replace the keyboard. There have been absolutely no more since. Sadly the computer still freezes. Just not as often. Thoughts? can keyboards be used as a back door? -- Add my middle initial to email me. It has become attached to a country www.the-brights.net
From: James Dore on 10 Mar 2010 06:37 On Wed, 10 Mar 2010 10:53:05 -0000, Peter Ashby <pashby(a)blueyonder.co.ruk> wrote: > In pursuit of why our G5 iMac iSight 10.4.11 keeps freezing I replaced > the keyboard since the computer froze 5 times in succession while I was > typing. The keyboard is a white Apple one and the left hand shift and > alt keys are non functional and the apple key works only on some > combinations. > > I replaced it with a Logitech keyboard we bought a couple of years ago > as an emergency replacement after a coffee incident. > > Several things have changed since I did so: > > 1. we are using shedloads less RAM. I run iStat menus and the memory bar > used to be full if Eudora, Firefox, iTunes and Vienna were all open at > once. Now we are only using less than 200MB of the 1.5G available. > > 2. The scroll ball on the mouse works again. The logitech has no usb > ports so it is plugged into a hub in one of the main usb ports. I had > given up trying to clean it and couldn't make it work. It was plugged > into the usb port on the keyboard. > > 3. The freezes that come and then resolve without freezing it solid > always begin and end with some IP traffic, as shown by the iStatMenus > network widget. So I was wandering around the airport logs and found > regular bursts of "ipfw: Stealth Mode connection attempt to" this > machine IP address from a variety of addresses to the extent that I > monitor ipfw.log through the console. There was a flurry of attempts > immediately prior to the crash that stimulated me to replace the > keyboard. > > There have been absolutely no more since. > > Sadly the computer still freezes. Just not as often. > > Thoughts? can keyboards be used as a back door? > Yes, although physical access to the machine (or keyboard) is needed: <http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/> I'd be inclined to think that the spillage on the keyboard caused damage to the internal USB hub, and was causing a lot of USB events. But that's just guessing... More detail on the connection attempts ipfw intercepted would be interesting though. Cheers, -- James Dore New College IT Officer james.dore(a)new / it-support(a)new
From: Chris Ridd on 10 Mar 2010 06:41 On 2010-03-10 10:53:05 +0000, Peter Ashby said: > 3. The freezes that come and then resolve without freezing it solid > always begin and end with some IP traffic, as shown by the iStatMenus > network widget. So I was wandering around the airport logs and found > regular bursts of "ipfw: Stealth Mode connection attempt to" this > machine IP address from a variety of addresses to the extent that I > monitor ipfw.log through the console. There was a flurry of attempts > immediately prior to the crash that stimulated me to replace the > keyboard. > > There have been absolutely no more since. > > Sadly the computer still freezes. Just not as often. > > Thoughts? can keyboards be used as a back door? Keyboards have firmware nowadays, so yes. They're great places to put keyloggers :-) What sort of network are you on - a secured WPA2 network? Are you using NAT? Are these packets from your subnet? -- Chris
From: Peter Ashby on 10 Mar 2010 07:24 Chris Ridd <chrisridd(a)mac.com> wrote: > On 2010-03-10 10:53:05 +0000, Peter Ashby said: > > > 3. The freezes that come and then resolve without freezing it solid > > always begin and end with some IP traffic, as shown by the iStatMenus > > network widget. So I was wandering around the airport logs and found > > regular bursts of "ipfw: Stealth Mode connection attempt to" this > > machine IP address from a variety of addresses to the extent that I > > monitor ipfw.log through the console. There was a flurry of attempts > > immediately prior to the crash that stimulated me to replace the > > keyboard. > > > > There have been absolutely no more since. > > > > Sadly the computer still freezes. Just not as often. > > > > Thoughts? can keyboards be used as a back door? > > Keyboards have firmware nowadays, so yes. They're great places to put > keyloggers :-) > > What sort of network are you on - a secured WPA2 network? Are you using > NAT? Are these packets from your subnet? The network is airport express hard wired to a cable modem. Security is WEP 128k, the reason being I can't get the wife's psp to connect any other way. It is not visible so you need to know the name and you need your wireless card ID to be entered and approved to get on. The packets are from a variety of IP addresses outside of our subnet: 77.91.248.30:80 122.56.19.100:80 203.21.27.9:80 Those alternate recently but they change over time. Tracing them just leads to ISPs and I am unsure whether it is worthwhile to bother reporting them for abuse. The wife has just got a new psp so I might fiddle and see if it allows a better level of security. Have to wait until the weekend though. -- Add my middle initial to email me. It has become attached to a country www.the-brights.net
From: Peter Ashby on 10 Mar 2010 08:42 Peter Ashby <pashby(a)blueyonder.co.ruk> wrote: > 3. The freezes that come and then resolve without freezing it solid > always begin and end with some IP traffic, as shown by the iStatMenus > network widget. So I was wandering around the airport logs and found > regular bursts of "ipfw: Stealth Mode connection attempt to" this > machine IP address from a variety of addresses to the extent that I > monitor ipfw.log through the console. There was a flurry of attempts > immediately prior to the crash that stimulated me to replace the > keyboard. > > There have been absolutely no more since. That was premature, just got a scattering more attempts though not as many or as frequent as before I replaced the keyboard. -- Add my middle initial to email me. It has become attached to a country www.the-brights.net
|
Next
|
Last
Pages: 1 2 3 Prev: Problems sending mail Next: Alert - Paragon Virtualization Manager Free (for next 17 hours) |