I found a very similar problem, and did the same thing. Also, I found that the TouchPad program was taking up a LOT of CPU time, even when it was docked. My performance improved dramatically when I did this. Very strange. Marcus > -----Original Message----- > From: Valerio B. [SMTP:supportat_private] > Sent: Tuesday, November 27, 2001 11:59 AM > To: Vuln-Dev; SecProg; Focus-IDS; Focus-Virus > Subject: Synaptics TouchPad, strange packets. > > My firewall captured a packet outgoing from my laptop, originated by the > Synaptics TouchPad program, to a destination address that has nothing to > do > with the Synaptics network. I verified that the destination address is an > host located in Finland. > I now blocked the Synaptics TouchPad program. As you can see the checksums > are incorrect. > I currently don't have the tools to do analysis on my own, and I found my > laptop being free from known viruses, so I am submitting this for analysis > by the community. > > Valerio B. > > > The packet decode is included below: > ****************************************** > File Version : 5.0.62 13Mar00 > File Description : Synaptics TouchPad Enhancements > File Path : C:\Programmi\Synaptics\SynTP\SynTPEnh.exe > Process ID : FFFDEA69 (Heximal) 4294830697 (Decimal) > > Connection origin : local initiated > Protocol : UDP > Local Address : xxx.xx.xxx.xxx > Local Port : 17697 > Remote Name : > Remote Address : xxx.xxx.xxx.x > Remote Port : 65280 > > Ethernet packet details: > Ethernet II (Packet Length: 64) > Destination: xx-xx-xx-xx-xx-xx > Source: xx-xx-xx-xx-xx-xx > Type: IP (0x0800) > Internet Protocol > Version: 4 > Header Length: 20 bytes > Flags: > .0.. = Don't fragment: Not set > ..0. = More fragments: Not set > Fragment offset:69 > Time to live: 128 > Protocol: 0x11 (UDP - User Datagram Protocol) > Header checksum: 0xf8eb (Correct) > Source: xxx.xx.xxx.xxx > Destination: xxx.xxx.xxx.x > User Datagram Protocol > Source port: 17697 > Destination port: 65280 > Length: 8 > Checksum: 0x52f9 (Incorrect - Checksum should be 0x396b) > Data (38509 Bytes) > > Binary dump of the packet: > 0000: xx xx xx xx xx xx xx xx : xx xx xx xx 08 00 45 00 | > SRC..DEST....E. > 0010: 00 32 9D D3 00 45 80 11 : EB F8 D4 0F A2 F0 C1 A6 | > .2...E.......... > 0020: 78 03 45 21 FF 00 96 6D : F9 52 B9 57 29 C8 0A B9 | > x.E!...m.R.W)... > 0030: 04 60 E6 99 54 48 B4 1A : 00 4A 28 03 FF D9 FF FF | > .`..TH...J(..... > ******************************************
This archive was generated by hypermail 2b30 : Tue Nov 27 2001 - 17:27:40 PST