DoS Syn_sent problem - "bootpc" starts it

  • Thread starter Thread starter dag_adamson
  • Start date Start date
D

dag_adamson

Hello-

I have been watching the different discussion groups and it appears
that several folks have been having issue with DoS issues.

CONFIG:
I have a Dell Inspiron 2650 laptop with a PCMCIA wireless LAN card
with XP with SP1 all the security patches have been downloaded. I
have used pest patrol, Adaware, HiJackThis and Norton to remove
anything I can find.

SYMPTOMS:
I noticed a problem with my PC 4 days ago when I was seemingly unable
to hibernate my system.

While observing "netstat -an" I noticed probably 100 "SYN_SENT".

WHen I pull the PCMCIA wireless card from the system - I can shutdown
and hibernate the system.

Further analysis has indicated that the system is first connecting to
a server (this is the same server everytime) it is off of our network
once it gets ESTABLISH (I have contacted the owner of the server) - it
starts randomly starting out searching for IPs in my segment
192.168.0.0 and then occassionally ESTABLISH

It appears that when I plug the card in and watch "netstat -a" the
first step occurs called "bootpc" --- then all hell breaks loose

THEORIES:
BootPC begin the loading of interfaces and protocols etc. Is it
possible to go to a place in the registry or elsewhere to identify
what is being loading?

Any help would be appreciated - please post and email

Thanks
Dag
 
Put an analysis tool like Ethereal on the LAN and capture packets.

Dave




| Hello-
|
| I have been watching the different discussion groups and it appears
| that several folks have been having issue with DoS issues.
|
| CONFIG:
| I have a Dell Inspiron 2650 laptop with a PCMCIA wireless LAN card
| with XP with SP1 all the security patches have been downloaded. I
| have used pest patrol, Adaware, HiJackThis and Norton to remove
| anything I can find.
|
| SYMPTOMS:
| I noticed a problem with my PC 4 days ago when I was seemingly unable
| to hibernate my system.
|
| While observing "netstat -an" I noticed probably 100 "SYN_SENT".
|
| WHen I pull the PCMCIA wireless card from the system - I can shutdown
| and hibernate the system.
|
| Further analysis has indicated that the system is first connecting to
| a server (this is the same server everytime) it is off of our network
| once it gets ESTABLISH (I have contacted the owner of the server) - it
| starts randomly starting out searching for IPs in my segment
| 192.168.0.0 and then occassionally ESTABLISH
|
| It appears that when I plug the card in and watch "netstat -a" the
| first step occurs called "bootpc" --- then all hell breaks loose
|
| THEORIES:
| BootPC begin the loading of interfaces and protocols etc. Is it
| possible to go to a place in the registry or elsewhere to identify
| what is being loading?
|
| Any help would be appreciated - please post and email
|
| Thanks
| Dag
 
Thanks David- but I don't have one of these devices around - what I
was hoping to find out as if someone knows how TCP/IP gets started.
Perhaps there are some things I could find in the registry?

-dag
 
Device ?

No Ethereal is a FREE protocol decoder.

http://www.ethereal.com/download.html

BootPC TCP port 68, could very well be part of a DHCP/BOOTP process to obtain IP stack.

Dave




| Thanks David- but I don't have one of these devices around - what I
| was hoping to find out as if someone knows how TCP/IP gets started.
| Perhaps there are some things I could find in the registry?
|
| -dag
|
|
|
|
| > Put an analysis tool like Ethereal on the LAN and capture packets.
| >
| > Dave
| >
| >
| >
| >
| > | > | Hello-
| > |
| > | I have been watching the different discussion groups and it appears
| > | that several folks have been having issue with DoS issues.
| > |
| > | CONFIG:
| > | I have a Dell Inspiron 2650 laptop with a PCMCIA wireless LAN card
| > | with XP with SP1 all the security patches have been downloaded. I
| > | have used pest patrol, Adaware, HiJackThis and Norton to remove
| > | anything I can find.
| > |
| > | SYMPTOMS:
| > | I noticed a problem with my PC 4 days ago when I was seemingly unable
| > | to hibernate my system.
| > |
| > | While observing "netstat -an" I noticed probably 100 "SYN_SENT".
| > |
| > | WHen I pull the PCMCIA wireless card from the system - I can shutdown
| > | and hibernate the system.
| > |
| > | Further analysis has indicated that the system is first connecting to
| > | a server (this is the same server everytime) it is off of our network
| > | once it gets ESTABLISH (I have contacted the owner of the server) - it
| > | starts randomly starting out searching for IPs in my segment
| > | 192.168.0.0 and then occassionally ESTABLISH
| > |
| > | It appears that when I plug the card in and watch "netstat -a" the
| > | first step occurs called "bootpc" --- then all hell breaks loose
| > |
| > | THEORIES:
| > | BootPC begin the loading of interfaces and protocols etc. Is it
| > | possible to go to a place in the registry or elsewhere to identify
| > | what is being loading?
| > |
| > | Any help would be appreciated - please post and email
| > |
| > | Thanks
| > | Dag
 
Back
Top