Connections
Results 1 to 9 of 9

Thread: Connections

  1. #1
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171

    Connections

    Now..this may not go here but...

    I recently...like 20 minutes ago had my internet service cut off...not unusual, it happens occasionally with this provider...they constantly have problems at their end...

    however, this time trying to get back on I kept getting a 691 message...username/password not valid with this domain ( something like that )...hummmmm....checked connections, seems the info for both my name and password had been reduced to the letter g...re-input data try again...no uck...run Spybot, clean...call ISP they have no idea...check Firewall : 218.27.16.131 tried to access me 3 times, and 218.27.16.206 tried 2 times...OK...
    maybe somebody got in????
    call ISP delete connection ... create new one....and here I am...

    question: what could have caused this?
    how can I tell if 218.27.16. xxx compromised my system?

    the DNS/WHOIS on this is:

    inetnum: 218.27.0.0 - 218.27.255.255
    netname: CNCGROUP-JL
    country: CN
    descr: CNCGROUP Jilin province network
    admin-c: CH444-AP
    tech-c: WT92-AP
    status: ALLOCATED NON-PORTABLE
    changed: abuse@cnc-noc.net 20031016
    mnt-by: APNIC-HM
    mnt-by: MAINT-CNCGROUP-JL
    changed: hm-changed@apnic.net 20040301
    source: APNIC

    person: CNCGroup Hostmaster
    nic-hdl: CH444-AP
    e-mail: abuse@cnc-noc.net
    address: No.156,Fu-Xing-Men-Nei Street,
    address: Beijing,100031,P.R.China
    phone: +86-10-82993155
    fax-no: +86-10-82993144
    country: CN
    changed: abuse@cnc-noc.net 20041220
    mnt-by: MAINT-CNCGROUP
    source: APNIC

    person: Wang Tiegang
    nic-hdl: WT92-AP
    e-mail: yixiaofan1@mail.jl.cn
    address: 96,JieFang Road ChangChun 130021 China.
    phone: +86-431-8925217
    fax-no: +86-431-8925190
    country: CN
    changed: yixiaofan1@mail.jl.cn 20051125
    mnt-by: MAINT-CNCGROUP-JL
    source: APNIC

    I'm not sure if they are both related or not...could be two separate instances altogether...and just another bug in the system??? A bad modem/connection????

    Thanks,

    Eg

  2. #2
    Does your firewall have any logs of what packets were being passed from those IP's?
    If you're running windows, have you checked your "Event Viewer" for anything suspicious?

    Them Asians are smart ones.

  3. #3
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi ThePastorgang,

    The packets were all rated medium ... and the event veiwer only lists information alerts.

    Eg

  4. #4
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    This is not terribly uncommon.

    During my training at my ISP for tech support, it was explained to me like this:

    Windows gets stuck and remembers the wrong username and password, even though it may show the correct username and password it sends the wrong info to the ISP when trying to authenticate. Deleting and recreating the dialer removes and readds it completely and clears out the "stuck" information.

    95% of the time, error 691 is just a mistyped username and password. The other %5 is Windows screwing up.

    Treatment:
    1. Retype both (even if they look correct).
    2. Shutdown computer. Leave off for 30 seconds. Start computer.
    3. Recreate dialer.
    4. If not XP or 2000, rip and reinstall Dialup Adapter, TCP/IP Adapter, and Dial Up Networking.

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  5. #5
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,743
    With my old job.. my work tasks went from full tracing of cause to ER considerations..

    Your issue is similar to A few that I hadn't had time to trace down..

    These being :

    Corrupted Connectoid: Looks ok in the setting .. only fixed by deleting and re-creating
    ditto : UserName changed or username and password changed (this is like field data had been moved.. (users password is found in another area of the connectoid information)
    ditto: this time with the users mail info.
    Clocks set 24hrs and 1hr ahead or behind.. (and no it wasnt a CMOS battery issue - or funny MoBo)
    Single Data sector in the first 10MB of Boot HDD corrupted/unreadable

    Each and every one of these issues, various spy/adware were removed.. note all my cleanups are done useing McAfee AV under DOS Boot, Sysclean, Adaware, Stinger under BART-Pe.
    I focus on the clean, not on cause.. I should.. I have the tools but not the time.

    If you are keen to find the cause.. start with a review of your browsing history (yeh I know you dont visit the bad sites.. you didnt but the PC may have.. by way of a bad Add banner)..certainly do this before you do a cleanup..the index.dat will tell you volumes..

    So Basicly my comment You will need to go deeper than just the logs, a forensics examination is more the approach. As for the catch up..is for a deep scan of your system.. dont even rely on Spybot/Adaware in safemode, dont forget Asquared A2 and EWIDO (BTW ..Webmedic site is not fully operational today if you want the A2 plugins for Bart? ).. that right do a remote scann .. then run similar tools local in safemode.. .. use Ccleaner to clear your FF cache, oh and the IE TIF, all the windows TEMP folders


    have fun
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  6. #6
    T̙͓̞̣̯ͦͭͅͅȂͧͭͧ̏̈͏̖̖Z̿ ͆̎̄
    Join Date
    Dec 2004
    Posts
    3,171
    Hi xierox,

    I must be in the 5% checked and re-inserted the correct ID and password a few times before contacting the ISP...thing is I had it set to load and remember...so...normally all I do is dial-up...after it happened I checked my info and it was gone...all but the letter g...???

    But I'm always having problems with my ISP and the modem cutting out on it's own...the modem is the only item listed in the Conflicts section of System.



    Hi Undies,

    You snuck in there

    Don't use IE at all...got it set at maximum security anyways...only sites I visit are computer forums like this...the blogs...my own sites being built...sites that provide stuff for those sites...etc...

    you think it might be something other than a bug in my modem or system???

    I'm not anywhere even close to your experience...an elephant could escape me

    Eg

  7. #7
    Hoopy Frood
    Join Date
    Jun 2004
    Posts
    662
    I must be in the 5% checked and re-inserted the correct ID and password a few times before contacting the ISP...thing is I had it set to load and remember...so...normally all I do is dial-up...after it happened I checked my info and it was gone...all but the letter g...???
    Not sure on this one. Perhaps you tapped 'g' by accident? I've done it before without noticing it, especially when I'm navigating by keyboard.

    But I'm always having problems with my ISP and the modem cutting out on it's own...the modem is the only item listed in the Conflicts section of System.
    Try updating the modem drivers to the very newest listed on the manufacturer's site. (Or even searching Windows Update for a generic version of the driver that is digitally signed by Microsoft to be compatible with Windows.)

    - X
    "Personality is only ripe when a man has made the truth his own."

    -- Søren Kierkegaard

  8. #8
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    But I'm always having problems with my ISP and the modem cutting out on it's own...
    There are modem initization strings that can help with that. Call your ISP and ask them for the modem ini string that will help you with the frequent disconnects. Also, query your modem and run a diagnostics on it then reconnect to your ISP. If the connection is always dropping then you use a modem ini string. What type of modem do you have query the modem then post ati1 - ati7? BTW 691 is a very easy error code to resolve considering the issue isn't on the ISP side. If so, NOC will resolve the issue from their end. When I did tech support for Bellsouth 691 was a very common issue. Either with customers mostly (typing incorrectly) or one of our servers being down in some city in one of the 9 southern states.

    A bad modem/connection????
    A bad modem/connection will not generate error code 691. Error code 691 is when your actually connected to the server you dialed into, but promblem is your username / password (authentication) is not working on the server therefore, generating error code 691.

    If however, your on the internet and your surfing from site to site and all of a sudden then connection just drops then enable *70, in front of the access number or use a modem ini string to help with frequent disconnects.

    Bad modems generate error code 628 - 630, connection issues = 676, 678, 680, <--all 'usually' resoved with modem ini string' etc...

  9. #9
    You sure that someone hasn't hijacked your dial up details.?.
    Thinking that because you carn't use the same dial up account at more then one time at the same time.
    I had that happen back in the ol' dial up days, turned out a buddy was hijacking my internet and looking at some less then family friendly websites.

    cheers
    front2back

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •