|
-
December 26th, 2005, 10:28 PM
#1
Connections
Now..this may not go here but...
I recently...like 20 minutes ago had my internet service cut off...not unusual, it happens occasionally with this provider...they constantly have problems at their end...
however, this time trying to get back on I kept getting a 691 message...username/password not valid with this domain ( something like that )...hummmmm....checked connections, seems the info for both my name and password had been reduced to the letter g...re-input data try again...no uck...run Spybot, clean...call ISP they have no idea...check Firewall : 218.27.16.131 tried to access me 3 times, and 218.27.16.206 tried 2 times...OK...
maybe somebody got in????
call ISP delete connection ... create new one....and here I am...
question: what could have caused this?
how can I tell if 218.27.16. xxx compromised my system?
the DNS/WHOIS on this is:
inetnum: 218.27.0.0 - 218.27.255.255
netname: CNCGROUP-JL
country: CN
descr: CNCGROUP Jilin province network
admin-c: CH444-AP
tech-c: WT92-AP
status: ALLOCATED NON-PORTABLE
changed: abuse@cnc-noc.net 20031016
mnt-by: APNIC-HM
mnt-by: MAINT-CNCGROUP-JL
changed: hm-changed@apnic.net 20040301
source: APNIC
person: CNCGroup Hostmaster
nic-hdl: CH444-AP
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
phone: +86-10-82993155
fax-no: +86-10-82993144
country: CN
changed: abuse@cnc-noc.net 20041220
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Wang Tiegang
nic-hdl: WT92-AP
e-mail: yixiaofan1@mail.jl.cn
address: 96,JieFang Road ChangChun 130021 China.
phone: +86-431-8925217
fax-no: +86-431-8925190
country: CN
changed: yixiaofan1@mail.jl.cn 20051125
mnt-by: MAINT-CNCGROUP-JL
source: APNIC
I'm not sure if they are both related or not...could be two separate instances altogether...and just another bug in the system??? A bad modem/connection????
Thanks,
Eg 
-
December 26th, 2005, 11:00 PM
#2
Member
Does your firewall have any logs of what packets were being passed from those IP's?
If you're running windows, have you checked your "Event Viewer" for anything suspicious?
Them Asians are smart ones.
-
December 26th, 2005, 11:27 PM
#3
Hi ThePastorgang,
The packets were all rated medium ... and the event veiwer only lists information alerts.
Eg
-
December 27th, 2005, 12:39 AM
#4
This is not terribly uncommon.
During my training at my ISP for tech support, it was explained to me like this:
Windows gets stuck and remembers the wrong username and password, even though it may show the correct username and password it sends the wrong info to the ISP when trying to authenticate. Deleting and recreating the dialer removes and readds it completely and clears out the "stuck" information.
95% of the time, error 691 is just a mistyped username and password. The other %5 is Windows screwing up.
Treatment:
1. Retype both (even if they look correct).
2. Shutdown computer. Leave off for 30 seconds. Start computer.
3. Recreate dialer.
4. If not XP or 2000, rip and reinstall Dialup Adapter, TCP/IP Adapter, and Dial Up Networking.
- X
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
December 27th, 2005, 12:54 AM
#5
With my old job.. my work tasks went from full tracing of cause to ER considerations..
Your issue is similar to A few that I hadn't had time to trace down..
These being :
Corrupted Connectoid: Looks ok in the setting .. only fixed by deleting and re-creating
ditto : UserName changed or username and password changed (this is like field data had been moved.. (users password is found in another area of the connectoid information)
ditto: this time with the users mail info.
Clocks set 24hrs and 1hr ahead or behind.. (and no it wasnt a CMOS battery issue - or funny MoBo)
Single Data sector in the first 10MB of Boot HDD corrupted/unreadable
Each and every one of these issues, various spy/adware were removed.. note all my cleanups are done useing McAfee AV under DOS Boot, Sysclean, Adaware, Stinger under BART-Pe.
I focus on the clean, not on cause.. I should.. I have the tools but not the time.
If you are keen to find the cause.. start with a review of your browsing history (yeh I know you dont visit the bad sites.. you didnt but the PC may have.. by way of a bad Add banner)..certainly do this before you do a cleanup..the index.dat will tell you volumes..
So Basicly my comment You will need to go deeper than just the logs, a forensics examination is more the approach. As for the catch up..is for a deep scan of your system.. dont even rely on Spybot/Adaware in safemode, dont forget Asquared A2 and EWIDO (BTW ..Webmedic site is not fully operational today if you want the A2 plugins for Bart? ).. that right do a remote scann .. then run similar tools local in safemode.. .. use Ccleaner to clear your FF cache, oh and the IE TIF, all the windows TEMP folders
have fun
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
-
December 27th, 2005, 01:00 AM
#6
-
December 27th, 2005, 01:44 AM
#7
I must be in the 5%  checked and re-inserted the correct ID and password a few times before contacting the ISP...thing is I had it set to load and remember...so...normally all I do is dial-up...after it happened I checked my info and it was gone...all but the letter g...???
 Not sure on this one. Perhaps you tapped 'g' by accident? I've done it before without noticing it, especially when I'm navigating by keyboard.
But I'm always having problems with my ISP and the modem cutting out on it's own...the modem is the only item listed in the Conflicts section of System.
Try updating the modem drivers to the very newest listed on the manufacturer's site. (Or even searching Windows Update for a generic version of the driver that is digitally signed by Microsoft to be compatible with Windows.)
- X
"Personality is only ripe when a man has made the truth his own."
-- Søren Kierkegaard
-
December 28th, 2005, 05:44 PM
#8
But I'm always having problems with my ISP and the modem cutting out on it's own...
There are modem initization strings that can help with that. Call your ISP and ask them for the modem ini string that will help you with the frequent disconnects. Also, query your modem and run a diagnostics on it then reconnect to your ISP. If the connection is always dropping then you use a modem ini string. What type of modem do you have query the modem then post ati1 - ati7? BTW 691 is a very easy error code to resolve considering the issue isn't on the ISP side. If so, NOC will resolve the issue from their end. When I did tech support for Bellsouth 691 was a very common issue. Either with customers mostly (typing incorrectly) or one of our servers being down in some city in one of the 9 southern states.
A bad modem/connection????
A bad modem/connection will not generate error code 691. Error code 691 is when your actually connected to the server you dialed into, but promblem is your username / password (authentication) is not working on the server therefore, generating error code 691.
If however, your on the internet and your surfing from site to site and all of a sudden then connection just drops then enable *70, in front of the access number or use a modem ini string to help with frequent disconnects.
Bad modems generate error code 628 - 630, connection issues = 676, 678, 680, <--all 'usually' resoved with modem ini string' etc...
-
December 28th, 2005, 06:39 PM
#9
You sure that someone hasn't hijacked your dial up details.?.
Thinking that because you carn't use the same dial up account at more then one time at the same time.
I had that happen back in the ol' dial up days, turned out a buddy was hijacking my internet and looking at some less then family friendly websites.
cheers
front2back
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
