Vulnerability Development mailing list archives
RE: Synaptics TouchPad, strange packets.
From: Marcus Blankenship <MarcusB () JELD-WEN com>
Date: Tue, 27 Nov 2001 14:34:57 -0800
I found a very similar problem, and did the same thing. Also, I found that the TouchPad program was taking up a LOT of CPU time, even when it was docked. My performance improved dramatically when I did this. Very strange. Marcus
-----Original Message----- From: Valerio B. [SMTP:support () selnet org] Sent: Tuesday, November 27, 2001 11:59 AM To: Vuln-Dev; SecProg; Focus-IDS; Focus-Virus Subject: Synaptics TouchPad, strange packets. My firewall captured a packet outgoing from my laptop, originated by the Synaptics TouchPad program, to a destination address that has nothing to do with the Synaptics network. I verified that the destination address is an host located in Finland. I now blocked the Synaptics TouchPad program. As you can see the checksums are incorrect. I currently don't have the tools to do analysis on my own, and I found my laptop being free from known viruses, so I am submitting this for analysis by the community. Valerio B. The packet decode is included below: ****************************************** File Version : 5.0.62 13Mar00 File Description : Synaptics TouchPad Enhancements File Path : C:\Programmi\Synaptics\SynTP\SynTPEnh.exe Process ID : FFFDEA69 (Heximal) 4294830697 (Decimal) Connection origin : local initiated Protocol : UDP Local Address : xxx.xx.xxx.xxx Local Port : 17697 Remote Name : Remote Address : xxx.xxx.xxx.x Remote Port : 65280 Ethernet packet details: Ethernet II (Packet Length: 64) Destination: xx-xx-xx-xx-xx-xx Source: xx-xx-xx-xx-xx-xx Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .0.. = Don't fragment: Not set ..0. = More fragments: Not set Fragment offset:69 Time to live: 128 Protocol: 0x11 (UDP - User Datagram Protocol) Header checksum: 0xf8eb (Correct) Source: xxx.xx.xxx.xxx Destination: xxx.xxx.xxx.x User Datagram Protocol Source port: 17697 Destination port: 65280 Length: 8 Checksum: 0x52f9 (Incorrect - Checksum should be 0x396b) Data (38509 Bytes) Binary dump of the packet: 0000: xx xx xx xx xx xx xx xx : xx xx xx xx 08 00 45 00 | SRC..DEST....E. 0010: 00 32 9D D3 00 45 80 11 : EB F8 D4 0F A2 F0 C1 A6 | .2...E.......... 0020: 78 03 45 21 FF 00 96 6D : F9 52 B9 57 29 C8 0A B9 | x.E!...m.R.W)... 0030: 04 60 E6 99 54 48 B4 1A : 00 4A 28 03 FF D9 FF FF | .`..TH...J(..... ******************************************
Current thread:
- Synaptics TouchPad, strange packets. Valerio B. (Nov 27)
- Re: Synaptics TouchPad, strange packets. Anthony Kim (Nov 28)
- Re: Synaptics TouchPad, strange packets. Jason Kohles (Nov 28)
- <Possible follow-ups>
- RE: Synaptics TouchPad, strange packets. Marcus Blankenship (Nov 27)
- Re: Synaptics TouchPad, strange packets. Zen (Nov 28)
- R: Synaptics TouchPad, strange packets. Valerio B. (Nov 28)
- Re: Synaptics TouchPad, strange packets. Zen (Nov 28)
- Re: Synaptics TouchPad, strange packets. Anthony Kim (Nov 28)