Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: RE: Synaptics TouchPad, strange packets.

RE: Synaptics TouchPad, strange packets.

From: Marcus Blankenship <MarcusB_at_JELD-WEN.com>
Date: Tue, 27 Nov 2001 14:34:57 -0800

I found a very similar problem, and did the same thing. Also, I found that
the TouchPad program was taking up a LOT of CPU time, even when it was
docked. My performance improved dramatically when I did this. Very
strange.

Marcus

> -----Original Message-----
> From: Valerio B. [SMTP:support_at_selnet.org]
> Sent: Tuesday, November 27, 2001 11:59 AM
> To: Vuln-Dev; SecProg; Focus-IDS; Focus-Virus
> Subject: Synaptics TouchPad, strange packets.
>
> My firewall captured a packet outgoing from my laptop, originated by the
> Synaptics TouchPad program, to a destination address that has nothing to
> do
> with the Synaptics network. I verified that the destination address is an
> host located in Finland.
> I now blocked the Synaptics TouchPad program. As you can see the checksums
> are incorrect.
> I currently don't have the tools to do analysis on my own, and I found my
> laptop being free from known viruses, so I am submitting this for analysis
> by the community.
>
> Valerio B.
>
>
> The packet decode is included below:
> ******************************************
> File Version : 5.0.62 13Mar00
> File Description : Synaptics TouchPad Enhancements
> File Path : C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
> Process ID : FFFDEA69 (Heximal) 4294830697 (Decimal)
>
> Connection origin : local initiated
> Protocol : UDP
> Local Address : xxx.xx.xxx.xxx
> Local Port : 17697
> Remote Name :
> Remote Address : xxx.xxx.xxx.x
> Remote Port : 65280
>
> Ethernet packet details:
> Ethernet II (Packet Length: 64)
> Destination: xx-xx-xx-xx-xx-xx
> Source: xx-xx-xx-xx-xx-xx
> Type: IP (0x0800)
> Internet Protocol
> Version: 4
> Header Length: 20 bytes
> Flags:
> .0.. = Don't fragment: Not set
> ..0. = More fragments: Not set
> Fragment offset:69
> Time to live: 128
> Protocol: 0x11 (UDP - User Datagram Protocol)
> Header checksum: 0xf8eb (Correct)
> Source: xxx.xx.xxx.xxx
> Destination: xxx.xxx.xxx.x
> User Datagram Protocol
> Source port: 17697
> Destination port: 65280
> Length: 8
> Checksum: 0x52f9 (Incorrect - Checksum should be 0x396b)
> Data (38509 Bytes)
>
> Binary dump of the packet:
> 0000: xx xx xx xx xx xx xx xx : xx xx xx xx 08 00 45 00 |
> SRC..DEST....E.
> 0010: 00 32 9D D3 00 45 80 11 : EB F8 D4 0F A2 F0 C1 A6 |
> .2...E..........
> 0020: 78 03 45 21 FF 00 96 6D : F9 52 B9 57 29 C8 0A B9 |
> x.E!...m.R.W)...
> 0030: 04 60 E6 99 54 48 B4 1A : 00 4A 28 03 FF D9 FF FF |
> .`..TH...J(.....
> ******************************************
Received on Nov 28 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos