heaven help me,,
i logged on earlier this morning and, after about 30 mins., i lost internet connection.
the "internet" icon on router/modem was either solid red or not lit up at all.
i typed modem/router url into address bar and logged in.
- under "gateway status" it said gateway is not ready for connection (or something to that effect)
- DSL link showed as connected
- Internet Status showed as not connected.
- PPP showed as down.
i then manuevered my way to Network Connections on lappie.
- Local Area Connection showed as Connected.
-1394 Connection 2 {1394 Net Adapter #2} showed as Connected.
i was able to ping router.
after fooling around w/the cables, rebooting, shutting modem off/on, etc etc, w/no change, i shut down and ran some errands, fully expecting i would have to make dreaded call to ISP again once i got back.
i just now powered up, and i am able to get online again, - at least for now.
was this just a glitch, or indicative of something particular screwing up again?
what am i looking for if/when this should happen again?
{ i think i will go postal if i have to deal w/front desk help again }.
thank* you
p.s. - { i hope i am not infected w/something now.. } ~
i did not see the words "Firewalled" in the Network Connections window, which kind of freaked me out because they were Firewalled before, so i went to check if "On" was ticked, and it
was, so i do not understand that. i then clicked the "OK" button again, and after a few secs the Connection Properties showed "Connected, Firewalled".
now i have checked System Event Viewer, and found these:
System Event Viewer:
ERROR - 10:44:22AM
Product: Windows Operating System
ID: 17
Source: W32Time
Version: 5.2
Symbolic Name: MSG_MANUAL_PEER_LOOKUP_FAILED_RETRYING
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '%1'. NtpClient will try the DNS lookup again in %3 minutes. The error was: %2
Explanation
The name of the time source, a manually configured peer, cannot be resolved.
User Action
Do one or more of the following:
Verify that the DNS name for the time source is a valid name.
Verify that the time source is available on the network by pinging the server.
______________________________
WARNING - 11:35.14AM
Product: Windows Operating System
ID: 4226
Source: Tcpip
Version: 5.2
Symbolic Name: EVENT_TCPIP_TCP_CONNECT_LIMIT_REACHED
Message: TCP/IP has reached the security limit imposed on the number of concurrent (incomplete) TCP connect attempts.
Explanation
The TCP/IP stack in Windows XP with Service Pack 2 (SP2) installed limits the number of concurrent, incomplete outbound TCP connection attempts. When the limit is reached, subsequent connection attempts are put in a queue and resolved at a fixed rate so that there are only a limited number of connections in the incomplete state. During normal operation, when programs are connecting to available hosts at valid IP addresses, no limit is imposed on the number of connections in the incomplete state. When the number of incomplete connections exceeds the limit, for example, as a result of programs connecting to IP addresses that are not valid, connection-rate limitations are invoked, and this event is logged.
Establishing connection–rate limitations helps to limit the speed at which malicious programs, such as viruses and worms, spread to uninfected computers. Malicious programs often attempt to reach uninfected computers by opening simultaneous connections to random IP addresses. Most of these random addresses result in failed connections, so a burst of such activity on a computer is a signal that it may have been infected by a malicious program.
Connection-rate limitations may cause certain security tools, such as port scanners, to run more slowly.
User Action
This event is a warning that a malicious program or a virus might be running on the system. To troubleshoot the issue, find the program that is responsible for the failing connection attempts and, if the program might be malicious, close the program as follows.
To close the program
At the command prompt, type
Netstat –no
Find the process with a large number of open connections that are not yet established.
These connections are indicated by the TCP state SYN_SENT in the State column of the Active Connections information.
Note the process identification number (PID) of the process in the PID column.
Press CTRL+ALT+DELETE and then click Task Manager.
On the Processes tab, select the processes with the matching PID, and then click End Process.
If you need to select the option to view the PID for processes, on the View menu, click Select Columns, select the PID (Process Identifier) check box, and then click OK.
--- how do i find the program that is responsible for the failing connection attempts and, if the program might be malicious... " if this is what has now happened ?!
thank* you
