i've had a number of such incidents the past couple of days, and they do seem to come in spurts. i've had periods of several minutes when i couldn't connect to any site. i've also had dns lookup send me to the wrong site, usually one of those obnoxious bogus search sites that register misspellings of common domain names (but i checked my spelling or had clicked on a good link, and then wound up looking at stupid advertising...). i've also seen periods where there were a truly massive number of incursion attempts against my machine and downloads broke or i couldn't get any connections to work (dialup, 26k, dynamic ip). i've seen dozens of attempts to connect to me on odd ports (sometimes not the common cracking ports) in less than a minute. the incursion attempts have been going on for some time, they appear to be from spoofed addresses as many of them are often from ip#'s that belong to the same isp or company- usually 2-3 from one ip, then 2-3 from another and more in the same pattern. because of the timing i strongly suspect spoofed ip #'s. i've also seen a huge number of attempts on the common ports like 445 and 135. part of the problem is a large number of similar viruses on a truly huge number of infected machines. some of these do look at the clock on the infected system and make there attempts at the same time, which is part of what creates some of the waves of incursion attacks (from ip#'s that are from several companies/isp's). right now, in the last few hours i've seen a large number of attempts from ip#'s starting with 67.1 or 67.0 indicating spoofing or a large number of infected machines in that range or spoofing. attacks from ip#'s starting with 67.x or 68.x seem to be a large portion of the attacks. there have been a lot of incursion attempts aimed at routers and firewalls lately (after all, if you can hack a router you don't need to hack the machines it serves, you can effectively bug traffic that goes through the router). some of these are trying to get around the firewalls i suspect. it's been nuts out there for months now, with malicious activity levels i haven't seen for months and that in the past have only lasted a week or two when a particularly bad new virus came out. cryptogram says to rival "gangs" of crackers have been competing aggressively and even putting taunts of the other groups in the code of the virus for anyone who looks at the code. see cryptogram.org, it's a great security newsletter i highly recommend to all net users, for one thing it gives you a good idea of how these things work and when there are serious virii etc. going on. bottom line, it could have been any number of things, there are currently a lot of serious things going on at truly unusual levels for unusually long time periods. keep your virus software updated, i recommend sophos.com, they have a free trial download and it checks for mac or pc virii on either type of machine. also check the manufacturers site for any router or firewall you have for software updates as several router/firewall exploits have been recently discovered and are being used. it's also a good idea to power cycle all of your machines and firewalls/routers daily as this clears many of the virii which live in ram and have to reinfect you after a power cycle to start up again. Randy Glenn wrote: > > This might be relevant: > > http://slashdot.org/article.pl?sid=04/06/15/1427213&mode=thread&tid=126&tid=95 > > On Wed, 16 Jun 2004 01:35:13 +1200, Russell McMahon > wrote: > > > > I can't seem to get any WWW access and get DNS errors from many sites. > > NSLOOKUP to sites out of NZ time out. > > email from my sefver seems to be working. > > Has the world crashed ... ----------- -- http://www.piclist.com hint: PICList Posts must start with ONE topic: [PIC]:,[SX]:,[AVR]: ->uP ONLY! [EE]:,[OT]: ->Other [BUY]:,[AD]: ->Ads