Wait! You rebuilt that Linksys firmware?
Did you reset it completely first? I suggest you were pwnd. (Like a great many of us are!) I have the pond scum get into my stuff regularly and endure them until I get around to flushing them rebuilding. One or two I cooperate to trap, track, report, and jail (with NSA and local authorities, via coordination with telecom/cable; companies that investigate like google, godaddy, and banks). Other sick stalker types, I endure (because they are really young) [for awhile]. I suggest you get that image and use a binary hex editor to determine where it's going and what is on it? Call me I will help! On 8/2/09, Jason Hayes <ja...@jasonhayes.org> wrote: > > I guess that this must be a Linksys thing then. Everything works fine for a > few > years and then it digs in its heels and refuses to load the site(s) that you > have to be able to access. > > No solutions for the Linksys router, but I had a D-Link WBR-1310 sitting in > a > box new and unused here at home. I fired it up and, at least at first blush, > everything seems to be back to normal. The sites are loading (a little slow, > but they're loading.) > > No idea what caused that problem. > > Thanks to everyone who commented! > > Jason > > > On Sunday 02 August 2009 09:58:11 am Steve Phariss wrote: >> I had an old Linksys wired router that was acting the same way. I was >> able >> to access all sites I tried, but one (the web site was was actively >> working >> on) I could access from a direct connect to the modem, but not from the >> router. I had Cox reset my modem, I even had them reprovision me and >> assign a new IP but nothing worked (hmmm now that I think about it, the >> reprovision MAY have worked for a couple times, don;t remember). On the >> router side I reflashed the firmware, and moved the ports I was using. I >> even reloaded my network drivers on the PC. I eventually got a new router >> and all was well again. the funny thing was I could access the other >> domain on hte same host (used bluehost.com with several domains attached) >> >> >> I do not remember if I could connect using the IP, may not have even >> tried. >> >> On Sat, Aug 1, 2009 at 11:27 PM, Bryan O'Neal > <bon...@cornerstonehome.com>wrote: >> > I am sure this is a stupid question, but have you flashed your router? >> > Or >> > tried accessing on a different port? You may have a nat lock, though I >> > have never heard of one lasting through a power cycle on a Linksys, I >> > would not put it past it. Flashing (Or even doing a full factory reset) >> > should clear that. >> > >> > On Sat, Aug 1, 2009 at 8:39 PM, Jason Hayes <ja...@jasonhayes.org> >> > wrote: >> >> On Saturday 01 August 2009 04:45:02 pm Lisa Kachold wrote: >> >> > On 8/1/09, Jason Hayes <ja...@jasonhayes.org> wrote: >> >> > > Not sure why this is happening. >> >> > > >> >> > > My Linksys WRT54GS router just suddenly (yesterday a.m.) started >> >> >> >> blocking >> >> >> >> > > a group of sites that I administer. I was working on one of the >> >> > > sites >> >> >> >> and >> >> >> >> > > it started getting slower and slower, then finally cut out. >> >> > >> >> > Are you possibly locked out at that hosting provider? Ask that they >> >> > "escalate your ticket" to the highest level you can to rule out >> >> > system >> >> > firewall lockouts? >> >> >> >> Can't be that because if I bypass the router and plug my main computer >> >> directly into the Cox modem, I can access the sites without any >> >> problems. When >> >> I do that I can view the site and sign in as admin, add content, etc. >> >> >> >> > How are you accessing these sites? Port 22? VNC? http/https >> >> > through >> >> > auth processes? >> >> >> >> Nothing terribly complex -- Just http. These are simple drupal websites >> >> that I >> >> have set up for clients. I was working on a new theme for one of the >> >> websites >> >> (www.bonnydann.com), when the router started acting up. >> >> >> >> Also noticed that when I'm running through the Linksys router, I can >> >> log >> >> in to >> >> the ftp portion of the site for file uploads, etc. without any >> >> problems. >> >> I'm >> >> also getting email from the accounts on that hosting package. So I know >> >> it is >> >> just the web portion (http) that is acting up. >> >> >> >> > > I know the sites are working because if I plug straight into the >> >> >> >> modem, I >> >> >> >> > > can >> >> > > access them. (Also family in Canada can access them without any >> >> >> >> issues.) >> >> >> >> > > Also, >> >> > > the rest of the Internet is still out there - I can access pretty >> >> > > much any other site. >> >> > >> >> > So, you possibly can't get a new cox IP address but you can request >> >> > they verify you did not get into one of their traps? >> >> > >> >> > Let's look further: >> >> > >> >> > 1) Can you traceroute from the command line to the server? If not >> >> > where does it fail? >> >> >> >> From the router Administration --> Diagnostics page on the WRT54GS, I >> >> can ping >> >> to the site, no packets lost >> >> >> >> PING bonnydann.com ( 66.116.193.208 ) : 56 data bytes >> >> 64 bytes from 66.116.193.208: icmp_seq=0, ttl=52 times=70. ms >> >> 64 bytes from 66.116.193.208: icmp_seq=1, ttl=52 times=70. ms >> >> 64 bytes from 66.116.193.208: icmp_seq=2, ttl=52 times=70. ms >> >> 64 bytes from 66.116.193.208: icmp_seq=3, ttl=52 times=70. ms >> >> 64 bytes from 66.116.193.208: icmp_seq=4, ttl=52 times=80. ms >> >> --- bonnydann.com ping statistics --- >> >> packets transmitted = 5 , packets received = 5 packet loss = 0% >> >> round-trip min/avg/max = 70/72/80 >> >> >> >> Can also traceroute to the site >> >> >> >> traceroute to bonnydann.com (66.116.193.208) ,30 hops max,40 byte >> >> packet >> >> 1 10.35.128.1 (10.35.128.1) 10. 0 ms <10.0 ms <10.0 ms >> >> 2 68.2.1.253 (68.2.1.253) <10.0 ms <10.0 ms <10.0 ms >> >> 3 70.169.73.45 (70.169.73.45) 10. 0 ms 10. 0 ms <10.0 ms >> >> 4 68.1.0.165 (68.1.0.165) 10. 0 ms 10. 0 ms 10. 0 ms >> >> 5 4.69.133.34 (4.69.133.34) 10. 0 ms 10. 0 ms 10. 0 ms >> >> 6 4.69.133.38 (4.69.133.38) 20. 0 ms 30. 0 ms 20. 0 ms >> >> 7 4.69.144.138 (4.69.144.138) 20. 0 ms * 20. 0 ms >> >> 8 63.146.27.33 (63.146.27.33) 20. 0 ms 20. 0 ms 30. 0 ms >> >> 9 * * * Request timed out. >> >> 10 63.144.63.214 (63.144.63.214) 70. 0 ms 80. 0 ms 70. 0 ms >> >> 11 * * * Request timed out. >> >> 12 66.116.193.208 (66.116.193.208) 70. 0 ms 80. 0 ms 70. 0 ms >> >> Traceroute Complete. >> >> >> >> > 2) If you limit icmp, can you netcat trace to that port? >> >> > http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html >> >> >> >> Looking at his "querying webservers" section and using >> >> >> >> printf 'GET / HTTP/1.0\n\n' | nc -w 10 www.bonnydann.com 80 >> >> >> >> I get >> >> >> >> www.bonnydann.com [66.116.193.208] 80 (www) : Connection timed out >> >> >> >> When I unplug the WRT54GS and plug straight into the modem, I get >> >> >> >> HTTP/1.1 503 >> >> Date: Sun, 02 Aug 2009 03:15:40 GMT >> >> Server: Apache >> >> Cache-Control: store, no-cache, must-revalidate, post-check=0, >> >> pre-check=0 Expires: Sun, 19 Nov 1978 05:00:00 GMT >> >> X-Powered-By: PHP/4.4.9 >> >> Set-Cookie: >> >> SESSd41d8cd98f00b204e9800998ecf8427e=bfe600d5c18c137cd565b33c1be80cd0; >> >> expires=Tuesday, 25-Aug-09 06:49:00 GMT; path=/ >> >> Cache-Control: max-age=1209600 >> >> Expires: Sun, 16 Aug 2009 03:15:40 GMT >> >> Last-Modified: Sun, 02 Aug 2009 03:15:40 GMT >> >> Connection: close >> >> Content-Type: text/html; charset=utf-8 >> >> >> >> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" >> >> "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";> >> >> <html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en" >> >> dir="ltr"> >> >> <head> >> >> >> >> and the rest of the main page, down to ... >> >> >> >> </div> <!-- /container --> >> >> </div> >> >> <!-- /layout --> >> >> >> >> </body> >> >> </html> >> >> >> >> > http://www.textfiles.com/hacking/INTERNET/netcat.txt >> >> > >> >> > 3) Or nmap the server? >> >> > >> >> > # nmap -P0 servername >> >> >> >> Through the WRT54GS >> >> >> >> Starting Nmap 4.76 ( http://nmap.org ) at 2009-08-01 19:09 MST >> >> Interesting ports on 66.116.193.208: >> >> Not shown: 999 closed ports >> >> PORT STATE SERVICE >> >> 21/tcp open ftp >> >> >> >> Nmap done: 1 IP address (1 host up) scanned in 41.80 seconds >> >> >> >> Pulling the WRT54GS out of the loop, >> >> >> >> Starting Nmap 4.76 ( http://nmap.org ) at 2009-08-01 20:17 MST >> >> Interesting ports on 66.116.193.208: >> >> Not shown: 995 filtered ports >> >> PORT STATE SERVICE >> >> 20/tcp closed ftp-data >> >> 21/tcp open ftp >> >> 80/tcp open http >> >> 443/tcp open https >> >> 873/tcp closed rsync >> >> >> >> Nmap done: 1 IP address (1 host up) scanned in 22.29 seconds >> >> >> >> > > I've talked with my hosting company and they swear up and down that >> >> > > nothing has changed and the sites are working as normal. >> >> > >> >> > Do you have cookies in place - clear your browser cookies? Try >> >> > another browser? >> >> > >> >> > Netcat, traceroute and nmap will bypass the browser, but just in >> >> > case... >> >> >> >> Have tried clearing the browser cache several times and have tried >> >> Kubuntu, >> >> Windows XP, and Windows Vista. For browsers, I've tried Firefox, IE 7 >> >> and 8, >> >> Konqueror, and Google Chrome. >> >> >> >> > Also did you change your dns server settings in your >> >> > /etc/resolv.conf? >> >> > Check to make sure your nslookup is the same. >> >> > >> >> > Did you possibly setup a hosts file hack to work on a mock up of the >> >> > website and forget it on your own box? Verify /etc/hosts file... >> >> >> >> Have not touched either the /etc/resolve.conf. >> >> >> >> No special hosts files, or anything like that. >> >> >> >> So I'm completely at a loss to explain why only a certain group of >> >> websites >> >> would be shut down by this router (that has been reset to factory >> >> defaults and >> >> has just had the latest firmware installed). >> >> >> >> Jason Hayes >> >> >> >> > > While fighting with this, I've updated the firmware (to the latest >> >> > > version - V >> >> > > 7.2.06), reset all the settings to factory default, and re-set up >> >> > > my >> >> >> >> home >> >> >> >> > > network. >> >> > >> >> > Are other machines on your network doing the same thing? >> >> > Have someone come over and fire up their laptop to rule out XSS >> >> > plugins and other hacks? >> >> > >> >> > > Everything is fine except for those few websites. Anyone ever seen >> >> > > anything like this? >> >> > > -- >> >> > > Jason Hayes >> >> >> >> --------------------------------------------------- >> >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> >> To subscribe, unsubscribe, or to change your mail settings: >> >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > >> > --------------------------------------------------- >> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> > To subscribe, unsubscribe, or to change your mail settings: >> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- http://linuxgazette.net/165/kachold.html (623)239-3392 (503)754-4452 www.obnosis.com --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
