sort of OT: Linksys router blocking certain sites

Lisa Kachold lisakachold at obnosis.com
Sat Aug 1 16:45:02 MST 2009 

On 8/1/09, Jason Hayes <jason at jasonhayes.org> wrote:
> Not sure why this is happening.
>
> My Linksys WRT54GS router just suddenly (yesterday a.m.) started blocking a
> group of sites that I administer. I was working on one of the sites and it
> started getting slower and slower, then finally cut out.

Are you possibly locked out at that hosting provider?  Ask that they
"escalate your ticket" to the highest level you can to rule out system
firewall lockouts?

How are you accessing these sites?  Port 22?  VNC?  http/https through
auth processes?

> I know the sites are working because if I plug straight into the modem, I
> can
> access them. (Also family in Canada can access them without any issues.)
> Also,
> the rest of the Internet is still out there - I can access pretty much any
> other site.

So, you possibly can't get a new cox IP address but you can request
they verify you did not get into one of their traps?

Let's look further:

1) Can you traceroute from the command line to the server?  If not
where does it fail?

2) If you limit icmp, can you netcat trace to that port?
http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html

http://www.textfiles.com/hacking/INTERNET/netcat.txt

3) Or nmap the server?

# nmap -P0 servername

> I've talked with my hosting company and they swear up and down that nothing
> has changed and the sites are working as normal.

Do you have cookies in place - clear your browser cookies?  Try another browser?

Netcat, traceroute and nmap will bypass the browser, but just in case...

Also did you change your dns server settings in your /etc/resolv.conf?
Check to make sure your nslookup is the same.

Did you possibly setup a hosts file hack to work on a mock up of the
website and forget it on your own box?  Verify /etc/hosts file...

> While fighting with this, I've updated the firmware (to the latest version -
> V
> 7.2.06), reset all the settings to factory default, and re-set up my home
> network.

Are other machines on your network doing the same thing?
Have someone come over and fire up their laptop to rule out XSS
plugins and other hacks?

> Everything is fine except for those few websites. Anyone ever seen anything
> like this?
> --
> Jason Hayes

-- 
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com

More information about the PLUG-discuss mailing list