On Saturday 01 August 2009 04:53:12 pm Lisa Kachold wrote: > Also, DO NOT SAVE YOUR router password in your browser protected cache! > > CRSF, MITM ssl, XSS exploits and other javascript naughtiness can play > havok on your sanity! > > Do not do it. Make sure it's a great number of characters. > > Also, DO NOT advertise your SSID; USE WEP2 (just using Mac address > alone will not be enough) and be sure that your router doesn't have a > lot of blank 00:00:00:00:00:00 entries, because it's trivial to setup > your mac address for 6 sets of zeros. Thanks for the ideas. Have to run out for a few minutes, but will take a look at your suggestions when I get back. Jason > > On 8/1/09, Lisa Kachold wrote: > > On 8/1/09, Jason Hayes wrote: > >> Not sure why this is happening. > >> > >> My Linksys WRT54GS router just suddenly (yesterday a.m.) started > >> blocking a > >> group of sites that I administer. I was working on one of the sites and > >> it > >> started getting slower and slower, then finally cut out. > > > > Are you possibly locked out at that hosting provider? Ask that they > > "escalate your ticket" to the highest level you can to rule out system > > firewall lockouts? > > > > How are you accessing these sites? Port 22? VNC? http/https through > > auth processes? > > > >> I know the sites are working because if I plug straight into the modem, > >> I can > >> access them. (Also family in Canada can access them without any issues.) > >> Also, > >> the rest of the Internet is still out there - I can access pretty much > >> any > >> other site. > > > > So, you possibly can't get a new cox IP address but you can request > > they verify you did not get into one of their traps? > > > > Let's look further: > > > > 1) Can you traceroute from the command line to the server? If not > > where does it fail? > > > > 2) If you limit icmp, can you netcat trace to that port? > > http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html > > > > http://www.textfiles.com/hacking/INTERNET/netcat.txt > > > > 3) Or nmap the server? > > > > # nmap -P0 servername > > > >> I've talked with my hosting company and they swear up and down that > >> nothing > >> has changed and the sites are working as normal. > > > > Do you have cookies in place - clear your browser cookies? Try another > > browser? > > > > Netcat, traceroute and nmap will bypass the browser, but just in case... > > > > Also did you change your dns server settings in your /etc/resolv.conf? > > Check to make sure your nslookup is the same. > > > > Did you possibly setup a hosts file hack to work on a mock up of the > > website and forget it on your own box? Verify /etc/hosts file... > > > >> While fighting with this, I've updated the firmware (to the latest > >> version - > >> V > >> 7.2.06), reset all the settings to factory default, and re-set up my > >> home network. > > > > Are other machines on your network doing the same thing? > > Have someone come over and fire up their laptop to rule out XSS > > plugins and other hacks? > > > >> Everything is fine except for those few websites. Anyone ever seen > >> anything > >> like this? > >> -- > >> Jason Hayes > > > > -- > > http://linuxgazette.net/165/kachold.html > > (623)239-3392 > > (503)754-4452 www.obnosis.com -- Jason Hayes --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss