sort of OT: Linksys router blocking certain sites

Lisa Kachold lisakachold at obnosis.com
Sat Aug 1 16:53:12 MST 2009


Also, DO NOT SAVE YOUR router password in your browser protected cache!

CRSF, MITM ssl, XSS exploits and other javascript naughtiness can play
havok on your sanity!

Do not do it.  Make sure it's a great number of characters.

Also, DO NOT advertise your SSID; USE WEP2 (just using Mac address
alone will not be enough) and be sure that your router doesn't have a
lot of blank 00:00:00:00:00:00 entries, because it's trivial to setup
your mac address for 6 sets of zeros.



On 8/1/09, Lisa Kachold <lisakachold at obnosis.com> wrote:
> On 8/1/09, Jason Hayes <jason at jasonhayes.org> wrote:
>> Not sure why this is happening.
>>
>> My Linksys WRT54GS router just suddenly (yesterday a.m.) started blocking
>> a
>> group of sites that I administer. I was working on one of the sites and
>> it
>> started getting slower and slower, then finally cut out.
>
> Are you possibly locked out at that hosting provider?  Ask that they
> "escalate your ticket" to the highest level you can to rule out system
> firewall lockouts?
>
> How are you accessing these sites?  Port 22?  VNC?  http/https through
> auth processes?
>
>> I know the sites are working because if I plug straight into the modem, I
>> can
>> access them. (Also family in Canada can access them without any issues.)
>> Also,
>> the rest of the Internet is still out there - I can access pretty much
>> any
>> other site.
>
> So, you possibly can't get a new cox IP address but you can request
> they verify you did not get into one of their traps?
>
> Let's look further:
>
> 1) Can you traceroute from the command line to the server?  If not
> where does it fail?
>
> 2) If you limit icmp, can you netcat trace to that port?
> http://www.jfranken.de/homepages/johannes/vortraege/netcat.en.html
>
> http://www.textfiles.com/hacking/INTERNET/netcat.txt
>
> 3) Or nmap the server?
>
> # nmap -P0 servername
>
>> I've talked with my hosting company and they swear up and down that
>> nothing
>> has changed and the sites are working as normal.
>
> Do you have cookies in place - clear your browser cookies?  Try another
> browser?
>
> Netcat, traceroute and nmap will bypass the browser, but just in case...
>
> Also did you change your dns server settings in your /etc/resolv.conf?
> Check to make sure your nslookup is the same.
>
> Did you possibly setup a hosts file hack to work on a mock up of the
> website and forget it on your own box?  Verify /etc/hosts file...
>
>> While fighting with this, I've updated the firmware (to the latest version
>> -
>> V
>> 7.2.06), reset all the settings to factory default, and re-set up my home
>> network.
>
> Are other machines on your network doing the same thing?
> Have someone come over and fire up their laptop to rule out XSS
> plugins and other hacks?
>
>> Everything is fine except for those few websites. Anyone ever seen
>> anything
>> like this?
>> --
>> Jason Hayes
>
> --
> http://linuxgazette.net/165/kachold.html
> (623)239-3392
> (503)754-4452 www.obnosis.com
>


-- 
http://linuxgazette.net/165/kachold.html
(623)239-3392
(503)754-4452 www.obnosis.com


More information about the PLUG-discuss mailing list