Hi Dave,
A couple of questions might provide us with better problem resolution:
When trying to access the domain names in question were you trying to
access the domain from a host inside of the router? or outside of the
router?
Was this symptom reported to you from an external source? Or was it
an internal assessment? These things can point to vastly different
problems. All sources must be checked and confirmed for a more
accurate assessment. It's entirely possible that the router had a
'brain fart' and stopped packet forwarding to those hosts... it's
unfortunate that the router wasn't able to provide you with more
troubleshooting information. Perhaps you should also contact your ISP
and inquire as to logs about what traffic was directed at your ips
during the times in question and see if that might have anything to
do with the error.
Understanding the topology would give us greater clarity on the
issue, and potential solutions as they may be appropriate.
Sincerely,
Sean Swayze
info@pcsage.biz
On 21-Jan-06, at 3:08 PM, Dave wrote:
I had an odd experience yesterday and was wandering if anyone could
help shed some light on it...
I run a webserver that I keep behind a router/firewall. The router
is a standard store bought Linksys BEFSX41. The firewalls NAT
feature is disabled so someone on the local LAN can access the
server via it's Internet domain name. The routers 'remote
administration' feature is disabled so no one outside the LAN can
log into the config page.
The problem: Yesterday a couple of the websites being hosted on the
server were basiclly unavailable. At first we were thinking DoS of
some sort but no evidence in the servers logs to support this as
far as I know. At any rate, when I would try to access the problem
page I was greeted with the router log in prompt! I (using a local
machine) log into the router to verify that the 'remote
administration' option is dissabled...it was. So why when I tried
to access the troubled website via domain name
(www.troubled_site.com) I was greeted with my routers log in prompt?
The routers firmware is up to date...I call linksys and asked if
they knew what it could be. they did not know. I looked for and
asked if anyone knew of any exploit code that could do this to this
router...no luck (doesnt mean it doesnt exist). So why was my
router (for a short time only) prompting website visitors with it's
log in prompt?
Any ideas / comments appreciated.
dave
----------------------------------------------------------------------
-----
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec
management education and the case study affords you unmatched
consulting experience. Tailor your education to your own
professional goals with degree customizations including Emergency
Management, Business Continuity Planning, Computer Emergency
Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------
-----
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
