D-Link Forums
The Graveyard - Products No Longer Supported => Routers / COVR => DGL-4500 => Topic started by: HankRiker on April 03, 2009, 02:22:03 PM
-
I need to ask a favor.
My mom has been shopping at yourfoodstore.com (http://yourfoodstore.com) for quite a while, but about six months ago, she couldn't get to the site, and I tried it, and couldn't either, and just assumed it was down. (We live about 35 miles from each other, with different equipment and configurations, and yet both are unable to get to that site.)
Yesterday, she called and spoke with someone there, and they told her the site had been up the entire time. Well, long story short, after hours of diagnosing, and calls to tech support sites, I finally tried the "System Check" function in my DGL-4500 FW1.02, and darn if the site didn't respond to the ping.
I connected a portable computer directly to the cable modem, and darn if it didn't come up.
This was after trying everything. I turned off SPI, set all the settings to the lowest levels, set the DMZ to a computer, tried changing the DNS entries, tried everything, but couldn't get to the site, and couldn't ping it. I can't access that site at all if I am making my connection through the router.
So, the favor... Will some of you out there try and go there and report back?
Is this a problem specific to Time Warner AND D-Link, or just D-Link? This is the weirdest darn thing I've ever seen.
If this is some obscure D-Link issue, I wonder if it's affecting other sites as well?
Thanks in advance,
Hank
-
Do you see log entries generated when you try to visit the site?
-
Hi Hank,
I'm on TWC/RR service as well. I'm able to see the site perfectly.
I am using OpenDNS servers, as the ones provided by TWC are VERY flaky.
I am using a DGL-4500 with 1.16b03 FW, and I also have a DGL-4300 with 1.9 FW. Both seem to work just fine.
Out of curiosity, where are you located?
You say you EVEN bypassed the router, and plugged straight into the modem? And nothing came up? Well, that's obviously a TWC problem in your area more than a D-Link issue.
Do try and change your DNS servers manually in your router, and reboot. Also, please disable DNS relay.
Setting OpenDNS servers:
> Open router config, and navigate to the "Basic" tab
> On left side, select "Internet" and then click "Manual Configure"
> Enter in Primary and Secondary.
> Primary DNS Server: 208.67.222.222
> Secondary DNS Server: 208.67.220.220
> Save and Reboot Later
Disable DNS Relay:
> Left side in "Basic" tab, click "Network"
> Enable DNS Relay should be un-checked.
> Save and Reboot
If you cannot ping it, or even trace it still after this, or even resolve it for that matter - then it is an issue with TWC in your area.
It could even be the modem/gateway, as TWC DOES offer VOIP Gateways as well as modems to users.
Good luck Hank.
Edit: Just to add, I tried pinging the site also. It apparently does not accept ping requests, so that's probably why it timed out.
-
Just just checked and I had no problem accessing the site using my DGL-4500 router.
I even checked the source code of the site and there doesn't appear to be anything there that would cause problems.
-
Hi Hank,
I'm on TWC/RR service as well. I'm able to see the site perfectly.
I am using OpenDNS servers, as the ones provided by TWC are VERY flaky.
As am I.
I am using a DGL-4500 with 1.16b03 FW, and I also have a DGL-4300 with 1.9 FW. Both seem to work just fine.
Well darn. That's odd. I believe the 4300 my mom is using is FW1.9.
Out of curiosity, where are you located?
East Coast, United States
You say you EVEN bypassed the router, and plugged straight into the modem? And nothing came up? Well, that's obviously a TWC problem in your area more than a D-Link issue.
Actually, that was unclear, I was able to get to the site when the 4500 was removed from the mix, and also was able to ping from the 4500's System Check function.
Do try and change your DNS servers manually in your router, and reboot. Also, please disable DNS relay.
If you cannot ping it, or even trace it still after this, or even resolve it for that matter - then it is an issue with TWC in your area.
It could even be the modem/gateway, as TWC DOES offer VOIP Gateways as well as modems to users.
I am on an Ambit (Boot Code Version : 2.1.6d, Software Version : 2.105.1008, Hardware Version : 1.20)
Good luck Hank.
Thanks, and thanks for checking.
-
Reinvented,
By this I connected a portable computer directly to the cable modem, and darn if it didn't come up.
I take this to mean that it did come up without the router.
"Darn if it didn't come up" is more of an expression that it worked when you didn't expect it to.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Looks like the Op replied as I went to post this, comfirming what I was sayiing :P
-
Do you see log entries generated when you try to visit the site?
I just tested that, and oddly enough, I don't.
I did get one, but I don't think it's releated:
[INFO] Fri Apr 03 16:40:20 2009 Blocked incoming TCP packet from 125.76.242.9:25511 to 66.66.91.81:47641 as RST:ACK received but there is no active connection
-
Edit: Just to add, I tried pinging the site also. It apparently does not accept ping requests, so that's probably why it timed out.
Try using the System Check in your router. I was able to ping it just fine from there.
EDIT:
I take that back. What I was seeing when I ping, was the OpenDNS "You can't get there from here" page. When I dropped to one of the other DNS sets I've tested, I wasn't getting a ping back either.
-
Reinvented,
By this
I take this to mean that it did come up without the router.
"Darn if it didn't come up" is more of an expression that it worked when you didn't expect it to.
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Looks like the Op replied as I went to post this, comfirming what I was sayiing :P
Exactly. If I wasn't so flustered, I would have caught my use of the idiom. I usually refrain from using idioms when I can, as they often don't translate well, especially with machine translation.
-
Just just checked and I had no problem accessing the site using my DGL-4500 router.
I even checked the source code of the site and there doesn't appear to be anything there that would cause problems.
Thank you for trying. What firmware are you running? I'm still at FW v1.02, and now I'm wondering if that's the issue, or if it's something more obscure.
-
125.76.242.9:25511 is a chinese hacking attempt
if you do a whois lookup on a lot of the IP addresses that are blocked as incoming, you'll find a lot of them originate from China.
-
Try using the System Check in your router. I was able to ping it just fine from there.
Yeah, there's where I was pinging it from as well. I tried it through command prompt, and on my Mac's TCP connection settings.
Still no dice.
What modem do you use for your service?
-
Now for a whole different direction.
What web browser did you use at both locations?
What error does your browser produce when you try to visit the site and how long does it take to produce it?
Security software?
-
Now for a whole different direction.
What web browser did you use at both locations?
Tried with both Firefox and IE7.
What error does your browser produce when you try to visit the site and how long does it take to produce it?
It takes quite a while to time out, and IE 7 reports "Internet Explorer cannot display the webpage" while Firefox reports "Connection Interrupted / The connection to the server was reset while the page was loading." and the iPodTouch Gen2 (Safari) reports "Cannot Open Page / Safari could not open the page because the server stopped responding."
Security software?
avast! Free, SpywareBlaster, Spybot Search & Destroy, Windows Defender.
-
Yeah, there's where I was pinging it from as well. I tried it through command prompt, and on my Mac's TCP connection settings.
Still no dice.
What modem do you use for your service?
TWC Provided Ambit U10C018.
-
That particular IP address is from China.
Systems Security is a specialty of mine and I deal with the detection and removal of Malware and other related parasites.
I have done many Reverse IP lookups and found many of them to be from China.
Others originate from all over the world, via worms loose on the net, BotNets and other means.
But many of the Chinese IP's are hackers using what ever tools they have at their disposal.
-
Your iPod Touch convinced me security software is not the issue.
hmmmm, I think it is time to discuss using voodoo to resolve your issues.
-
Your iPod Touch convinced me security software is not the issue.
hmmmm, I think it is time to discuss using voodoo to resolve your issues.
Heh. I know. That's why I'm flustered...
At this point, I really think it's either a security setting in the router, or something in FW v1.02.
Beyond that? What could possibly cause these symptoms?
-
:lol: Looks like we got a bit sidetracked here. :)
After all, he did ask about that blocked IP and I just provided him with information concerning it :D
-
Here is an Idea.....
Check the DNS settings of the router, then bypass the router and see what DNS settings you come up with.
Maybe your router has been hit with DNS poisoning?
Did you take the time to properly secure the router or did you leave it with the Factory default or a weak password?
Vulnerability to DNS poisoning was one of the weaknesses of firmware 1.02 and last year there was a major effort by all companies to eliminate this vulnerability in their hardware products and in Operating Systems.
-
Here is an Idea.....
Check the DNS settings of the router, then bypass the router and see what DNS settings you come up with.
Good thought. I connected the portable to the modem, and now have the IP address of the site. I connect the router back up, and try using the IP address, and it fails. Argh.
Maybe your router has been hit with DNS poisoning?
I don't believe that to be true. I use a good, randomly generated password from GRC.com for it. No dictionary attacks here. ;)
Vulnerability to DNS poisoning was one of the weaknesses of firmware 1.02 and last year there was a major effort by all companies to eliminate this vulnerability in their hardware products and in Operating Systems.
I am aware of the issues, I actually had asked a while back about the stability of FW's beyond 1.02 due to that exact problem, but I have tested myself, and do use OpenDNS, so I doubt that's the issue.
-
Ok, then log into your router and try changing the DNS settings to OpenDNS using these DNS settings:
208.67.222.222
208.67.220.220
Then on your system, go into Internet Options > conections and make sure that AutoDetect Proxy settings is Not checked as this can sometimes bypass the DNS settings of the router.
While you're at it, later on you might want to open an account with OpenDNS so you can use the Dashboard (webpage) where you can actively block sites according to category and/or domain. ConFlicker is actively blocked by OpenDNS too which is a plus.
-
Ok, then log into your router and try changing the DNS settings to OpenDNS using these DNS settings:
Um, I think I've mentioned a few times that I'm using OpenDNS. In the router. Just like you described.
And Autodetect is off on my machines. Thanks for the suggestions though. :)
I have now tried:
- Falling back to the default settings in the router
- Trying the native TWC DNS servers
- Trying the INAIC Public Root DNS servers
But I don't think it is a DNS issue, as I have the IP address of yourfoodstore.com (http://yourfoodstore.com), 199.108.162.224 (http://199.108.162.224) and using that directly doesn't resolve the web site either.
I'm going to give up for a few hours and have dinner. Perhaps I'll have an epiphany.
Thanks again to everyone for their suggestions and help.
-
My Bad...
I should have scrolled back and reread things. :)
a bit hectic here at home and I got a bit distracted. :P
-
BTW....
This just started a couple of days ago, so it's not related, but could possibly cause problems now.
It seems that DNS servers are starting to get attacked with a DDoS attack since the 1st of this month.
This may possibly be what the April 1st Conflicter payload was.
http://isc.sans.org/diary.html?storyid=6121
http://www.theinquirer.net/inquirer/news/638/1051638/register-com-suffers-dos-attack
http://www.scmagazineus.com/DDoS-attacks-hit-major-web-services/article/130060/
-
This sounds like the infamous "IE UserAgent String Length Issue" at work again as of late. This is happening more and more due to really bad practices by MS...
Essentially, IE is sending a UserAgent string that is too long - usually somewhere over 200 characters. This causes the firewall of some sites to reject the connection request, and your browser to "error out".
You can check the content/length of your browser UserAgent string here:
http://www.enhanceie.com/ua.aspx
You might see something like this:
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0;
.NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR
3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR
3.0.4506.2152; .NET CLR 3.5.30729)
You'll probably also see a big yellow warning box about your string being too long - this is what is causing the issue. You'll probably also notice the ridiculously long string content itself - full of seemingly every .NET framework version/update, as well as perhaps some MS Office related module versions/updates - THESE appended entries from MS are what are causing the problem, and need to be removed/deleted.
Apparently, MS decided to append IE's UA string with this nonsense every time you installed/updated a .NET Framework package, or certain MS Office updates/packages etc, thus creating the increasingly common problem over time. Essentially, the older a Windows install is, the more likely its going to have been updated with these packages, and the more likely the UA string will get too long.
Why did Microsoft decide to append the UA string with all this nonsense to begin with? Good question, and a very bad practice best left to MS to explain. Feel free to contact them about the issue.
Regardless, you can edit the registry and solve your problem. Go to the following key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Platform]
..and delete everything aside from "Default". That should take care of the issue.
Good luck
-
This sounds like the infamous "IE UserAgent String Length Issue" at work again as of late. This is happening more and more due to really bad practices by MS...
Essentially, IE is sending a UserAgent string that is too long - usually somewhere over 200 characters. This causes the firewall of some sites to reject the connection request, and your browser to "error out".
<snip>
Thanks for the reply, but I cannot reach the yourfoodstore.com with any browser, not just Internet Explorer. Firefox, Opera, Chrome, Safari (even on an iPodTouch) all fail to resolve the web site. I've also tried it on a variety of machines, with different operating systems.
Yet if I connect a machine directly to the cable modem, I can resolve the page in any of the above mentioned browsers.
Still, interesting to know about the string length. Thanks.
-
FWIW I can't load that site either and http://downforeveryoneorjustme.com/ says that the site is up.
-
FWIW I can't load that site either and http://downforeveryoneorjustme.com/ says that the site is up.
Oh man! Thank you for that site. That's great!
And even better, you also can't get to it?
Of course, now I have to ask, are you on the East coast? DGL-4500? FW? Hosting Provider (TWC?)?
I have an old Linksys POS that I am currently trying to find, to test that on the portable.
I considered getting a Netgear WNR3500, but I'd rather wait for D-Link's next DGL, as I'm comfortable with the interface, and feel they make pretty solid gear. If I can find the POS, I'll report back.
Thanks again.
-
Okay. Finally found the old Linksys BEFSR41 V.2 POS.
Guess what? It works.
I can get to yourfoodstore.com (http://yourfoodstore.com) just fine. Which means it's most certainly the DGL-4500.
I suppose now I can focus my efforts there, now that I know it's the point of failure.
Is there anyone running FW v1.02 that can get to the site? If so, please private message me, as I would like to try and emulate your settings. There are so many options, and if a DMZ was not enough, I'm guessing it really IS something obscure.
Hmm. Reinvented mentioned being able to connect with a DGL-4300 and FW 1.9. I think that will be my next step, actually. I have a spare, that I will flash to FW 1.9, and give that a try...
Thanks again, everyone.
-
I'm running the 4500 fw 1.16b3.
-
I have had my Eureka moment...
I have two DGL-4300's on-site, one A1 hardware and one A4 hardware with both units now flashed to firmware v1.9.
Very long story short: It is the MAC Address!! and also the hardware version on the 4300...
On the A4 unit, setting the MAC Address to the default (printed on the bottom) allows me to bring up yourfoodstore.com (http://yourfoodstore.com) every time, in every browser.
Oddly, the A1 unit with FW:1.9 and default MAC Address STILL fails.
That kinda ticks me off a bit, especially if the one my mom is using is a A1, which would mean I'd have to trade her my spare A4.
Also, my DGL-4500 HW:A1 FW:1.02 when set to the default MAC Address, works!
The practical upshot is, I have NO idea why the default MAC Address matters in my attempts to connect, but the moment I change it (power cycling the Cable-modem so that it recognizes the changed MAC) it fails. I can browse elsewhere, but that page consistently fails.
I am very pleased that I didn't have to upgrade my 4500's FW past 1.02, just typing in the default MAC Address from the bottom of the unit, and resetting things was enough so that I now can bring up the site.
Anyone at D-Link wanna trade me for one or perhaps two somewhat quirky units for two (or one really shiny one) that is much less quirky? Heh. I need to find out if my mom's 4300 will work with this fix, but I am hopeful. It was bought after my A1...
In conclusion: If anyone else is having this problem, try setting your MAC Address to the default, and if it's a 4300, you might also need to be at FW1.9. Sadly, if you are on the A1 hardware, you might also be out of luck.
Thanks again for the help, and hope this helps someone.
Hank
-
Well I discovered that if I clone my pc's mac address that I can reach yourgrocerystore.com but if I leave it at the standard string of zeros I cannot. Problem solved by cloning mac address on my pc.
-
I can sea the the store just fine four me.On windows vista sp1 plus windows vista sp2 and windows xp sp1 windows xp sp2 plus windows xp 3.
yourfoodstore all links work four on the web site.
-
Well I discovered that if I clone my pc's mac address that I can reach yourgrocerystore.com but if I leave it at the standard string of zeros I cannot. Problem solved by cloning mac address on my pc.
Interesting. I tried cloning the PC's address, and that failed when I tested the site. Only falling back to the MAC Address printed on the bottom of the router allowed me to connect.
I'm not surprised that all zeros would fail, as I don't believe that meets the criterion for a valid MAC id.
I'll test this again with my mother's router, when I flash it to FW1.9.
Thanks for the info.
-
Okay. My mom had a DGL-4300, revision A2.
I flashed to FWv1.9, no joy with the MAC id that I had originally assigned.
Tried to echo the MAC id of the host adapter of her computer, no joy.
Mirrored the first printed MAC id on the bottom of the router. No joy.
Mirrored the second printed MAC id on the bottom of the router.
It worked.
I'm calling this issue resolved, if a bit ... quirky. I could see where folks who have to mirror the MAC Address from their PC's would have an issue with this fix, but that said, I have not personally seen another site that was unresolvable due to the issue. If we start to see more, then it might be worth formally nailing down.
Thanks again for your comments and assistance, all.
Hank.