router question...



I had an odd experience yesterday and was wandering if anyone could help shed some light on it...

I run a webserver that I keep behind a router/firewall. The router is a standard store bought Linksys BEFSX41. The firewalls NAT feature is disabled so someone on the local LAN can access the server via it's Internet domain name. The routers 'remote administration' feature is disabled so no one outside the LAN can log into the config page.

The problem: Yesterday a couple of the websites being hosted on the server were basiclly unavailable. At first we were thinking DoS of some sort but no evidence in the servers logs to support this as far as I know. At any rate, when I would try to access the problem page I was greeted with the router log in prompt! I (using a local machine) log into the router to verify that the 'remote administration' option is dissabled...it was. So why when I tried to access the troubled website via domain name (www.troubled_site.com) I was greeted with my routers log in prompt?

The routers firmware is up to date...I call linksys and asked if they knew what it could be. they did not know. I looked for and asked if anyone knew of any exploit code that could do this to this router...no luck (doesnt mean it doesnt exist). So why was my router (for a short time only) prompting website visitors with it's log in prompt?

Any ideas / comments appreciated.

dave

---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Tailor your education to your own professional goals with degree customizations including Emergency Management, Business Continuity Planning, Computer Emergency Response Teams, and Digital Investigations.


http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------



Relevant Pages

  • Re: can ping but nothing else can get online
    ... HJT should be run in Normal mode to get a log which will reveal more than one created in SM. ... Open a command prompt, click Start> Run, type in: ... If it times out then there is no communication between the router and machine. ... Pull the power from the router. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Jumpstart from Linux - djw questions
    ... > a) I do not want a default router so my sysidcfg file does not include it. ... deleting the /etc/defaultroute file in a finish script. ... I always want to run Gnome how do I disable this prompt? ...
    (comp.unix.solaris)
  • Re: Cisco 837 Router
    ... The terminal displays the following prompt: ... The router cycles its power, and the configuration register is set to ... Step 7 Enter the enable command to enter enable mode. ...
    (comp.dcom.sys.cisco)
  • Re: HomePortal DSL/Firewall/Router ??
    ... > prompt on these. ... Their website doesn't show anything like that. ... I have a Linksys router. ...
    (comp.os.linux.networking)
  • help on 2500 boot prompt
    ... I noticed that the ios image on flash has an invalid checksum, so I tried to get a "new" one via tftp, but once the download has completed, it calculates the new checksum and it is invalid again! ... I tried replacing the flash memory with another from an identical router with the same ios image: this time the checksum is valid but the prompt is still the same!! ...
    (comp.dcom.sys.cisco)