Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.
Some users cannot access certain websites
I have a situation where I have about 80 users on my network and I have some wireless devices setup as well.
Most everyone is patched in through a patch panel which is then plugged into my server room switches.
Now the strange thing is that some users can access certain websites that others can't. For instance if on my computer I tried www.solmetric.com or www.answers.yahoo.com I get a page cannot be displayed, but the user just down the hallway from me can access those sites.
I have contacted my ISP provider and I have checked my DNS server for the correct forwarders in place and they are correct. I have flushed my DNS, cleared my cache and everything but nothing works. I still cannot access those sites and most of the users here can't either. Only about 5 can access it.
Now another issue came up where a user was connected to our Wifi and was able to pull up the site on there smart phone, then they connected there laptop to the wifi and then they couldn't connect to the website.
I don't know exactly why this is causing this issue to happen, any thoughts would be helpful thanks.
Most everyone is patched in through a patch panel which is then plugged into my server room switches.
Now the strange thing is that some users can access certain websites that others can't. For instance if on my computer I tried www.solmetric.com or www.answers.yahoo.com I get a page cannot be displayed, but the user just down the hallway from me can access those sites.
I have contacted my ISP provider and I have checked my DNS server for the correct forwarders in place and they are correct. I have flushed my DNS, cleared my cache and everything but nothing works. I still cannot access those sites and most of the users here can't either. Only about 5 can access it.
Now another issue came up where a user was connected to our Wifi and was able to pull up the site on there smart phone, then they connected there laptop to the wifi and then they couldn't connect to the website.
I don't know exactly why this is causing this issue to happen, any thoughts would be helpful thanks.
Asked:
-
7
4
3 Solutions
Yes I have checked those host files and all thats in there is the standard 127.0.0.1 local host
No proxies involved, I checked the LAN settings and nothing in there is checked
Yes I have tried IE, Chrome and Firefox = same results
And we all use Microsoft Security Essentials for our antivirus
No proxies involved, I checked the LAN settings and nothing in there is checked
Yes I have tried IE, Chrome and Firefox = same results
And we all use Microsoft Security Essentials for our antivirus
try this replace the dns server on yoru router and on your fowarders to a public dns lets try open dns or google dns or both .
208.67.222.22
8.8.8.8
now you should be able to access the sites
on a machien that cannot find the website lets start by doing a traceroute to the site
so you go to cmd and tracert answers.yahoo.com
firstly does it resolve it to a ip ?
and secondly look for the hop where it times out.
Does the hop time out internally on yoru network ? or does it time out outside.
Do you have any firewall which is doing any caching ?
Do you have any rogue dns server or rogue dhcp servers on the network ?
208.67.222.22
8.8.8.8
now you should be able to access the sites
on a machien that cannot find the website lets start by doing a traceroute to the site
so you go to cmd and tracert answers.yahoo.com
firstly does it resolve it to a ip ?
and secondly look for the hop where it times out.
Does the hop time out internally on yoru network ? or does it time out outside.
Do you have any firewall which is doing any caching ?
Do you have any rogue dns server or rogue dhcp servers on the network ?
I have done a traceroute from my machine to those sites and it resolves just fine, no time out or anything.
My ISP said to reboot my main router and firewall and see if it clears some cache, I have not done that yet, I cannot do it till this Weekend
As for the rougue DNS servers, I really don't know, some people come in here and just plug in hubs or switches to create mutiple connections, I do believe none of them are smart enough to give out a DNS or DHCP cuz I have run into that issue as well.
Anyway of being able to find one with out going to each office and looking?
My ISP said to reboot my main router and firewall and see if it clears some cache, I have not done that yet, I cannot do it till this Weekend
As for the rougue DNS servers, I really don't know, some people come in here and just plug in hubs or switches to create mutiple connections, I do believe none of them are smart enough to give out a DNS or DHCP cuz I have run into that issue as well.
Anyway of being able to find one with out going to each office and looking?
You can never be too sure about additional hubs being added, not to point any fingers but any one of those times could have been malicious. It may not be their fault when they add it if the machine they plugged in was already infected with malware to begin with.
Go ahead and reboot your router as scheduled and see if there is any improvement. On one of the problem computers, you might also try running a antimalware program like malwarebytes to see if it finds anything suspicious.
Go ahead and reboot your router as scheduled and see if there is any improvement. On one of the problem computers, you might also try running a antimalware program like malwarebytes to see if it finds anything suspicious.
Ok so I rebooted my router and firewall and still cannot access the sites....
I have run malware programs and virus scans and the comptuers are clean
I am going to try the public dns servers and see if that works, if it does than is it my ISP thats the issue?? and if thats the case how come other computers on the network can access them but others cant, actually accessing the sites through my server browser works too, so this is very confusing.
I have run malware programs and virus scans and the comptuers are clean
I am going to try the public dns servers and see if that works, if it does than is it my ISP thats the issue?? and if thats the case how come other computers on the network can access them but others cant, actually accessing the sites through my server browser works too, so this is very confusing.
Ok can your domain controller see the yahoo answers site? If you haven't already, can you verify that the working machines and problem machines have the exact same primary DNS entry which should be pointing to your domain controller?
If so, then on your domain controller, go to setup dns forwarding and use the public dns like opendns.com.
If so, then on your domain controller, go to setup dns forwarding and use the public dns like opendns.com.
Yes the Domain controller can see the yahoo answers site, yes all the machines work off DHCP and pull from the DC. The domain controller is on a Different VLAN however the machines that can't and can access the yahoo answers site are on the same VLAN.
Now I tried to see if it was switch related so I took the ethernet cable out of the computer that can access the sites and plugged it into my laptop and I still couldn't access those sites. I plugged it back into the other computer and could access the site instantly.
So its not switch related, router related, firewall related, spyware related, so it has to be DNS related but why only some and not all??
I'll try the public DNS on my DC as forwarders to see if that helps, if that does, then what, I know its my ISP??
Now I tried to see if it was switch related so I took the ethernet cable out of the computer that can access the sites and plugged it into my laptop and I still couldn't access those sites. I plugged it back into the other computer and could access the site instantly.
So its not switch related, router related, firewall related, spyware related, so it has to be DNS related but why only some and not all??
I'll try the public DNS on my DC as forwarders to see if that helps, if that does, then what, I know its my ISP??
Well, I'm throwing in the towel on this one. Sorry I couldn't be of help.
Hopefully your ISP can help you solve this.
Hopefully your ISP can help you solve this.
Update: Well as of the past week I have noticed that www.facebook.com was losing pictures, like scolling down and seeing some pictures but some with red X's in them. Fast forward till last week and we have lost www.facebook.com...
Now heres where the rabbit hole gets even deeper, Windows XP machines on my network have no problem accessing those sites. (www.answers.yahoo.com, www.solmetric.com and www.facebook.com) Every Windows 7, Mac, Android phone or iPhone cannot access any of these sites, but yet they can ping and trace route them and they all come back responsive.
ISP says its not there fault.......
So can somebody not throw in the towel, I know I have wanted to for sometime... :-)
Now heres where the rabbit hole gets even deeper, Windows XP machines on my network have no problem accessing those sites. (www.answers.yahoo.com, www.solmetric.com and www.facebook.com) Every Windows 7, Mac, Android phone or iPhone cannot access any of these sites, but yet they can ping and trace route them and they all come back responsive.
ISP says its not there fault.......
So can somebody not throw in the towel, I know I have wanted to for sometime... :-)
The Final answer to this and even Cisco support had no idea but the final thing I did was upgrade the iOS to the latest and greatest for the PIX and copied back the original config and everyone could now access those sites.
The next thing I did was, Replace that outdated Pix for a ASA 5510 and that also solves the issue. :)
The next thing I did was, Replace that outdated Pix for a ASA 5510 and that also solves the issue. :)
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
The next thing to check is their HOSTS file on their machine which is located at C:\Windows\System32\driver
Open the HOSTS file with Notepad and see if there are any unusual entries.
Also, are there any proxies involved? Can you check one of the problem computers and look at Internet Options > Connections > LAN settings and see if a proxy is set, maybe like to 127.0.0.1.
Also, have you tried an alternate web browser to see if the problem occurs there too?
Lastly, does everyone use the exact same antivirus? maybe the problem users' policy became misconfigured versus the ones that are working.