"504 Gateway Time-out" after removing BGPKiller (Avira anti-nag screen)
Just discovered a computer on our network with Avira and a program called "BGPKiller", which seems to kill the nag popups of Avira.
I've uninstalled this BGPKiller, removed Avira, and wand to test a legit Avira EndPoint installation, but we can't access Avira anymore from this computer.
Anyone got an idea how to solve this?
When we try to access avira.com from any browser installed on this specific computer, we get "504 Gateway Time-out" error.
Thanks
I've uninstalled this BGPKiller, removed Avira, and wand to test a legit Avira EndPoint installation, but we can't access Avira anymore from this computer.
Anyone got an idea how to solve this?
- The computer seems to ping the right IP address when we ping avira.com and it reply.
- The computer doesn't seems to have weird entries in it's HOSTS file
When we try to access avira.com from any browser installed on this specific computer, we get "504 Gateway Time-out" error.
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
What you can do...
boot the system from Read Only media (DVD, CDROM, USB stick only if it can be make physical readonly ) with a toolkit you trust. (Other virus scanners (multiple...) ) and check the drive from there..., a LiveDVD should also be able to verify if (not using the installed OS) if there are problems with reaching avira in a regular way then.
If there are still problems ==> there is something between this system & avira to prevent updates.
If access works, then there is something ON the installed system that block access.
boot the system from Read Only media (DVD, CDROM, USB stick only if it can be make physical readonly ) with a toolkit you trust. (Other virus scanners (multiple...) ) and check the drive from there..., a LiveDVD should also be able to verify if (not using the installed OS) if there are problems with reaching avira in a regular way then.
If there are still problems ==> there is something between this system & avira to prevent updates.
If access works, then there is something ON the installed system that block access.
I was wrong about the cause of this problem. I've investigated a little more. It has nothing to do with this BGPKiller.
All my devices (even thoses who never had an antivirus on it like my cell phone) were not able to access avira web site at all.
I've tested with my LTE cell phone connection, it worked perfectly. I've also bypassed my router to connect directly into my modem to see if it's a web site blocked by my ISP, and it was also working.
So the problem come from the router itself
All my devices (even thoses who never had an antivirus on it like my cell phone) were not able to access avira web site at all.
I've tested with my LTE cell phone connection, it worked perfectly. I've also bypassed my router to connect directly into my modem to see if it's a web site blocked by my ISP, and it was also working.
So the problem come from the router itself
It's a Nighthawk X6 R8000 model. I've installed the latest firmware few minutes ago (v1.0.4.12_10.1_46
The problem is still present.
I check in the router logs, i see that all web sites i'm trying to reach appear there as "site allowed: c.speedtest.net" for example. But nothing for avira... not blocked or allowed.
My router doesn't block outgoing connections. No rules has been set for outgoing. My UPNP is on to allow incoming to my WDCloud and i've set some port forward manually for http/https/ftp to reach my website at home for tests, but it shouldn't be the cause of this problem.
The problem is still present.
I check in the router logs, i see that all web sites i'm trying to reach appear there as "site allowed: c.speedtest.net" for example. But nothing for avira... not blocked or allowed.
My router doesn't block outgoing connections. No rules has been set for outgoing. My UPNP is on to allow incoming to my WDCloud and i've set some port forward manually for http/https/ftp to reach my website at home for tests, but it shouldn't be the cause of this problem.
On a linux system use dig (on windows you probably still need nslookup) to check if the DNS does resolve.
On you phone try to find out what the IP address of the site is. and check if you can ping there. (then if you can get access by IP).
If needed you could (for testing ONLY) add the avira site to the host file.. dont forget to remove it again.
This way you can validate if the problem is with name resolving or network access.
nslookup may give false positives, due to not only use DNS for resolving names.
On you phone try to find out what the IP address of the site is. and check if you can ping there. (then if you can get access by IP).
If needed you could (for testing ONLY) add the avira site to the host file.. dont forget to remove it again.
This way you can validate if the problem is with name resolving or network access.
nslookup may give false positives, due to not only use DNS for resolving names.
@noci:
nslookup www.avira.com give me some IPv6 addresses
ping www.avira.com give me 62.146.210.33 and it reply.
Adding www.avira.com (to 62.146.210.33) doesn't change anything. Just tested it. Still have gateway time-out.
name seems to resolve properly. It can reach thru http than the web site push us to the https, where it screw up.
nslookup www.avira.com give me some IPv6 addresses
- 2a01:138:a001:101:1::1
- 2a01:138:a001:101:1::2
ping www.avira.com give me 62.146.210.33 and it reply.
Adding www.avira.com (to 62.146.210.33) doesn't change anything. Just tested it. Still have gateway time-out.
name seems to resolve properly. It can reach thru http than the web site push us to the https, where it screw up.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as far as i know, there's no proxy on my network. Maybe one within the router and i'm not aware of that?
i've ran the command and redirected the output to "avira.html", and i confirm it can reach the web site thru http as i've specified. Of course all the links are dead but i can load the core of the html file.
Here's what i've got at the beginning:
i've ran the command and redirected the output to "avira.html", and i confirm it can reach the web site thru http as i've specified. Of course all the links are dead but i can load the core of the html file.
Here's what i've got at the beginning:
* Rebuilt URL to: http://www.avira.com/
* Trying 62.146.210.31...
* TCP_NODELAY set
* Connected to www.avira.com (62.146.210.31) port 80 (#0)
> GET / HTTP/1.1
> Host: www.avira.com
> User-Agent: curl/7.53.1
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx
< Date: Mon, 05 Feb 2018 21:15:00 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://www.avira.com/
<
* Ignoring the response-body
* Connection #0 to host www.avira.com left intact
* Issue another request to this URL: 'https://www.avira.com/'
* Trying 62.146.210.31...
* TCP_NODELAY set
* Connected to www.avira.com (62.146.210.31) port 443 (#1)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: C:\Program Files\cURL\bin\curl-ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* NPN, negotiated HTTP1.1
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Unknown (67):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: serialNumber=HRA 722586; jurisdictionC=DE; businessCategory=Private Organization; C=DE; postalCode=88069; ST=Baden-Wuerttemberg; L=Tettnang; street=Kaplaneiweg 1; O=Avira Operations GmbH & Co. KG; OU=Cloud, Services & Infrastructure; CN=www.avira.com
* start date: Nov 14 00:00:00 2016 GMT
* expire date: Feb 12 23:59:59 2019 GMT
* subjectAltName: host "www.avira.com" matched cert's "www.avira.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Extended Validation Secure Server CA
* SSL certificate verify ok.
> GET / HTTP/1.1
> Host: www.avira.com
> User-Agent: curl/7.53.1
> Accept: */*
note: if i run it this way, i'm getting a valid .html file too
curl -v --tlsv1.0 https://www.avira.com
my browser doesn't have any proxy setting, no .PAC file anywhere, no WPAD, etc... and it wouldn't be the only web page having this problem.
Seriously, i'm getting to the point that this is a vendetta between Netgear and Avira because a while ago Avira reported one of the Netgear tool as beeing a virus.
Another strange point: answers.avira.com is not blocked. I can see this
Web page, which show what i'm talking about for Vendetta.
Seriously, i'm getting to the point that this is a vendetta between Netgear and Avira because a while ago Avira reported one of the Netgear tool as beeing a virus.
Another strange point: answers.avira.com is not blocked. I can see this
Web page, which show what i'm talking about for Vendetta.
In that case this is a clear error in Avira. (Or a whole bunch of official websites have virii...) i tend to believe avira is the problem.
I wouldn't claim there is a vendetta..., just some javascript on various site triggers avira to break up the connection.
(or a difference in versions). The hard part in writing anti-virus software is how to avoid false positives.... and avira probably still has to learn a few tricks.
Personaly i have no anti-virus for browsing i use uMatrix and only allow active content from sites i trust. (i have to do this manualy).
uMatrix exists for Chromium & Firefox . (I use the opensource Chromium, not Chrome with google stuff).
uMatrix can also filter Cookies, images, frames as separate classes.
I wouldn't claim there is a vendetta..., just some javascript on various site triggers avira to break up the connection.
(or a difference in versions). The hard part in writing anti-virus software is how to avoid false positives.... and avira probably still has to learn a few tricks.
Personaly i have no anti-virus for browsing i use uMatrix and only allow active content from sites i trust. (i have to do this manualy).
uMatrix exists for Chromium & Firefox . (I use the opensource Chromium, not Chrome with google stuff).
uMatrix can also filter Cookies, images, frames as separate classes.
I personnally don't use Antivirus too. But i have to evaluate what is the best Endpoint solution for a corp.
But i'm affraid its not a false positive since i've removed them all. And my cell phone i've used for the test never had any antivirus installed.
It has to be some bug in the router firmware. As i've said, bypassing the router (connecting my pc into the modem) solve the problem.
We will never know for sure because i've not subscribed to their support contract and my router is more than 3 months old. I've already contacted them and what they told me can't be told here.
But i'm affraid its not a false positive since i've removed them all. And my cell phone i've used for the test never had any antivirus installed.
It has to be some bug in the router firmware. As i've said, bypassing the router (connecting my pc into the modem) solve the problem.
We will never know for sure because i've not subscribed to their support contract and my router is more than 3 months old. I've already contacted them and what they told me can't be told here.
There are other providers of routers etc.
Turris Omnia, Zywall, Microtik (no personal experience) they all provide routers at reasonable prices.
I used a netgear switch in the past, i replaced it because of lack of some funtionality that one would still expect to be done by a switch.
Turris Omnia, Zywall, Microtik (no personal experience) they all provide routers at reasonable prices.
I used a netgear switch in the past, i replaced it because of lack of some funtionality that one would still expect to be done by a switch.
If it was not of the lack of support, i would give Netgear a thumbs up. But at 2 occasions i had to deal with them:
They don't seems to care about solving problem in their firmware. So i guess that nobody will report them this problem and fix will never be done on that matter.
- I asked them if they could provide a release note explaining what each firmware update fix. They asked me how long i had this router and if i've paid for a support contract with netgear. My 300$ router was bought 6 months ago, so... their tech was not opened too much to give any information
- this problem.
They don't seems to care about solving problem in their firmware. So i guess that nobody will report them this problem and fix will never be done on that matter.
ASKER
Years ago, there was an era where some bars and other stuff installed themselves within the LSP. We where not saying "Your computer is screwed, reinstall everything". There was some easy fix out there.