On Fri, May 11, 2012 at 09:50:58AM -0700, Mark Theis wrote:
> I apologize for the duplicate post and my slow response. I have been
> out of commission the last 2 days and Carlo's inability to start
> the thread originally (he received a failure message and assumed it
> did not send, but I guess it was waiting on a moderator's approval)
> prompted me to write my original post.
>
> We are still experiencing the problem. Let me try to answer all of
> the questions in this email.
>
> We are only seeing the problem on about 1% of our customers. The
> problem is not isolated to a single tower, router, radio model,
> browser, OS, etc. We are not using caching. We are good on packet
> loss. We do use Trango licensed links on some of the towers. We are
> not "masquerading ALL of my clients to one IP address." Websites that
> see it is not only happening on SSL pages. MTU looks good.
>
> I am now hearing that the customers can't even do software
> updates. The strange thing is that it is only happening to less than
> 1% of our customers. I would think that if it were a radio issue, it
> would affect all of the customers... Am I thinking about this the
> wrong way?
>
> This happened to us about 6 months ago, and it fixed itself in about 3
> days... And we never figured out what it was.
>
> I appreciate all the input that you all have contributed, even though
> it did look like I was ignoring you all... Migraines will take me out
> on occasion.
>
> Thanks all!
Have you viewed the page source to identify the hostname on which
the non-loading portions of the pages reside?
Have you done traceroutes from non-working customers PCs to those
servers?
Are your employees' laptops affected when on-site at the customer
location?
Do you use ubiquity gear? If so, are they running the latest version
of the firmware? If not, the CPE could be infected by the SkyNet
worm or something similar.
Do all of the affected customers have problems with the same
websites/resources?
Do you assign public IPs to the customer's equipment, or the CPE?
Are the problem customers all in the same /24 or shorter prefix?
Is the CPE in router mode or bridge mode?
>From what has been reported so far, it sounds like :
A) Some content distribution network has decided that it doesn't
want to talk to some of your IP addresses. Perhaps because it
has seen attack traffic from an infection of several of your
customers' machines.
or
B) There is a virus/worm involved which is blocking access to or
attempting to redirect access away from these sites. The
infection could be on the Windows workstations or the CPEs.
or
C) Your BGP announcement(s) for one or more of your netblocks is
not being advertised to one of your peers, or one of your peers
is not announcing them to their peers.
--
Scott Lambert KC5MLE Unix SysAdmin
[email protected]
_______________________________________________
Wireless mailing list
[email protected]
http://lists.wispa.org/mailman/listinfo/wireless
