XR500 Blocking updates access to apple & Microsoft ...why ?

[xlr8r]

why is this router blocking updates from Apple.... ? most frustrating that any apple device connected cannot update via this router....?

taken from logs.....

[site blocked: updates-http.cdn-apple.com] from source 192.168.2.22, Monday, October 21, 2019 10:13:22

 

 

 

[Netduma Alex]

Are you actually experiencing issues when attempting to update an Apple device, or did you just see this in the logs randomly?

[xlr8r]

1 hour ago, Netduma Alex said:

Are you actually experiencing issues when attempting to update an Apple device, or did you just see this in the logs randomly?

yes tried on the device first and then i went looking in the logs to see if anything was there, and sure enough it was....

[site blocked: updates-http.cdn-apple.com] from source 192.168.2.22, Monday, October 21, 2019 10:13:22

i had attempted to update an iphone OTA but iphone kept refusing to show the update??, i then had to download the IPSW file manually from https://ipsw.me,  to update the phone in iTunes....

why would the router be blocking updates-http.cdn-apple.com ?

 

[Netduma Alex]

I don't know, it's nothing we've blocked on our end.

Have you accidentally added your phone to the Geo-Filter? Have you set anything up under Settings > Content Filtering that could be affecting it?

[xlr8r]

18 hours ago, Netduma Alex said:

I don't know, it's nothing we've blocked on our end.

Have you accidentally added your phone to the Geo-Filter? Have you set anything up under Settings > Content Filtering that could be affecting it?

no nothing i can see should be blocking it in settings.

I do not have anything in the Geoflter  

I do have some explicit keywords setup in content Filtering but i severely doubt they are contained on the apple site lol

on checking the logs again today, i can also see that the router is also blocking Microsoft updates as well..... this is most odd.....

its on  tlu.dl.delivery.mp.microsoft.com which is being requested from a laptop on 192.168.2.80

i.e. 

[site blocked: 3.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:49:14

[site blocked: 3.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:48:53

[site blocked: 7.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:48:39

[site blocked: 7.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:48:33

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:48:19

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:48:15

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:47:54

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 11:47:53

[Guest Killhippie]

On 10/22/2019 at 12:21 PM, xlr8r said:

yes tried on the device first and then i went looking in the logs to see if anything was there, and sure enough it was....

[site blocked: updates-http.cdn-apple.com] from source 192.168.2.22, Monday, October 21, 2019 10:13:22

i had attempted to update an iphone OTA but iphone kept refusing to show the update??, i then had to download the IPSW file manually from https://ipsw.me,  to update the phone in iTunes....

why would the router be blocking updates-http.cdn-apple.com ?

 

If you were updating an iPhone to the latest version iTunes (or Finder in Catalina) would have grabbed that, I've never seen "site blocked" in XR500 logs as the router does not do site blocking unless the sites are added by you. Even then the downloads are over secure https not http.

[xlr8r]

3 minutes ago, Killhippie said:

If you were updating an iPhone to the latest version iTunes (or Finder in Catalina) would have grabbed that, ive never seen "site blocked" in XR500 logs it would show a IP address and a DDoS attack or some such issue probably not "site blocked" as the router does not do site blocking. What version of firmware are you running?

back on .40 hotfix version. I had upgraded to latest .56 but noticed internet disconnections roughly every 24 hours (oddly between 6pm and 7pm) so reverted to .40 hotfix.

[Guest Killhippie]

30 minutes ago, xlr8r said:

back on .40 hotfix version. I had upgraded to latest .56 but noticed internet disconnections roughly every 24 hours (oddly between 6pm and 7pm) so reverted to .40 hotfix.

I would update and factory reset, .56 patched some security issues, its possible your router may have been compromised. I would download the installer from Netgear and update using that, then factory reset after and enter your details manually. Those internet connections sound  to regular to be the router but its possible I know some people had issues, what did the logs say when the disconnections happened? .40 is not a 'safe' firmware version to use now really, Netgear did issue a list of security patches for the XR500 in .56. Factory resetting your router (via pinhole) would wipe anything bad 'if' that is what has happened. Also are there any sites that have been added to the block list?
 

 

[xlr8r]

18 minutes ago, Killhippie said:

I would update and factory reset, .56 patched some security issues, its possible your router may have been compromised. I would download the installer from Netgear and update using that, then factory reset after and enter your details manually. Those internet connections sound  to regular to be the router but its possible I know some people had issues, what did the logs say when the disconnections happened? .40 is not a 'safe' firmware version to use now really, Netgear did issue a list of security patches for the XR500 in .56. Factory resetting your router (via pinhole) would wipe anything bad 'if' that is what has happened.
 

 

"what did the logs say when the disconnections happened?" 

Well nothing really, the logs appeared to display standard info, then one line would just say Internet Disconnected with the time etc, but no indication at all as to what caused or initiated it....

difficult to trace something when the router provides no real clues....lol!

[Guest Killhippie]

6 minutes ago, xlr8r said:

"what did the logs say when the disconnections happened?" 

Well nothing really, the logs appeared to display standard info, then one line would just say Internet Disconnected with the time etc, but no indication at all as to what caused or initiated it....

difficult to trace something when the router provides no real clues....lol!

I would check the modem lights, at the time that happens, if the router was dropping the internet I would have thought the logs would not show a clean disconnect, it may possibly be a line issue or something to do with your ISP. 6pm and 7PM is considered to be peak traffic time too. It just seems a bit to regular, but who knows. My ISP has a nice little app you can even do a line test with and it shows disconnections and they tell you if it was your end or their end which helps loads.

 I would try .56 and factory reset and see if OTA works for you iPhone, also before hand make sure nobody has added those sites to your site block list (not sure how or why they would) but if they are there and you didn't put them there that would be a bit more concerning. Router logs are always either to verbose or just not that helpful, maybe contact your ISP with the times of the loss of connection and see if they can see anything their end. I know a factory reset is a real pain in the a*se but its worth it for peace of mind as is running firmware without a vulnerable kernel. Kinda damned if you do, damned if you dont.

[xlr8r]

2 hours ago, Killhippie said:

I would check the modem lights, at the time that happens, if the router was dropping the internet I would have thought the logs would not show a clean disconnect, it may possibly be a line issue or something to do with your ISP. 6pm and 7PM is considered to be peak traffic time too. It just seems a bit to regular, but who knows. My ISP has a nice little app you can even do a line test with and it shows disconnections and they tell you if it was your end or their end which helps loads.

 I would try .56 and factory reset and see if OTA works for you iPhone, also before hand make sure nobody has added those sites to your site block list (not sure how or why they would) but if they are there and you didn't put them there that would be a bit more concerning. Router logs are always either to verbose or just not that helpful, maybe contact your ISP with the times of the loss of connection and see if they can see anything their end. I know a factory reset is a real pain in the a*se but its worth it for peace of mind as is running firmware without a vulnerable kernel. Kinda damned if you do, damned if you dont.

ok, so no luck

upgraded to .56 and still getting devices appearing as blocked in the logs .... ? ..on Microsoft updates that is, haven't tried apple yet as there isn't another IOS update released since i manually upgraded the other day.

[site blocked: 11.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:22:12

[site blocked: 11.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:21:57

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:21:46

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:21:26

[Guest Killhippie]

7 minutes ago, xlr8r said:

ok, so no luck

upgraded to .56 and still getting devices appearing as blocked in the logs .... ? ..on Microsoft updates that is, haven't tried apple yet as there isn't another IOS update released since i manually upgraded the other day.

[site blocked: 11.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:22:12

[site blocked: 11.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:21:57

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:21:46

[site blocked: 9.tlu.dl.delivery.mp.microsoft.com] from source 192.168.2.80, Wednesday, October 23, 2019 14:21:26

Did you factory reset after updating? I would suggest setting up manually not from a backup too.

[xlr8r]

31 minutes ago, Killhippie said:

Did you factory reset after updating? I would suggest setting up manually not from a backup too.

so are you saying the important kernel updates haven't been implemented (or properly installed) after the firmware update ? and that only a factory reset with make them function them under the new firmware ?

i fail to see how a factory reset has anything to do with certain updates sites being blocked.

these update sites ... there is nothing related too, or were never added to the Content Filtering , on this router...ever

and isnt it a bit strange that its just "updates" sites being affected....?

... I am now seeing amazon being blocked also....? 

[site blocked: v21.muscdn.com] from source 192.168.2.90, Wednesday, October 23, 2019 15:31:23

 

   Domain Name: MUSCDN.COM
   Registry Domain ID: 2019621804_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.registrar.amazon.com
   Registrar URL: http://registrar.amazon.com
   Updated Date: 2019-03-04T00:24:05Z
   Creation Date: 2016-04-07T04:51:53Z
   Registry Expiry Date: 2020-04-07T04:51:53Z
   Registrar: Amazon Registrar, Inc.
   Registrar IANA ID: 468
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1204.AWSDNS-22.ORG
   Name Server: NS-1769.AWSDNS-29.CO.UK
   Name Server: NS-223.AWSDNS-27.COM
   Name Server: NS-929.AWSDNS-52.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-10-23T14:46:02Z <<<

 

 

Going to try disabling Block Sites, keyword blocking, just to see if it makes any difference. (i have never had any domain names blocked)

 

 

[Guest Killhippie]

35 minutes ago, xlr8r said:

so are you saying the important kernel updates haven't been implemented (or properly installed) after the firmware update ? and that only a factory reset with make them function them under the new firmware ?

i fail to see how a factory reset has anything to do with certain updates sites being blocked.

these update sites ... there is nothing related too, or were never added to the Content Filtering , on this router...ever

and isnt it a bit strange that its just "updates" sites being affected....?

... I am now seeing amazon being blocked also....? 

[site blocked: v21.muscdn.com] from source 192.168.2.90, Wednesday, October 23, 2019 15:31:23

 

   Domain Name: MUSCDN.COM
   Registry Domain ID: 2019621804_DOMAIN_COM-VRSN
   Registrar WHOIS Server: whois.registrar.amazon.com
   Registrar URL: http://registrar.amazon.com
   Updated Date: 2019-03-04T00:24:05Z
   Creation Date: 2016-04-07T04:51:53Z
   Registry Expiry Date: 2020-04-07T04:51:53Z
   Registrar: Amazon Registrar, Inc.
   Registrar IANA ID: 468
   Registrar Abuse Contact Email:
   Registrar Abuse Contact Phone:
   Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
   Name Server: NS-1204.AWSDNS-22.ORG
   Name Server: NS-1769.AWSDNS-29.CO.UK
   Name Server: NS-223.AWSDNS-27.COM
   Name Server: NS-929.AWSDNS-52.NET
   DNSSEC: unsigned
   URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-10-23T14:46:02Z <<<

 

 

Going to try disabling Block Sites, keyword blocking, just to see if it makes any difference. (i have never had any domain names blocked)

 

 

It’s just after a update where are you’ve had a security patch like this sometimes a factory reset puts the router back to the way it came so you know you haven’t got any glitches or bugs from the update procedure and if you set up keyword blocking then that could explain a lot, factory reset would’ve removed that as it’s not enabled normally. Keyword blocking would probably cause an issue, and maybe if that had been mentioned earlier we might of been able to hopefully sort the issue out. Netgears site blocking has always been a bit dodgy hence I mentioned was there any sites or anything enabled. Hopefully that should kill that issue, hopefully  

 

[Netduma Fraser]

I would definitely suggest you remove your keywords to double check if that is causing the blocks or not, if it works then depending on how many keywords you have you could add one by one to see what causes the issue to happen.

[xlr8r]

LOL.... i buckled laughing at this considering exactly what words i put into the Banned Word list, could actually block an apple or microsoft update from taking place...LOL!!!

i was going to list a few here but they're just too rough to display lol!!!  i mean... they are the worst words you could think of ....

im just baffled as to which dirty word used could actually block access...? 

The ONLY thing i can think of, is some of the words  have a star ( * ) prefix and suffix i.e. *word*, maybe that could be the cause... but then why are the updates only being blocked on one iphone and one laptop , when the house has 3 iphones , 1 ipad and 3 laptops.... thats a bit weird.... whis is the router not blocking them all...?

[Guest Killhippie]

32 minutes ago, xlr8r said:

LOL.... i buckled laughing at this considering exactly what words i put into the Banned Word list, could actually block an apple or microsoft update from taking place...LOL!!!

i was going to list a few here but they're just too rough to display lol!!!  i mean... they are the worst words you could think of ....

im just baffled as to which dirty word used could actually block access...? 

The ONLY thing i can think of, is some of the words  have a star ( * ) prefix and suffix i.e. *word*, maybe that could be the cause... but then why are the updates only being blocked on one iphone and one laptop , when the house has 3 iphones , 1 ipad and 3 laptops.... thats a bit weird.... whis is the router not blocking them all...?

On some systems like spam blocking * is a wild card. *word* may block word updates if you have word on that computer, or anything with a W in it like Windows. As to why some not all, with iOS are they all the same model of phone? If not updates will have different information in the update OTA maybe and some get caught some don't, or the router can only block so many devices if you have to many keywords. You may be better off using OpenDNS for blocking with an account you log into, than relying on the router. https://www.opendns.com/home-internet-security/

[xlr8r]

5 minutes ago, Killhippie said:

On some systems like spam blocking * is a wild card. *word* may block word updates if you have word on that computer, or anything with a W in it like Windows. As to why some not all, with iOS are they all the same model of phone? If not updates will have different information in the update OTA maybe and some get caught some don't, or the router can only block so many devices if you have to many keywords. You may be better off using OpenDNS for blocking with an account you log into, than relying on the router. https://www.opendns.com/home-internet-security/

thanks, already using OpenDNS but was adding the extra security on the router ... you know what kids are like !! LOL...

sure enough i dont see any blocks taking place after disabling banned words .... crazy stuff lol

[Netduma Fraser]

Sounds like they have some explaining to do 😂 glad to hear it's working now though. Maybe try each rule one by one and see what works/doesn't, perhaps miss out the wildcards as it might be that causing the red flag.