cannot connect with firefox anymore, certificate issue

[LMHmedchem]

Hello,

I have a laptop running windows 7 64-bit. It was off the internet over the weekend when I replaced my modem (the router is the same). Now I can't get firefox to connect. My desktop on the same network connects correctly and the router reports that the laptop is connected to the router. I took the laptop to a different wifi location and had the same connection problems. It also has the same problem with a hardwired connected to the my router.

When I open firefox to google, I get a message,

Code: Select all

Your connection is not secure

The owner of http://www.google.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox may only connect to it securely. As a result, it is not possible to add an exception for this certificate

Under Advanced,

Code: Select all

http://www.google.com uses an invalid security certificate

This certificate is only valid for the following names,
register.be.xfinity.com, register.xfinity.com

the error code is SSL_ERROR_BAD_CERT_DOMAIN

I get the same message trying to connect to support.mozilla.org.

I think the issue is that the domain name and certificate name don't match. It's almost like it's looking for the google certificate and finding an xfinity certificate. I can post the certificate if that would help.

I have also had a strange situation where there is a popup over the network icon in the toolbar that says something like, "additional steps may be required to connect, click to open your browser". If I click, I am taken to what looks like an xfinity login page and says something like that I have to login to xfinity to connect to the internet. I have never seen anything like this before. This computer has operated on this local network for many years.

I have seen certificate issues when there was a problem with the clock, or something like that, but I checked the date, time, and timezone and they are correct.

Has anyone seen this? A google search didn't reveal anything similar. I have cleared the cache, restarted, and run some malware scans.

Any suggestions as to what to try next? Please let m know if any additional information is required.

LMHmedchem

[Grumpus]

Google site should be using https and not http.
Secondly, if using wifi and you are forced to go to an admin page instead of connecting directly it may be an attempt to gather your access password if you are set to autofill at an http site.
The xfinity site should also be an https site and not an http site.
There is a current security issue with wifi and certificates so you should be cautious.
See this Domain break

[therube]

Create a new, clean, Profile & test in there.

Google would not be using an "xfinity.com" certificate.

Does IE work?
(I can't believe I said that.)

I replaced my modem

Thinking it is going to have to do with that.
Like somehow your wired connection got activated, but not the wireless?
(Don't ask me, doesn't make any sense to me. Call Comast ("xfinity").)

[Brummelchen]

Could be adware/malware. Check out with adwcleaner and mbam from malwarebytes.

[LMHmedchem]

I ran a complete set of malware scans (the Major Geeks set). It found a few things, but nothing major and nothing that helped.

Manually setting the DNS server to openDNS fixed the connection issue. It was previously set to the automatic DNS setting.

I had to make this change in the LAN adapter, the adapter for the wireless network I was connecting to, and also for the hardware network adapter (a wireless USB key). I am not completely sure that everything is fixed but it seems to be working for now. I have no idea why this was necessary after having used the equipment for a long time.

I did try IE, but it opened and looked like it never fully loaded. Nothing ever appeared in the browser window. It seems like I was being directed to the Comcast DNS server and it wanted me to log in to an Xfinity account before letting me go to google.

Before fixing the issue my router firewall log registered blocked connection attempts from this laptop to,

Code: Select all

68.87.34.82:1270 TCP
162.150.57.240:1270 TCP
96.114.156.242:1270 TCP
96.114.156.242:3554 UDP

These are all Comcast IP addresses. Port 1270 is for the Microsoft MOM agent, so I don't know why that would be making a connection to a Comcast IP and not a Microsoft IP. UDP port 3554 is listed as the Quest Notification Server, so I have no idea what that would be. These connection attempts has stopped since switching the DNS server.

I have used this computer on this network for many years with the rules I have in place, so I have no idea why I would need to add new rules to be able to connect.

I did find some other posts on this issue,
https://www.dailykos.com/stories/2015/1 ... ur-browser
https://discussions.apple.com/thread/7079847

It was acting like I needed to sign on to a public wifi even though I was physically connected with a hardwired connection to my LAN router. It is even more odd that this happened on only one computer on the LAN.

LMHmedchem

[Grumpus]

A tech at Sprint explained a similar problem; sometimes the connection takes too long and the network switches to the connection IP for the login page.
Which comes up improperly. It appears to depend on signal strength.
If you just updated Firefox you might want to look at Captive portals in about:config.
Also it could be something is blocking the legitimate IP and is forcing the login page, as stated in my first response, could be recently updated software or firmware.
I have an errant IP which tries to force connection to the admin page occasionally, I blcok the IP in the firewall and it usually holds fairly well.
You might also have someone operating a Stingray device in the area and it will sometimes try to redirect your connection to a false tower (IP).

[therube]

New box (modem) likely requires "activation" with Comcast.
You would expect that once it's done, it's done.
As in like your desktop hardwired connection works.
So you would expect your wireless to also be working, without having to do anything further.

What you describe sounds like wireless is trying to connect to Comcast - for activation.

And I suppose changing to a different (non-Comcast) DNS bypasses that, so your wireless now works.

Bypassing is fine, if you want to do that, but sounds like something is not set as it should be.

Could be malware.
Modems, routers, are having a field day of late. (Mikrotik is the latest I've heard of.) Plenty of exploits out there. Plenty of poorly configured devices. Plenty of devices that are not up to date firmware-wise. Some may have updates to help protect against exploits. Others may have no "fixes" available at all.

Or could be something weird on Comcast end.
1-800-comcast .

[LMHmedchem]

A tech at Sprint explained a similar problem; sometimes the connection takes too long and the network switches to the connection IP for the login page.
Which comes up improperly. It appears to depend on signal strength.

All of this makes sense, except that I had the same issue when I disabled the wireless adapter on the laptop and connected it to my LAN with a hardwired connection. This laptop does not have a great connection as far as signal strength goes, but again that is why I moved to the Ethernet cable.

You might also have someone operating a Stingray device in the area and it will sometimes try to redirect your connection to a false tower (IP).

Again, I don't think this would affect a hardwired connection.

New box (modem) likely requires "activation" with Comcast.
You would expect that once it's done, it's done.
As in like your desktop hardwired connection works.

Yes, I had to call Comcast and deactivate the old modem and add the new one. After that, my router connected to the modem and my desktop on the LAN had no connection issues.

So you would expect your wireless to also be working, without having to do anything further. What you describe sounds like wireless is trying to connect to Comcast - for activation.

I have done this before (changing the modem) and all I had to do was to activate the modem. I never had to do anything with the router. That doesn't meant the Comcast couldn't have changed things, but neither the tech or the phone agent said anything about that and they knew I was connecting a router to the modem. Anyway, if Comcast was trying to activate the router, I think I would have had the same connection issues with everything on the LAN, not just one computer.

And I suppose changing to a different (non-Comcast) DNS bypasses that, so your wireless now works.

This laptop was set to obtain the the DNS server automatically. I guess when you are on a Comcast network, you get the Comcast DNS server unless you specify otherwise. From what I read in some other posts, in some cases the Comcast DNS server does not recognize the MAC address of the adapter making the request and so requires the user to create an account and login. This is just like if you were trying to connect to a public wireless hotspot. For some reason, Comcast is not seeing the MAC of the modem, which is registered, but rather the MAC of the laptop adapter. Much of this is speculation because Comcast seems to deny that this is actually an issue and they aren't very helpful in trying to resolve it.

Bypassing is fine, if you want to do that, but sounds like something is not set as it should be.

I normally would use a safe DNS server like Comodo, so I guess I would have not seen this issue if the laptop had been set up like my other computers. I have used this setup for many years. My modem went down, so I replaced it with the same make and model. Nothing else on the network has changed so it seems like the issue has to be on the Comcast end, or some infection the I haven't found yet. Something is different.

Could be malware.
Modems, routers, are having a field day of late. (Mikrotik is the latest I've heard of.) Plenty of exploits out there. Plenty of poorly configured devices. Plenty of devices that are not up to date firmware-wise. Some may have updates to help protect against exploits. Others may have no "fixes" available at all.

My router is a checkpoint, but it is not new. I reset it to factory every few months and then re-import my profile, my admin login password is long and random and I change it every few months. I wish I could rename or remove the default "admin" login account. I have never understood why you would want to give a potential intruder the first half or the login credentials.

I'm not sure what else I can do other than that as far as checking for malware. I have run extensive malware checks on the laptop and this desktop. Are there malware scanning tools for routers and modems?

LMHmedchem

[Brummelchen]

Post the results of adwcleaner and mbam. Or set up windows from scratch.