# X is managing this device



## Krak

It all started about a week ago...

I have a Linksys WRT54G (v3 I believe, yeah an older one) running Tomato 1.13. I have a fiber connection that goes from the gateway (side of house) to the router. There are three PCs constantly on the network with one wireless laptop on occasion. All the hardwired PCs are done up with statics IPs from the router via MAC address.

PC 1 = .110 (my pc)
PC 2 = .111
PC 3 = .112
Laptop = whatevers free, which is always .120

The dynamic pool starts/ends at .120 - .140. I have filters running which deny all access EXCEPT the above PCs MACs. Same with wifi, deny all except the laptops MAC.

Starting about a week ago the net started going down. I recently updated Tomato from 1.09 to 1.13 at about that time. A PC would popup the router login box asking for user password when you try to visit ANY site. Even if you enter it correctly it displays file not found error. Hit cancel and it gives you an access denied error. I have to release/renew the PCs IP and/or reboot the router to get it to work again. Most of the time after repeated attempts to load a web page it will display "x.x.x.113 is managing this device" which is not likely as that person does not admin the network (I do) and doesnt even have the user/pwd info. For some reason it always says that PC is managing the router. It takes me about 10 minutes of clearing cookies/cache and releasing IPs before I can get all the computers to work again. Mostly just .110 and .111 are effected, rarely .113 it seems. And as of late I have to quickly login and reboot the router to fix it.

Any ideas on what the hell is going on? Tomato has worked flawlessly until now (if that is the problem). I have also tried flashing back to 1.10 and 1.09, with no changes, the issue is still there.

Owner of .113 says he has not installed or done anything lately to his PC. Would an app cause this sort of issue? I have also restored the routers settings to factory default (still with Tomato) and rebuilt all my settings with no luck. Is my router kicking the can?


----------



## axgrinder73

I am confused. Who has the 113 address? You said that you have 3 PCs (110, 111, 112) and a laptop (120). There is no mention of anybody else on the network untill you mention the "owner" of 113 at the end. 

Can you clear this up?

How are you connecting a fiber connection to that router?


----------



## tlarkin

What encryption are you running?  MAC address filtering is really well, not that great considering stumblers can pick up MAC addresses and they can be spoofed with moderate difficulty.  It is possible someone is hijacking your bandwidth, especially if you have fiber.

I would run sniffer on your network to view the actual traffic


----------



## Krak

Sorry bout the confusion. I have .110, my wife has .111, my father in-law has .112, and the latop is dhcp (not by mac) - which gets the .120. The mention of .113 was a typo on my part, there is no .113.

Encryption for the WL is TKIP/AES WPA Personal. I don't think it is a hijacker issue.

There is a gateway installed on the side of my house by my ISP. The feed from there connects to the router, and then from the routers to all the computers. Internet access is granted on their network by MAC, so they have the MAC of my router to allow access. There is no logging in or anything. The router is set up to handle dhcp, but I get a static IP. I never changed to the static IP as I really didnt see the need to, but I guess I could.

When I got on this morning my computer had the error again. Asked for my user/pwd. If not given I get the access denied message. If I put it in I get the file not found error. After a release/renew I get the .112 is managing this device. I checked the .111 computer and it acts the same as .110 computer. I checked the .112 computer and it works just fine. I release/renewed the 112 computer and no change, it works fine the others do not.

I also noticed that on the .110 and .111, when the web does not work, email (thunderbird on port 995) works just fine. I can send/receive email, but not use Pidgin (IM client, AIM) or http.

I logged into the router and rebooted it. No change. Then I logged into the router and change the remote management port from 80 to 81 and everything cleared right up. I changed it back to 80 to see what would happen and it was still all normal.

The other thing I found odd was (I had IE and FF open to test) after I changed to port 81 on the router I had to restart firefox to get it to work. IE I left open. After I restarted FF it worked. IE which had not been restarted was still producing the same errors until I restarted it, then it ran fine.

I have used Spybot S&D, Adaware, and did a full scan with Trends Housecall.  Checked my HJT logs, and looked at the devices on my network, and it is all clean from any "other" sources. I am pretty sure it is an issue with the router.

Thanks for the help.


----------



## tlarkin

I agree if you are running WPA it is most likely not hijacked at all, unless someone brute forced your password...

Your problem is very strange, and I would tend to think it is with your router.  Have you ran any available firmware updates for your router?


----------



## Krak

Yes. It is a Linksys WRT54G, but I am running 3rd party firmware, called Tomato. Have been for some time. I had been using 1.09, then I noticed a newer version. So I downloaded and flashed to 1.13. I can't remember 100% but I believe the errors started about the same time. I had tried flashing back to 1.09 with no luck. So I put 1.13 back on.


----------



## axgrinder73

Yea, I would have to agree. Sounds like a firmware issue. Can you flash the firmware with something from Linksys? If so, then you might be able to go back to Tomato 1.09.

Just a thought.


----------



## tlarkin

I also have a wrt54g and i use this firmware

www.dd-wrt.com

No issues here


----------



## Krak

Figured it out. I had another router on the network I was using as a switch, that I had totally forgotten about. Was a p.o.s. Netgear WGR614, needless to say it was causing the issues. It completely died a day after I discovered it being the problem. Bought a Linksys switch and my network is all good.


----------



## tlarkin

Krak said:


> Figured it out. I had another router on the network I was using as a switch, that I had totally forgotten about. Was a p.o.s. Netgear WGR614, needless to say it was causing the issues. It completely died a day after I discovered it being the problem. Bought a Linksys switch and my network is all good.



Ah you were most likely running two routers with two DHCP servers running at once, either giving out different or conflicting subnet information.

Glad it worked out.  On a side note, if you ever do use the DDWRT firmware that I have on my Linksys, you can totally disable all DHCP services from the router and turn it into a managed switch.  Pretty sweet for FOSS firmware.


----------

