We added a wireless router to our apartment's existing Internet connection and the existing PC and our two Apple laptops are all working fine on the local network.

We are finding that our apple laptops are sometimes running into network problems where no websites are reachable, but the PC is working fine.

We call the local ISP and they tell us that the brand of wireless router we bought may have problems and we should use another brand (they recommended D-Link). We replaced the router with a different brand (D-Link) and found the same symptoms.

I try to update the firmware on the router, thinking that it may be a compatibility problem between the MAC and D-Link router. Doesn't help. We spend a couple days trying to understand the behavior of the problem...

• We see the same problems when removing the router from the picture... and directly connecting to the ISP uplink from the Mac.
• Ping sometimes shows significant packet losses.
• After more than an hours of use, either of the Macs will stop retrieving pages from websites. The outage can last hours or minutes.
• During an outage, the web browser will show that it is connecting the website and is waiting on the remote server. DNS resolves correctly and I can see a connection is established when running netstat. The connection will continue to hang indefinitely.
• Both Mozilla and Safari show this behavior on any website we try.
• Also during this outage, I am able to telnet (port 80) to any of the same problematic websites and retrieve a page without problems.
• During an outage, I find that the mac will display pages from a few websites (www.ibm.com), most other websites will only show a connection being made and "waiting..." on the remote site. Why some websites are okay and other's not, is unknown.

Still not sure why the PC appears unaffected (though it clearly has it's own issues that appear to be operating system issues), we call back the ISP and hope they are willing to investigate further. The spend a couple hours seeing the behavior but find that our PC and the PC laptop they brought with them are working fine...

Hours of debugging later, I discover that the following link of code is being inserted at the beginning of web pages:

    <script language="javascript" SRC="http://ok.webfreeads.info/css.js">  </script>                                                                                   

This document is attempting to open a popup window pointing to this URL "http://f.freefl.info/ads.htm".

This is happening on the PC and the Macs.

Major and minor websites all show this behavior (amazon.com, hp.com, apple.com, baidu.com (chinese), ibm.com) BUT, strangely not all websites (cuil.com).

We erase and re-install the operating system on the Mac and PC... but still see the code being inserted at the beginning of each website we visit.

Is it the router that is adding it? I remove the router and connect to our uplink ethernet directly, we still see the code. The code is not there when using telnet (port 80) to retrieve web pages.

I find that when hitting the router IP (192.168.0.1), I see this code inserted in the beginning of the router admin web page... but notably not at the very beginning like the other websites... it is embedded a bit further down into the heading of the page:

	<HTML>
	<HEAD>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=GB2312">
	<SCRIPT LANGUAGE=JAVASCRIPT>
	<script language="javascript" SRC="http://ok.webfreeads.info/css.js"></script>                                                                            	</SCRIPT>
	...

From the PC, I can view the router's website just fine, but from the MAC it shows as a broken/poorly formatted web page.

Then, when the connecting hanging problem goes away (temporarily), we find that the code is no longer being inserted in any of the websites. We now have strong evidence that there is a relationship between the code and the intermittent hanging connections.

The router's web page is also displaying correctly from the MAC when not in an outage period.

We called the biggest Internet provider in China (CHINANET) and attempted to switch providers in case that helps. (Hopefully this is in fact caused by corrupted network equipment at the small ISP we are using). Unfortunately, we'll have to wait until Lily's father returns home a week from now because apparently we cannot purchase an Internet contract without his Chinese registration card.

I reset the router, changed passwords and added WAP2 security. Unplugged the PC. Still, the mac sees the same symptoms -- and as before, symptoms disappear for brief sessions.

I am now studying verbose tcpdump info to track what is actually happening before/after outages. Need to study up a bit!