Managed IT Services


Synopsis


Extensive testing was conducted to determine the cause of intermittent disconnections experienced by REDACTED immigration law firm employees when accessing the DHS Immigration website. After thorough analysis, the evidence indicates that the issue originates from the DHS website itself, rather than the firm’s local network, firewall, or ISP.

Objective

To substantiate staff reports that the issue does not occur when using personal devices from their home networks, suggesting the firm’s SonicWall universal threat management firewall might be interfering with website sessions due to resource limitations or packet filtering and also to determine cause of issue.

Because direct administrative access to the SonicWall was unavailable, testing was conducted using devices positioned in front of the SonicWall to eliminate it as a potential cause. A clean laptop (with no security software installed) was provisioned for controlled testing across multiple network environments.

Experiments

AT&T Fiber Circuit (direct to AT&T; router)

      • Connected laptop directly to AT&T; router.
      • Result: Issue persisted; DHS Immigration website sessions disconnected.
      • Conclusion: Eliminated the SonicWall firewall as the root cause.

      KCL Communications Circuit (Cisco router)

        • Laptop connected to KCL Cisco router (no security software or filtering).
        • Result: Same session drops occurred.
        • Conclusion: Further confirmed the SonicWall was not responsible.

        T-Mobile Hot-spot

          • Tested via T-Mobile hotspot.
          • Result: Same disconnection issue occurred.
          • Conclusion: Eliminated ISP-specific issues.

          User Interview & Observation

            • User claimed stable sessions from home on Mac with T-Mobile hot-spot.
            • User reported that sister working at another immigration law firm has no issues on Windows.
            • Both reports were based on a single use case, insufficient to conclude stability.
            • Interviews determined that the user’s conclusion was based on conjecture.
            • Observed that stable sessions occurred during evening hours, suggesting off-peak reliability.

            Code Analysis (KCL Communications)

              • Detected recurring error: “Resource not found” on port 8888 at 127.0.0.1.
              • Since 127.0.0.1 is a loop back address, this indicates the issue lies on DHS servers themselves
                (timeouts, restarts, or unavailable resources).

              Conclusion

              • Occurred across multiple ISPs (AT&T;, KCL, T-Mobile) → Not an ISP issue.
              • Persisted when bypassing SonicWall → Not a firewall issue.
              • Occurred on clean laptop → Not endpoint security issue.
              • Affected multiple browsers → Not browser compatibility.
              • Occurred on Windows and Mac → Not OS related.
              • Most Likely Cause:
                • The DHS Immigration Web site infrastructure.
                • Possible contributors:
                  • Overloaded resources/bandwidth during peak hours.
                  • Technical glitches causing temporary outages.
                  • Possible adversarial activity (e.g., DDoS attacks).

              Recommendations

              1. Monitor usage patterns (peak vs. off-peak).
              2. Escalate to DHS support via contact info available in ARIN (www.arin.net).
              3. Document occurrences (log times, errors, frequency).
              4. Develop contingency plans if DHS access is critical (alternate workflows, staggered usage, etc.).

              Leave a comment

              Your email address will not be published. Required fields are marked *

              More Posts

                error: Sorry, copy/paste is disabled
                Skip to content