taz Posted August 9, 2010 Share Posted August 9, 2010 Hi there, I have a problem to access to your website from some ISP. - My ISP in my apartment is www.free.fr : I can access to your website :) - My parent's ISP is www.free.fr too, and I can't access to your website. - On both I use the same DNS server. I made a "traceroute www.hak5.org" from both location and it result this : From my apartment : (is working) traceroute www.hak5.org traceroute to www.hak5.org (66.11.227.124), 64 hops max, 52 byte packets 1 192.168.0.254 (192.168.0.254) 1.835 ms 1.182 ms 1.120 ms 2 82.240.63.254 (82.240.63.254) 23.390 ms 30.251 ms 20.738 ms 3 marseille-6k-1-a5.routers.proxad.net (213.228.12.126) 28.062 ms 19.874 ms 20.649 ms 4 lyon-crs16-1-be1003.intf.routers.proxad.net (212.27.50.102) 25.160 ms 54.455 ms 46.133 ms 5 th2-crs16-1-be2001.intf.routers.proxad.net (212.27.59.29) 62.962 ms 30.787 ms 36.144 ms 6 bzn-crs16-1-be2000.intf.routers.proxad.net (212.27.57.210) 47.874 ms 32.551 ms 31.902 ms 7 londres-6k-1-po101.intf.routers.proxad.net (212.27.51.186) 46.195 ms 55.842 ms 60.833 ms 8 newyork-6k-1-po1.intf.routers.proxad.net (212.27.58.206) 114.916 ms 114.362 ms 113.591 ms 9 nycl-peer-03.twtelecom.net (198.32.118.36) 140.597 ms 117.539 ms 124.396 ms 10 pdx1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.240.190) 188.734 ms 190.450 ms 188.415 ms 11 * ge-8-2-20.acs-rtr05.ptldor02.iinet.com (198.145.240.166) 200.960 ms * 12 198.145.40.101 (198.145.40.101) 235.538 ms 199.387 ms 195.868 ms 13 198.145.179.222 (198.145.179.222) 214.160 ms 190.542 ms 194.466 ms 14 66-11-225-95.iinet.pdx.dotster.net (66.11.225.95) 206.077 ms 204.204 ms 205.033 ms 15 66-11-227-124.managemyvps.com (66.11.227.124) 204.756 ms 198.736 ms 223.988 ms From my parent's house : (is not working) traceroute www.hak5.org traceroute to www.hak5.org (66.11.227.124), 64 hops max, 52 byte packets 1 192.168.0.254 (192.168.0.254) 13.091 ms 0.951 ms 1.078 ms 2 88.166.241.254 (88.166.241.254) 20.789 ms 21.422 ms 20.265 ms 3 78.254.7.158 (78.254.7.158) 20.836 ms 20.084 ms 20.946 ms 4 sf283-1-v902.intf.nra.proxad.net (78.254.254.89) 20.778 ms 21.268 ms 22.977 ms 5 ban83-1-v900.intf.nra.proxad.net (78.254.254.85) 21.014 ms 21.697 ms 21.465 ms 6 lbe83-1-v902.intf.nra.proxad.net (78.254.254.81) 22.129 ms 20.755 ms 20.493 ms 7 scy83-1-v900.intf.nra.proxad.net (78.254.254.77) 22.713 ms 22.276 ms 22.057 ms 8 cio13-1-v902.intf.nra.proxad.net (78.254.254.73) 20.794 ms 21.950 ms 22.329 ms 9 au213-1-v900.intf.nra.proxad.net (78.254.254.69) 22.557 ms 21.020 ms 22.843 ms 10 au113-1-v902.intf.nra.proxad.net (78.254.254.65) 22.563 ms 21.468 ms 21.823 ms 11 peh13-1-v900.intf.nra.proxad.net (78.254.254.61) 22.545 ms 21.685 ms 22.420 ms 12 cor13-1-v902.intf.nra.proxad.net (78.254.254.57) 37.587 ms 22.984 ms 22.061 ms 13 * * marseille-6k-1-v900.intf.nra.proxad.net (78.254.254.53) 31.939 ms 14 lyon-crs16-1-be1003.intf.routers.proxad.net (212.27.50.102) 26.172 ms 26.929 ms 26.294 ms 15 th2-crs16-1-be2001.intf.routers.proxad.net (212.27.59.29) 34.536 ms 32.028 ms * 16 bzn-crs16-1-be2000.intf.routers.proxad.net (212.27.57.210) 35.136 ms 33.900 ms 35.572 ms 17 londres-6k-1-po101.intf.routers.proxad.net (212.27.51.186) 47.413 ms 50.634 ms 47.001 ms 18 newyork-6k-1-po1.intf.routers.proxad.net (212.27.58.206) 115.385 ms 115.305 ms 115.259 ms 19 nycl-peer-03.twtelecom.net (198.32.118.36) 115.520 ms 115.269 ms 115.043 ms 20 pdx1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.240.190) 187.846 ms 188.563 ms 189.134 ms 21 ge-8-2-20.acs-rtr06.ptldor02.iinet.com (198.145.240.169) 191.017 ms 190.904 ms 190.837 ms 22 198.145.40.101 (198.145.40.101) 189.420 ms 190.099 ms 191.060 ms 23 198.145.179.222 (198.145.179.222) 190.943 ms 191.258 ms 191.167 ms 24 66-11-225-95.iinet.pdx.dotster.net (66.11.225.95) 189.726 ms 190.959 ms 195.389 ms 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * 31 * * * 32 * * * 33 * * * 34 * * * 35 * * * 36 * * * 37 * * * 38 * * * 39 * * * 40 * * * 41 * * * 42 * * * 43 * * * 44 * * * 45 * * * 46 * * * 47 * * * 48 * * * 49 * * * 50 * * * 51 * * * 52 * * * 53 * * * 54 * * * 55 * * * 56 * * * 57 * * * 58 * * * 59 * * * 60 * * * 61 * * * 62 * * * 63 * * * 64 * * * I don't understand the problem. Do you have a idea how to solve th problem please :) Thanks for your help, taz. Quote Link to comment Share on other sites More sharing options...
Sparda Posted August 9, 2010 Share Posted August 9, 2010 There aren't any banned IP addresses in the free.fr pool (just checked to be safe). Have you tried turning the router off and on again? It may cause the routing issues to disappear magically. Quote Link to comment Share on other sites More sharing options...
taz Posted August 9, 2010 Author Share Posted August 9, 2010 Hi Sparda, thanks for your quick answer :) So, how can I check if there are banned ip address in free.fr ? The router was reboot, but the problem is the same. In fact the problem exist since 2 or 3 month. Thanks, taz. Quote Link to comment Share on other sites More sharing options...
digip Posted August 9, 2010 Share Posted August 9, 2010 What OS are you using at your house, and what OS from your parents. It may be possible its due to the OS and Service Pack level of the OS itself. For example, my website used to have an IP address that ended in a .255 octet. Windows 7, Linux and MAC OSX could reach it fine, but Windows XP could not due to the fact that the TCP Stack written for XP uses the older method of subnetting, and .255 was automatically reserved as a subnet broadcast ID and not allowed to be used for classess subnet routing. Windows XP reserves the first and last addresses based on older networking rules that don't apply to todays hardware and standards for subnet zero. This doesnt look to be the case for the Hak5 address, but something to think about in the effort to track down the problem. There mayb also be a limit to the number of hops the OS can do, but I'm not 100% sure on that one. From the traceroute, your connection is being killed at 66.11.225.95, which looks to be 1 hop from Hak5.org. Its very possible that this router is set up, to not allow more than a certain number of hops in its chain, so say for instance it was using RIP (although I highly doubt that on the internet it wouldn't get very far and be fairly useless), RIP can only allow a maximum of 15 hops, so anything after that it would drop the packets. A rule could be set to not allow more than so many hops, and this dropping the last packet because of a metric rule in its confoguration. Pobably not the problem, but a possibility. Also, being that you make it all the way to this router which is 1 hop away from the site, there could be several other rules happening. Somewhere on that router itself, it may be blocking your parents specific subnet for some firewall reasons. Even though you are on the same ISP, you are on different subnet ranges, and for whatever reason, they may have a rule to drop packets from the specific subnet or certain range there of the one your parents reside on. Your network: 82.240.63.254 Range: 82.240.60.0 - 82.240.63.255 Your Parents: 88.166.241.254 Range: 88.165.150.0 - 88.173.255.255 Now, one thing you can try is to get yourself on a different leg of the ISP's network. I do this with my cable modem all the time when I want to change my IP address to a different pool if I experience lag or just for security reasons to block attacking IP addresses from my static address, but may not work the same way with your DSL setup. 1 - If you have a home router between your machine and your modem, go into your router settings and look for the "clone mac address" settings. If you have no router, skip this and proceed to the next step 3 2 - make up some arbitrary router mac address, but use the same first 3 hex values as your normal router to stay on the same router manufacturers list. For example, if your routers outside mac address is 00 01 1A 5D 7F 6C make it now 00 01 1A 7D 3C 4F, etc, etc 3 - After saving those settings, unplug the power to your DSL modem for about 20-30 seconds. After you plug it back in, your ISP will not be able to reassign you the same IP address because your mac address will have changed, and their DHCP table will already have it assigned to the previous mac address. You should at that point be given a different available address somewhere on their network, and quite possibly on a different subnet all together. If you have no router to play with the mac address, then you will need to power off the router for a minimum of whatever your lease time is + a few more minutes. Quickest way to check this is log into the modem and go through the settings to see what your lease renewal time is. Depending on the modem this may not show you the value. If so, open a command prompt and type (if windows) ipconfig /all and at the bottom it will say "lease obtained" and "lease expires". You need to unplug it until AFTER the lease has expired and timed out. You may be able to do this in half the time, since most leases try to autorenew every half/lease time, but best bet, leave unplugged until well after that lease has expired. After plugging back in, you will get a new address since your lease is no longer valid. After getting a new IP address, try reaching the site again, as well as doing a traceroute to the site. See if your parents setup takes a new path, and is on a new subnet. If they still can't reach it, then it may be something in their OS itself. Quote Link to comment Share on other sites More sharing options...
taz Posted August 9, 2010 Author Share Posted August 9, 2010 Hi digip, impressive answer :) Here the answer about your questions : - I suppose my OS is not in cause, because : I did all test with my Mac OS X laptop. - I did one test with Linux in my friend house, he is also on Free.fr ISP and he has the same problem. Traceroute form my friend house : traceroute to www.hak5.org (66.11.227.124), 30 hops max, 60 byte packets 1 fw-foret.foret (192.168.0.1) 0.124 ms 0.153 ms 0.185 ms 2 88.171.3.254 (88.171.3.254) 21.337 ms 23.803 ms 24.417 ms 3 * 213.228.20.254 (213.228.20.254) 26.562 ms * 4 lyon-crs16-1-be1003.intf.routers.proxad.net (212.27.50.102) 32.675 ms 33.860 ms 34.588 ms 5 th2-crs16-1-be2001.intf.routers.proxad.net (212.27.59.29) 42.429 ms 43.101 ms 43.840 ms 6 bzn-crs16-1-be2000.intf.routers.proxad.net (212.27.57.210) 46.012 ms 45.168 ms 45.894 ms 7 londres-6k-1-po101.intf.routers.proxad.net (212.27.51.186) 60.411 ms 47.426 ms 47.795 ms 8 newyork-6k-1-po1.intf.routers.proxad.net (212.27.58.206) 163.055 ms * * 9 NYCL-PEER-03.twtelecom.net (198.32.118.36) 119.878 ms 120.538 ms 121.503 ms 10 pdx1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.240.190) 196.437 ms 197.129 ms 198.547 ms 11 ge-8-2-20.acs-rtr06.ptldor02.iinet.com (198.145.240.169) 200.747 ms 201.032 ms 201.542 ms 12 198.145.40.101 (198.145.40.101) 203.455 ms 203.478 ms 204.867 ms 13 198.145.179.222 (198.145.179.222) 189.567 ms 189.885 ms 190.891 ms 14 66-11-225-95.iinet.pdx.dotster.net (66.11.225.95) 191.391 ms 190.849 ms 193.987 ms 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * I don't know if the problem is the limit of jump allowed by 66.11.225.95. I think it's as you said a blacklist in 66.11.225.95 or it's 66.11.225.95 don't know the route to address 88.171.3.254. I can't change my MAC or my ip address because my ISP block it. I don't know what else to try... Do you have to root access to 66.11.225.95 ? Thanks, taz. Quote Link to comment Share on other sites More sharing options...
digip Posted August 10, 2010 Share Posted August 10, 2010 66.11.225.95 is the router just before the site and I imagine not anything to do with Hak5's setup, but more of that routers configuration. If you cant get past that last hop, I would think its either blocked on the router, or some other issue not apparent at the moment. Try switching to OpenDNS at your parents and friends location, see if that makes a difference. Its weird that you can reach from your home though, but not from your friends or parents house. Other method is to just try a proxy but I personally don't recommend that unless its through your own site because people who own the proxy can monitor your traffic and steal logins, passwords, etc. Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 10, 2010 Share Posted August 10, 2010 OpenDNS won't make a blind bit of difference as he can resolve the domain correctly.... If the OP can PM me the IP's he's using at each site, I will check the server but I doubt anything at our end is blocking you. Quote Link to comment Share on other sites More sharing options...
taz Posted August 11, 2010 Author Share Posted August 11, 2010 Hi, digip : I'm agree with VaKo, the DNS are not in cause. Of course with a proxy, I can access to the website. I'm in my parent's house right now, and I use a private ssh proxy sock to browse the forum :) VaKo : The IP of my parent's house is <redacted> Thanks :) taz. Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 11, 2010 Share Posted August 11, 2010 Your a brave man. Don't post IP's on a forum though, private message them. Quote Link to comment Share on other sites More sharing options...
digip Posted August 11, 2010 Share Posted August 11, 2010 (edited) Reason I said try OpenDNS is because like my own ISP, Comcast does DNS filtering, which is one of the reasons I won't use theirs. If the ISP took it upon themselves to apply filters for whatever reason, they could drop the address, in my thinking, and access to it. The routers know which way to go to get their, but something is dropping that last hop. One thing he could try is nslookup for hak5.org, see if it returns the correct address. If not reachable or return anything, then try by the IP address. If still nothing, then in my mind his DNS server is not able to find it, or filtering it out for whatever reasons. He could also try a ping on the Domain name as well as IP address, see if that returns anything at all. If it does, try reaching the site via IP and not Domain Name. Granted he wont get to hak5 at 66.11.227.124, but if it does load, he'll at least see the apache vhost page instead, which means it is potentially on the Hak5 sites htaccess or config that is blocking it, and not the actual host of hak5's site. If he cant, then maybe the host server has their subnet blocked, and out of Hak5's hands. Just some things to try... Edited August 11, 2010 by digip Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 11, 2010 Share Posted August 11, 2010 Both those traces show the correct IP, but in one case the packet is dropped by either Hak5's VPS or the router in front of it. So the site is resolving correctly, and packets are reaching almost the entire way. If it was redirection you would see evidence of this when you attempt to browse the site, not just have it time out and fail. This is where I need to look when I get somewhere sensible. Quote Link to comment Share on other sites More sharing options...
taz Posted August 11, 2010 Author Share Posted August 11, 2010 Hi, digip : With the DNS of my ISP : grep nameserver /etc/resolv.conf nameserver 212.27.40.241 nameserver 212.27.40.240 Nslookup : nslookup for hak5.org ;; connection timed out; no servers could be reached With OpenDNS : grep nameserver /etc/resolv.conf nameserver 208.67.222.222 Nsloopup : nslookup for hak5.org ;; connection timed out; no servers could be reached VaKo : I'm unable to send private message to you :/ The error message is "You are not allowed to use the messenger feature on this board". VaKo do you want my skype adress or something like that to make tests ? Thanks. Quote Link to comment Share on other sites More sharing options...
VaKo Posted August 11, 2010 Share Posted August 11, 2010 You can send messages now, there is a limit on new users due to PM spamming. Quote Link to comment Share on other sites More sharing options...
taz Posted August 11, 2010 Author Share Posted August 11, 2010 Thanks VaKo, I just send to you a private message. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 12, 2010 Share Posted August 12, 2010 Just out of curiosity, how did the problem get resolved? Did the OP switch over dns servers, or was he using a proxy server to the hak5 website? Quote Link to comment Share on other sites More sharing options...
taz Posted August 12, 2010 Author Share Posted August 12, 2010 Hi Infiltrator, the problem is not resolved. I use a ssh proxy to browse hak5.org ;) Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted August 12, 2010 Share Posted August 12, 2010 Hi Infiltrator, the problem is not resolved. I use a ssh proxy to browse hak5.org ;) SSH or VPN seems to be a good choice, nowadays to browser safely and unrestricted. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.