Jump to content

Access To Www.hak5.org From France


taz
 Share

Recommended Posts

Hi there,

I have a problem to access to your website from some ISP.

- My ISP in my apartment is www.free.fr : I can access to your website :)

- My parent's ISP is www.free.fr too, and I can't access to your website.

- On both I use the same DNS server.

I made a "traceroute www.hak5.org" from both location and it result this :

From my apartment : (is working)

traceroute www.hak5.org
traceroute to www.hak5.org (66.11.227.124), 64 hops max, 52 byte packets
 1  192.168.0.254 (192.168.0.254)  1.835 ms  1.182 ms  1.120 ms
 2  82.240.63.254 (82.240.63.254)  23.390 ms  30.251 ms  20.738 ms
 3  marseille-6k-1-a5.routers.proxad.net (213.228.12.126)  28.062 ms  19.874 ms  20.649 ms
 4  lyon-crs16-1-be1003.intf.routers.proxad.net (212.27.50.102)  25.160 ms  54.455 ms  46.133 ms
 5  th2-crs16-1-be2001.intf.routers.proxad.net (212.27.59.29)  62.962 ms  30.787 ms  36.144 ms
 6  bzn-crs16-1-be2000.intf.routers.proxad.net (212.27.57.210)  47.874 ms  32.551 ms  31.902 ms
 7  londres-6k-1-po101.intf.routers.proxad.net (212.27.51.186)  46.195 ms  55.842 ms  60.833 ms
 8  newyork-6k-1-po1.intf.routers.proxad.net (212.27.58.206)  114.916 ms  114.362 ms  113.591 ms
 9  nycl-peer-03.twtelecom.net (198.32.118.36)  140.597 ms  117.539 ms  124.396 ms
10  pdx1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.240.190)  188.734 ms  190.450 ms  188.415 ms
11  * ge-8-2-20.acs-rtr05.ptldor02.iinet.com (198.145.240.166)  200.960 ms *
12  198.145.40.101 (198.145.40.101)  235.538 ms  199.387 ms  195.868 ms
13  198.145.179.222 (198.145.179.222)  214.160 ms  190.542 ms  194.466 ms
14  66-11-225-95.iinet.pdx.dotster.net (66.11.225.95)  206.077 ms  204.204 ms  205.033 ms
15  66-11-227-124.managemyvps.com (66.11.227.124)  204.756 ms  198.736 ms  223.988 ms

From my parent's house : (is not working)

traceroute www.hak5.org
traceroute to www.hak5.org (66.11.227.124), 64 hops max, 52 byte packets
 1  192.168.0.254 (192.168.0.254)  13.091 ms  0.951 ms  1.078 ms
 2  88.166.241.254 (88.166.241.254)  20.789 ms  21.422 ms  20.265 ms
 3  78.254.7.158 (78.254.7.158)  20.836 ms  20.084 ms  20.946 ms
 4  sf283-1-v902.intf.nra.proxad.net (78.254.254.89)  20.778 ms  21.268 ms  22.977 ms
 5  ban83-1-v900.intf.nra.proxad.net (78.254.254.85)  21.014 ms  21.697 ms  21.465 ms
 6  lbe83-1-v902.intf.nra.proxad.net (78.254.254.81)  22.129 ms  20.755 ms  20.493 ms
 7  scy83-1-v900.intf.nra.proxad.net (78.254.254.77)  22.713 ms  22.276 ms  22.057 ms
 8  cio13-1-v902.intf.nra.proxad.net (78.254.254.73)  20.794 ms  21.950 ms  22.329 ms
 9  au213-1-v900.intf.nra.proxad.net (78.254.254.69)  22.557 ms  21.020 ms  22.843 ms
10  au113-1-v902.intf.nra.proxad.net (78.254.254.65)  22.563 ms  21.468 ms  21.823 ms
11  peh13-1-v900.intf.nra.proxad.net (78.254.254.61)  22.545 ms  21.685 ms  22.420 ms
12  cor13-1-v902.intf.nra.proxad.net (78.254.254.57)  37.587 ms  22.984 ms  22.061 ms
13  * * marseille-6k-1-v900.intf.nra.proxad.net (78.254.254.53)  31.939 ms
14  lyon-crs16-1-be1003.intf.routers.proxad.net (212.27.50.102)  26.172 ms  26.929 ms  26.294 ms
15  th2-crs16-1-be2001.intf.routers.proxad.net (212.27.59.29)  34.536 ms  32.028 ms *
16  bzn-crs16-1-be2000.intf.routers.proxad.net (212.27.57.210)  35.136 ms  33.900 ms  35.572 ms
17  londres-6k-1-po101.intf.routers.proxad.net (212.27.51.186)  47.413 ms  50.634 ms  47.001 ms
18  newyork-6k-1-po1.intf.routers.proxad.net (212.27.58.206)  115.385 ms  115.305 ms  115.259 ms
19  nycl-peer-03.twtelecom.net (198.32.118.36)  115.520 ms  115.269 ms  115.043 ms
20  pdx1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.240.190)  187.846 ms  188.563 ms  189.134 ms
21  ge-8-2-20.acs-rtr06.ptldor02.iinet.com (198.145.240.169)  191.017 ms  190.904 ms  190.837 ms
22  198.145.40.101 (198.145.40.101)  189.420 ms  190.099 ms  191.060 ms
23  198.145.179.222 (198.145.179.222)  190.943 ms  191.258 ms  191.167 ms
24  66-11-225-95.iinet.pdx.dotster.net (66.11.225.95)  189.726 ms  190.959 ms  195.389 ms
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
31  * * *
32  * * *
33  * * *
34  * * *
35  * * *
36  * * *
37  * * *
38  * * *
39  * * *
40  * * *
41  * * *
42  * * *
43  * * *
44  * * *
45  * * *
46  * * *
47  * * *
48  * * *
49  * * *
50  * * *
51  * * *
52  * * *
53  * * *
54  * * *
55  * * *
56  * * *
57  * * *
58  * * *
59  * * *
60  * * *
61  * * *
62  * * *
63  * * *
64  * * *

I don't understand the problem.

Do you have a idea how to solve th problem please :)

Thanks for your help,

taz.

Link to comment
Share on other sites

Hi Sparda,

thanks for your quick answer :)

So, how can I check if there are banned ip address in free.fr ?

The router was reboot, but the problem is the same.

In fact the problem exist since 2 or 3 month.

Thanks,

taz.

Link to comment
Share on other sites

What OS are you using at your house, and what OS from your parents. It may be possible its due to the OS and Service Pack level of the OS itself. For example, my website used to have an IP address that ended in a .255 octet. Windows 7, Linux and MAC OSX could reach it fine, but Windows XP could not due to the fact that the TCP Stack written for XP uses the older method of subnetting, and .255 was automatically reserved as a subnet broadcast ID and not allowed to be used for classess subnet routing. Windows XP reserves the first and last addresses based on older networking rules that don't apply to todays hardware and standards for subnet zero. This doesnt look to be the case for the Hak5 address, but something to think about in the effort to track down the problem. There mayb also be a limit to the number of hops the OS can do, but I'm not 100% sure on that one.

From the traceroute, your connection is being killed at 66.11.225.95, which looks to be 1 hop from Hak5.org. Its very possible that this router is set up, to not allow more than a certain number of hops in its chain, so say for instance it was using RIP (although I highly doubt that on the internet it wouldn't get very far and be fairly useless), RIP can only allow a maximum of 15 hops, so anything after that it would drop the packets. A rule could be set to not allow more than so many hops, and this dropping the last packet because of a metric rule in its confoguration. Pobably not the problem, but a possibility.

Also, being that you make it all the way to this router which is 1 hop away from the site, there could be several other rules happening. Somewhere on that router itself, it may be blocking your parents specific subnet for some firewall reasons. Even though you are on the same ISP, you are on different subnet ranges, and for whatever reason, they may have a rule to drop packets from the specific subnet or certain range there of the one your parents reside on.

Your network: 82.240.63.254 Range: 82.240.60.0 - 82.240.63.255

Your Parents: 88.166.241.254 Range: 88.165.150.0 - 88.173.255.255

Now, one thing you can try is to get yourself on a different leg of the ISP's network. I do this with my cable modem all the time when I want to change my IP address to a different pool if I experience lag or just for security reasons to block attacking IP addresses from my static address, but may not work the same way with your DSL setup.

1 - If you have a home router between your machine and your modem, go into your router settings and look for the "clone mac address" settings. If you have no router, skip this and proceed to the next step 3

2 - make up some arbitrary router mac address, but use the same first 3 hex values as your normal router to stay on the same router manufacturers list. For example, if your routers outside mac address is 00 01 1A 5D 7F 6C make it now 00 01 1A 7D 3C 4F, etc, etc

3 - After saving those settings, unplug the power to your DSL modem for about 20-30 seconds. After you plug it back in, your ISP will not be able to reassign you the same IP address because your mac address will have changed, and their DHCP table will already have it assigned to the previous mac address. You should at that point be given a different available address somewhere on their network, and quite possibly on a different subnet all together. If you have no router to play with the mac address, then you will need to power off the router for a minimum of whatever your lease time is + a few more minutes. Quickest way to check this is log into the modem and go through the settings to see what your lease renewal time is. Depending on the modem this may not show you the value. If so, open a command prompt and type (if windows) ipconfig /all and at the bottom it will say "lease obtained" and "lease expires". You need to unplug it until AFTER the lease has expired and timed out. You may be able to do this in half the time, since most leases try to autorenew every half/lease time, but best bet, leave unplugged until well after that lease has expired. After plugging back in, you will get a new address since your lease is no longer valid.

After getting a new IP address, try reaching the site again, as well as doing a traceroute to the site. See if your parents setup takes a new path, and is on a new subnet. If they still can't reach it, then it may be something in their OS itself.

Link to comment
Share on other sites

Hi digip,

impressive answer :)

Here the answer about your questions :

- I suppose my OS is not in cause, because : I did all test with my Mac OS X laptop.

- I did one test with Linux in my friend house, he is also on Free.fr ISP and he has the same problem.

Traceroute form my friend house :

traceroute to www.hak5.org (66.11.227.124), 30 hops max, 60 byte packets
 1  fw-foret.foret (192.168.0.1)  0.124 ms  0.153 ms  0.185 ms
 2  88.171.3.254 (88.171.3.254)  21.337 ms  23.803 ms  24.417 ms
 3  * 213.228.20.254 (213.228.20.254)  26.562 ms *
 4  lyon-crs16-1-be1003.intf.routers.proxad.net (212.27.50.102)  32.675 ms  33.860 ms  34.588 ms
 5  th2-crs16-1-be2001.intf.routers.proxad.net (212.27.59.29)  42.429 ms  43.101 ms  43.840 ms
 6  bzn-crs16-1-be2000.intf.routers.proxad.net (212.27.57.210)  46.012 ms  45.168 ms  45.894 ms
 7  londres-6k-1-po101.intf.routers.proxad.net (212.27.51.186)  60.411 ms  47.426 ms  47.795 ms
 8  newyork-6k-1-po1.intf.routers.proxad.net (212.27.58.206)  163.055 ms * *
 9  NYCL-PEER-03.twtelecom.net (198.32.118.36)  119.878 ms  120.538 ms  121.503 ms
10  pdx1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.240.190)  196.437 ms  197.129 ms  198.547 ms
11  ge-8-2-20.acs-rtr06.ptldor02.iinet.com (198.145.240.169)  200.747 ms  201.032 ms  201.542 ms
12  198.145.40.101 (198.145.40.101)  203.455 ms  203.478 ms  204.867 ms
13  198.145.179.222 (198.145.179.222)  189.567 ms  189.885 ms  190.891 ms
14  66-11-225-95.iinet.pdx.dotster.net (66.11.225.95)  191.391 ms  190.849 ms  193.987 ms
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

I don't know if the problem is the limit of jump allowed by 66.11.225.95.

I think it's as you said a blacklist in 66.11.225.95 or it's 66.11.225.95 don't know the route to address 88.171.3.254.

I can't change my MAC or my ip address because my ISP block it.

I don't know what else to try...

Do you have to root access to 66.11.225.95 ?

Thanks,

taz.

Link to comment
Share on other sites

66.11.225.95 is the router just before the site and I imagine not anything to do with Hak5's setup, but more of that routers configuration. If you cant get past that last hop, I would think its either blocked on the router, or some other issue not apparent at the moment. Try switching to OpenDNS at your parents and friends location, see if that makes a difference. Its weird that you can reach from your home though, but not from your friends or parents house. Other method is to just try a proxy but I personally don't recommend that unless its through your own site because people who own the proxy can monitor your traffic and steal logins, passwords, etc.

Link to comment
Share on other sites

OpenDNS won't make a blind bit of difference as he can resolve the domain correctly....

If the OP can PM me the IP's he's using at each site, I will check the server but I doubt anything at our end is blocking you.

Link to comment
Share on other sites

Hi,

digip : I'm agree with VaKo, the DNS are not in cause.

Of course with a proxy, I can access to the website.

I'm in my parent's house right now, and I use a private ssh proxy sock to browse the forum :)

VaKo : The IP of my parent's house is <redacted>

Thanks :)

taz.

Link to comment
Share on other sites

Reason I said try OpenDNS is because like my own ISP, Comcast does DNS filtering, which is one of the reasons I won't use theirs. If the ISP took it upon themselves to apply filters for whatever reason, they could drop the address, in my thinking, and access to it. The routers know which way to go to get their, but something is dropping that last hop.

One thing he could try is nslookup for hak5.org, see if it returns the correct address. If not reachable or return anything, then try by the IP address. If still nothing, then in my mind his DNS server is not able to find it, or filtering it out for whatever reasons. He could also try a ping on the Domain name as well as IP address, see if that returns anything at all. If it does, try reaching the site via IP and not Domain Name. Granted he wont get to hak5 at 66.11.227.124, but if it does load, he'll at least see the apache vhost page instead, which means it is potentially on the Hak5 sites htaccess or config that is blocking it, and not the actual host of hak5's site. If he cant, then maybe the host server has their subnet blocked, and out of Hak5's hands. Just some things to try...

Edited by digip
Link to comment
Share on other sites

Both those traces show the correct IP, but in one case the packet is dropped by either Hak5's VPS or the router in front of it. So the site is resolving correctly, and packets are reaching almost the entire way. If it was redirection you would see evidence of this when you attempt to browse the site, not just have it time out and fail. This is where I need to look when I get somewhere sensible.

Link to comment
Share on other sites

Hi,

digip : With the DNS of my ISP :

grep nameserver /etc/resolv.conf 
nameserver 212.27.40.241
nameserver 212.27.40.240

Nslookup :

nslookup for hak5.org
;; connection timed out; no servers could be reached

With OpenDNS :

grep nameserver /etc/resolv.conf 
nameserver 208.67.222.222

Nsloopup :

nslookup for hak5.org
;; connection timed out; no servers could be reached

VaKo : I'm unable to send private message to you :/

The error message is "You are not allowed to use the messenger feature on this board".

VaKo do you want my skype adress or something like that to make tests ?

Thanks.

Link to comment
Share on other sites

Just out of curiosity, how did the problem get resolved?

Did the OP switch over dns servers, or was he using a proxy server to the hak5 website?

Link to comment
Share on other sites

Hi Infiltrator,

the problem is not resolved.

I use a ssh proxy to browse hak5.org ;)

SSH or VPN seems to be a good choice, nowadays to browser safely and unrestricted.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...