Home page logo
/

nanog logo nanog mailing list archives

RE: [SMBManagedServices] RE: next hop packet loss
From: "Jim Ray" <jim () neuse net>
Date: Sat, 11 Aug 2012 12:36:14 -0400

Get a load of this:

New version of Firefox works fine. Methinks Mozilla released a turd.


-----Original Message-----
From: SMBManagedServices () yahoogroups com
[mailto:SMBManagedServices () yahoogroups com] On Behalf Of James_TDS
Sent: Friday, August 10, 2012 11:47 AM
To: SMBManagedServices () yahoogroups com
Subject: RE: [SMBManagedServices] RE: next hop packet loss

As I said I suspect Checkpoint is "breaking the Internet" in an attempt
to block various DDOS attacks. The failure of tracert and ICMP is not
isolated to Checkpoint and Above.net as I had a similar problem with a
local TW customer on a static IP. Because their in house router was down
and not responding to anything TW would drop the Tracert long before it
even came close to my client. I gave them heck about this as it made it
impossible to remotely monitor the customer because when the customer
calls and says the "Internet is down" the first thing I do is tracert to
their IP. When I see the route die in another city that tells me the ISP
is having issues vs. the route dying one hop out from my customer's IP.
They gave me some crap about active routing and such. Put anything on
that IP and have it respond to pings and the route will complete.

As I said Telnet checkpoint.com 80 fails for me but SLChecker works so
again it's probably some DDOS thing and they are checking user agents
before replying and I assume SLCheck mimics IE or something. Handy tool.



-----Original Message-----
From: SMBManagedServices () yahoogroups com
[mailto:SMBManagedServices () yahoogroups com] On Behalf Of Jim Ray
Sent: Friday, August 10, 2012 8:23 AM
To: SMBManagedServices () yahoogroups com
Subject: RE: [SMBManagedServices] RE: next hop packet loss

I am stumped why http://www.checkpoint.com won't resolve with Firefox
yet will with Internet Explorer and Safari. I know Microsoft won't let
you do what you need to do with Firefox yet am surprised with Check
Point. 

Above.net is not echoing ICMP, though, before one reaches Check Point.

From the NANOG group, I found out it is possible to use command line
switch to specify type of traffic and to get around ICMP issue.
Apparently, TCP works; however, another person said UDP is preferred
embodiment.

This test resolved web site yet resulted in lost connection:

telnet www.checkpoint.com 80
GET / HTTP/1.1
Host: www.checkpoint.com

I captured packets with Wireshark yet did not see anything that jumped
out at me as root cause for failure.

Meanwhile back at the ranch, my friend brought over business card for
Check Point representative, and I plan to pick up the phone and call
thereby bypassing TCP/IP in its entirety.


-----Original Message-----
From: SMBManagedServices () yahoogroups com
[mailto:SMBManagedServices () yahoogroups com] On Behalf Of James_TDS
Sent: Thursday, August 09, 2012 10:50 AM
To: SMBManagedServices () yahoogroups com
Subject: RE: [SMBManagedServices] RE: next hop packet loss

Go back a few post and see where I mentioned that the hop in question
was not responding to the ICMP request, it wasn't down they just refuse
to echo. 

Probably a more valid test would have been:

telnet checkpoint.com 80
GET

However I just tested that as well and Checkpoint doesn't respond
correctly. Not sure what they are doing on the frontend but they are
breaking Internet "rules" probably in an effort to not be DDOS'd. I
checked again with SLChecker and it responds correctly so they are
likely not responding to Telnet because it doesn't send a user agent ID.


-----Original Message-----
From: SMBManagedServices () yahoogroups com
[mailto:SMBManagedServices () yahoogroups com] On Behalf Of Jim Ray
Sent: Thursday, August 09, 2012 8:39 AM
To: SMBManagedServices () yahoogroups com
Cc: Herring, David
Subject: [SMBManagedServices] RE: next hop packet loss

Hey, I get the idgit award for this one. Time Warner's next hop that was
dropping packets was really a situation where next hop was not
responding to ICMP from tracert. Neither of us was able to diagnose the
problem until last night when I found out Safari pulled up
http://www.checkpoint.com from same network and Firefox on PC did not.

So, apparently, Check Point does not like Firefox. Internet Explorer
worked.

Meanwhile back at the ranch, I have learned about TCP switch in tracert
thanks to peers here and on NANOG and have gotten down and dirty with
Wireshark.

Regards,

Jim Ray, President
Neuse River Networks
2 Davis Drive, PO Box 13169
Research Triangle Park, NC 27709
919-838-1672 x100
www.NeuseRiverNetworks.com


-----Original Message-----
From: Herring, David [mailto:david.herring () twcable com]
Sent: Thursday, August 09, 2012 7:54 AM
To: Jim Ray; Adrian Bool
Subject: RE: next hop packet loss

  Got it.. no worries.. I know we are not always the best either!

  What would be great- that you let the below be known to your user
group?
  I know we let them know when we thought it was Business class
problem...



David Herring
Channel Manager | Channel Partner Program, East Region TWC Business
Class
101 Innovation Avenue| Morrisville, NC 27560
919.573.7635






-----Original Message-----
From: Jim Ray [mailto:jim () neuse net]
Sent: Wednesday, August 08, 2012 7:48 PM
To: Adrian Bool
Cc: Herring, David
Subject: RE: next hop packet loss

Dude...don't laugh too hard when I tell you I found the problem:

http://www.CheckPoint.com not compatible with Firefox, only with Safari
and Internet Explorer or possibly others.

David, apparently, tracert is not a valid test if ICMP is not active.
So, my apologies.

Regards,

Jim Ray, President
Neuse River Networks
2 Davis Drive, PO Box 13169
Research Triangle Park, NC 27709
919-838-1672 x100
www.NeuseRiverNetworks.com


-----Original Message-----
From: Adrian Bool [mailto:aid () logic org uk]
Sent: Tuesday, August 07, 2012 9:22 AM
To: Jim Ray
Subject: Re: next hop packet loss


Oh, if you do get a connect on the telnet session, type,

GET / HTTP/1.1
Host: www.checkpoint.com
<return>
<return>


aid



On 7 Aug 2012, at 14:14, "Jim Ray" <jim () neuse net> wrote:

Ah, good eyes :-)

Thank you, sir. Will try again.

Regards,

Jim Ray, President
Neuse River Networks
2 Davis Drive, PO Box 13169
Research Triangle Park, NC 27709
919-838-1672 x100
www.NeuseRiverNetworks.com



-----Original Message-----
From: Adrian Bool [mailto:aid () logic org uk]
Sent: Tuesday, August 07, 2012 9:14 AM
To: Jim Ray
Subject: Re: next hop packet loss


Hi Jim,

It looks like you just used telnet on its own (so it used port 23, 
which
*will* be blocked by Checkpoint).  Instead you need to specify the 
HTTP port as well,

      telnet www.checkpoint.com 80

If you give that a go again; whilst capturing with Wireshark & see 
what happens.

Cheers,

aid



This E-mail and any of its attachments may contain Time Warner Cable
proprietary information, which is privileged, confidential, or subject
to copyright belonging to Time Warner Cable. This E-mail is intended
solely for the use of the individual or entity to which it is addressed.
If you are not the intended recipient of this E-mail, you are hereby
notified that any dissemination, distribution, copying, or action taken
in relation to the contents of and attachments to this E-mail is
strictly prohibited and may be unlawful. If you have received this
E-mail in error, please notify the sender immediately and permanently
delete the original and any copy of this E-mail and any printout.


------------------------------------

Moderated and managed Amy LubyYahoo! Groups Links





------------------------------------

Moderated and managed Amy LubyYahoo! Groups Links





------------------------------------

Moderated and managed Amy LubyYahoo! Groups Links





------------------------------------

Moderated and managed Amy LubyYahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/SMBManagedServices/

<*> Your email settings:
    Individual Email | Traditional

<*> To change settings online go to:
    http://groups.yahoo.com/group/SMBManagedServices/join
    (Yahoo! ID required)

<*> To change settings via email:
    SMBManagedServices-digest () yahoogroups com 
    SMBManagedServices-fullfeatured () yahoogroups com

<*> To unsubscribe from this group, send an email to:
    SMBManagedServices-unsubscribe () yahoogroups com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]