Home page logo
/

nanog logo nanog mailing list archives

Re: antisocial security
From: Owen DeLong <owen () delong com>
Date: Wed, 1 Feb 2012 20:54:17 -0800

It's not uncommon (although I would agree it is ill advised) practice for some
web sites that think they cater only to an audience in a particular geography
to block access outside of that geography. I ran across this when my credit
union would not let me connect to their web server from S. Korea.

However, I took it up with the credit union rather than NANOG. Is there a
reason you bring this up here instead of with the SSA?

Owen

On Feb 1, 2012, at 7:53 PM, Randy Bush wrote:

from a stateside host

psg.com:/usr/home/randy> dig ssa.gov. ns

; <<>> DiG 9.4.3-P2 <<>> ssa.gov. ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37734
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4

;; QUESTION SECTION:
;ssa.gov.                       IN      NS

;; ANSWER SECTION:
ssa.gov.                24370   IN      NS      dns1.ssa.gov.
ssa.gov.                24370   IN      NS      dns6.ssa.gov.
ssa.gov.                24370   IN      NS      dns5.ssa.gov.
ssa.gov.                24370   IN      NS      dns2.ssa.gov.

;; ADDITIONAL SECTION:
dns1.ssa.gov.           34072   IN      A       199.173.231.82
dns2.ssa.gov.           34073   IN      A       199.173.231.83
dns5.ssa.gov.           34073   IN      A       137.200.4.30
dns6.ssa.gov.           34074   IN      A       137.200.4.31

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Thu Feb  2 03:45:15 2012
;; MSG SIZE  rcvd: 165

psg.com:/usr/home/randy> dig +short @199.173.231.82 www.ssa.gov. any
www.socialsecurity.gov.
CNAME 7 3 60 20120224201936 20120125195419 21905 ssa.gov. XSnBe3L3rTcD2FO778x43NOJaVf2OeMoSN8hBOSJFqfUfXAyH9qE5X1Q 
+tuRgigLs4qE7Fr40GI7SANxkltYdICJbEfvYikKMDW/hi8wp8mKHYQP SmXRGZz3ZizUaLb1DNTTWePIJDCrwEkZ5oVSEqoaV5xjDnWQ0twwILve I3Q=
psg.com:/usr/home/randy> dig +short @199.173.231.83 www.ssa.gov. any
www.socialsecurity.gov.
CNAME 7 3 60 20120224201936 20120125195419 21905 ssa.gov. XSnBe3L3rTcD2FO778x43NOJaVf2OeMoSN8hBOSJFqfUfXAyH9qE5X1Q 
+tuRgigLs4qE7Fr40GI7SANxkltYdICJbEfvYikKMDW/hi8wp8mKHYQP SmXRGZz3ZizUaLb1DNTTWePIJDCrwEkZ5oVSEqoaV5xjDnWQ0twwILve I3Q=
psg.com:/usr/home/randy> dig +short @137.200.4.30 www.ssa.gov. any
www.socialsecurity.gov.
CNAME 7 3 60 20120224201936 20120125195419 21905 ssa.gov. XSnBe3L3rTcD2FO778x43NOJaVf2OeMoSN8hBOSJFqfUfXAyH9qE5X1Q 
+tuRgigLs4qE7Fr40GI7SANxkltYdICJbEfvYikKMDW/hi8wp8mKHYQP SmXRGZz3ZizUaLb1DNTTWePIJDCrwEkZ5oVSEqoaV5xjDnWQ0twwILve I3Q=
psg.com:/usr/home/randy> dig +short @137.200.4.31 www.ssa.gov. any
www.socialsecurity.gov.
CNAME 7 3 60 20120224201936 20120125195419 21905 ssa.gov. XSnBe3L3rTcD2FO778x43NOJaVf2OeMoSN8hBOSJFqfUfXAyH9qE5X1Q 
+tuRgigLs4qE7Fr40GI7SANxkltYdICJbEfvYikKMDW/hi8wp8mKHYQP SmXRGZz3ZizUaLb1DNTTWePIJDCrwEkZ5oVSEqoaV5xjDnWQ0twwILve I3Q=

psg.com:/usr/home/randy> traceroute 199.173.231.82
traceroute to 199.173.231.82 (199.173.231.82), 64 hops max, 40 byte packets
1  r0.sea.rg.net (147.28.0.4)  0.314 ms  1.224 ms  0.202 ms
2  r1.sea.rg.net (147.28.0.5)  0.340 ms  0.306 ms  0.349 ms
3  sl-gw20-sea-3-2-1.sprintlink.net (144.232.9.61)  0.355 ms  0.305 ms  0.228 ms
4  144.232.3.126 (144.232.3.126)  0.352 ms  0.379 ms  0.353 ms
5  0.xe-11-3-0.BR2.SEA7.ALTER.NET (204.255.168.217)  14.365 ms  1.081 ms  1.075 ms
6  0.ge-2-3-0.XT2.SEA7.ALTER.NET (152.63.104.21)  1.097 ms  1.127 ms  1.082 ms
7  0.ge-1-2-0.XT2.DCA6.ALTER.NET (152.63.40.46)  73.575 ms  73.635 ms  73.528 ms
8  GigabitEthernet7-0-0.GW8.DCA6.ALTER.NET (152.63.40.81)  75.535 ms  75.595 ms  75.545 ms
9  ssa-gw.customer.alter.net (152.179.9.34)  76.652 ms  76.522 ms  76.671 ms
10  * *^C
psg.com:/usr/home/randy> traceroute 137.200.4.30
traceroute to 137.200.4.30 (137.200.4.30), 64 hops max, 40 byte packets
1  r0.sea.rg.net (147.28.0.4)  0.378 ms  0.253 ms  0.332 ms
2  r1.sea.rg.net (147.28.0.5)  0.340 ms  0.394 ms  0.339 ms
3  sl-gw20-sea-3-2-1.sprintlink.net (144.232.9.61)  0.348 ms  0.263 ms  0.214 ms
4  144.232.3.126 (144.232.3.126)  66.830 ms  0.345 ms  0.323 ms
5  0.xe-11-3-0.BR2.SEA7.ALTER.NET (204.255.168.217)  0.977 ms  1.006 ms  1.100 ms
6  0.ge-2-3-0.XT2.SEA7.ALTER.NET (152.63.104.21)  26.587 ms  1.173 ms  1.086 ms
7  0.ge-7-0-0.XL2.RDU1.ALTER.NET (152.63.33.38)  86.052 ms  86.084 ms  86.024 ms
8  POS7-0.GW5.RDU1.ALTER.NET (152.63.35.177)  83.282 ms  83.371 ms  83.145 ms
9  157.130.212.98 (157.130.212.98)  85.254 ms  84.998 ms  85.170 ms
10  137.200.1.123 (137.200.1.123)  92.646 ms  92.727 ms  92.762 ms
11  *^C

so they have a firewall, but i can get there.

but from tokyo

rair.psg.com:/Users/randy> dig +short @199.173.231.82 www.ssa.gov. any
;; connection timed out; no servers could be reached
rair.psg.com:/Users/randy> dig +short @199.173.231.83 www.ssa.gov. any
;; connection timed out; no servers could be reached
rair.psg.com:/Users/randy> dig +short @137.200.4.30 www.ssa.gov. any
;; connection timed out; no servers could be reached
rair.psg.com:/Users/randy> dig +short @137.200.4.31 www.ssa.gov. any
;; connection timed out; no servers could be reached


rair.psg.com:/Users/randy> traceroute 199.173.231.82
traceroute to 199.173.231.82 (199.173.231.82), 64 hops max, 52 byte packets
1  192.168.0.1 (192.168.0.1)  5.528 ms  2.325 ms  2.504 ms
2  tokyo10-f01.flets.2iij.net (210.149.34.66)  6.912 ms  9.912 ms  11.519 ms
3  tokyo10-ntteast1.flets.2iij.net (210.149.34.113)  5.684 ms  5.820 ms  5.621 ms
4  tky001lip21.iij.net (210.149.34.101)  8.553 ms  6.054 ms  6.600 ms
5  tky001bb10.iij.net (58.138.100.217)  5.350 ms  5.412 ms  5.058 ms
6  tky001bf00.iij.net (58.138.80.1)  11.748 ms
   tky001bf01.iij.net (58.138.80.5)  5.268 ms  7.389 ms
7  sjc002bf01.iij.net (216.98.96.62)  104.972 ms
   sjc002bf02.iij.net (206.132.169.109)  106.686 ms
   sjc002bf01.iij.net (216.98.96.62)  105.618 ms
8  sjc002bb10.iij.net (206.132.169.2)  126.691 ms
   sjc002bb10.iij.net (206.132.169.6)  134.246 ms
   sjc002bb10.iij.net (206.132.169.10)  108.460 ms
9  gigabitethernet1-1.gw2.sjc7.alter.net (152.179.48.1)  110.772 ms  109.116 ms  114.488 ms
10  0.so-0-0-1.xl4.sjc7.alter.net (152.63.51.50)  102.308 ms  106.149 ms  109.410 ms
11  0.so-7-3-0.xt2.dca6.alter.net (152.63.0.245)  187.469 ms  183.993 ms  194.484 ms
12  gigabitethernet7-0-0.gw8.dca6.alter.net (152.63.40.81)  259.830 ms  234.873 ms  186.634 ms
13  * * *
^C
rair.psg.com:/Users/randy> traceroute 137.200.4.30
traceroute to 137.200.4.30 (137.200.4.30), 64 hops max, 52 byte packets
1  192.168.0.1 (192.168.0.1)  10.197 ms  1.979 ms  4.218 ms
2  tokyo10-f01.flets.2iij.net (210.149.34.66)  9.268 ms  6.284 ms  6.184 ms
3  tokyo10-ntteast1.flets.2iij.net (210.149.34.113)  5.913 ms  10.127 ms  6.532 ms
4  tky001lip21.iij.net (210.149.34.101)  7.983 ms  6.036 ms  6.199 ms
5  tky001bb10.iij.net (58.138.100.217)  5.774 ms  21.691 ms  7.265 ms
6  tky001bf01.iij.net (58.138.80.5)  9.906 ms
   tky008bf00.iij.net (58.138.80.9)  8.371 ms
   tky001bf01.iij.net (58.138.80.5)  5.930 ms
7  sjc002bf00.iij.net (216.98.96.186)  117.184 ms  113.652 ms
   sjc002bf01.iij.net (216.98.96.62)  104.728 ms
8  sjc002bb10.iij.net (206.132.169.10)  114.864 ms
   sjc002bb10.iij.net (206.132.169.6)  111.701 ms
   sjc002bb10.iij.net (206.132.169.10)  142.274 ms
9  gigabitethernet1-1.gw2.sjc7.alter.net (152.179.48.1)  123.611 ms  115.159 ms  112.298 ms
10  0.so-0-0-1.xl4.sjc7.alter.net (152.63.51.50)  111.010 ms  104.429 ms  108.738 ms
11  0.so-1-2-0.xl2.rdu1.alter.net (152.63.27.38)  349.150 ms  209.448 ms  207.871 ms
12  pos7-0.gw5.rdu1.alter.net (152.63.35.177)  222.413 ms  208.135 ms  269.150 ms
13  * *^C

and, i noticed the problem because i can not get to the web site at
http://www.ssa.gov/ from tokyo.

randy



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]