black listing of web traffic
Hi list I have a problem that I can't seem to find a solution to yet. My student network is being NATted out and anyone who's on that network had troubles accessing random websites. For example, going to www.apple.com or www.facebook.com would work great, but store.apple.com would either not load or take forever to open up. I've had that problem last week and thought I tracked it down to the NAT ip being black listed with one of the span black lists. Even though that IP is not used for mail out, that somehow seemed to affect it. Changing it to a different one seemed to solve the problem and I got that original address of the list in the mean time. Changed it back and everything was well, until today. Same symptoms, but now I don't see us listed anywhere. The best description of the symptoms seems to be that that IP is rate limited or something. Anyone seen that? Are there any blacklists for web access? PS. I checked everything under my control and i don't see a bottle neck anywhere or anything like and IPS working up or something.... ----- Andrey Gordon [andrey.gordon@gmail.com]
I know that cisco either are or have integrated the IronPort reputation service into their IPS devices, maybe a check on www.senderbase.org could help. Chris Campbell --------------------- On 9 Feb 2010, at 19:36, "Andrey Gordon" <andrey.gordon@gmail.com> wrote:
Hi list
I have a problem that I can't seem to find a solution to yet. My student network is being NATted out and anyone who's on that network had troubles accessing random websites. For example, going to www.apple.com or www.facebook.com would work great, but store.apple.com would either not load or take forever to open up.
I've had that problem last week and thought I tracked it down to the NAT ip being black listed with one of the span black lists. Even though that IP is not used for mail out, that somehow seemed to affect it. Changing it to a different one seemed to solve the problem and I got that original address of the list in the mean time. Changed it back and everything was well, until today. Same symptoms, but now I don't see us listed anywhere. The best description of the symptoms seems to be that that IP is rate limited or something.
Anyone seen that? Are there any blacklists for web access?
PS. I checked everything under my control and i don't see a bottle neck anywhere or anything like and IPS working up or something....
----- Andrey Gordon [andrey.gordon@gmail.com]
On Tue, 9 Feb 2010, Andrey Gordon wrote:
I have a problem that I can't seem to find a solution to yet. My student network is being NATted out and anyone who's on that network had troubles accessing random websites. For example, going to www.apple.com or www.facebook.com would work great, but store.apple.com would either not load or take forever to open up.
I've had that problem last week and thought I tracked it down to the NAT ip being black listed with one of the span black lists. Even though that IP is not used for mail out, that somehow seemed to affect it. Changing it to a different one seemed to solve the problem and I got that original address of the list in the mean time. Changed it back and everything was well, until today. Same symptoms, but now I don't see us listed anywhere. The best description of the symptoms seems to be that that IP is rate limited or something.
Other than the Spamhaus DROP list, I've never heard of blacklisting being applied to IP routing. Were some of your IPs somehow on their DROP list? http://www.spamhaus.org/drop/ ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
On Tue, 9 Feb 2010, Jon Lewis wrote:
Other than the Spamhaus DROP list, I've never heard of blacklisting being applied to IP routing.
The RBL was originally distributed via BGP. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
True...and I was a subscriber, so I should have remembered that...but it was roughly a decade ago and in that form dead most of that time. Irrelevant to this guy's current issue. On Tue, 9 Feb 2010, Tony Finch wrote:
On Tue, 9 Feb 2010, Jon Lewis wrote:
Other than the Spamhaus DROP list, I've never heard of blacklisting being applied to IP routing.
The RBL was originally distributed via BGP.
Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
You mentioned this was a student network. Could it be your students are running bit torrent clients and your ISP doesn't like that so they are rate limiting you? This might explain why apple loads and facebook doesn't. I do not know much about facebooks architecture, but I would guess they would use a CDN or have their own so the facebook traffic would stay entirely in your ISP's network(less need to rate limit) and apples traffic may need to go through a peer. Or, could it be your students are running bit torrent and exhausting the state tables on your firewall. Dylan Ebner, Network Engineer Consulting Radiologists, Ltd. -----Original Message----- From: Andrey Gordon [mailto:andrey.gordon@gmail.com] Sent: Tuesday, February 09, 2010 1:35 PM To: Nanog Subject: black listing of web traffic Hi list I have a problem that I can't seem to find a solution to yet. My student network is being NATted out and anyone who's on that network had troubles accessing random websites. For example, going to www.apple.com or www.facebook.com would work great, but store.apple.com would either not load or take forever to open up. I've had that problem last week and thought I tracked it down to the NAT ip being black listed with one of the span black lists. Even though that IP is not used for mail out, that somehow seemed to affect it. Changing it to a different one seemed to solve the problem and I got that original address of the list in the mean time. Changed it back and everything was well, until today. Same symptoms, but now I don't see us listed anywhere. The best description of the symptoms seems to be that that IP is rate limited or something. Anyone seen that? Are there any blacklists for web access? PS. I checked everything under my control and i don't see a bottle neck anywhere or anything like and IPS working up or something.... ----- Andrey Gordon [andrey.gordon@gmail.com]
participants (5)
-
Andrey Gordon -
Chris Campbell -
Dylan Ebner -
Jon Lewis -
Tony Finch