RE: [SMBManagedServices] RE: next hop packet loss
Get a load of this: New version of Firefox works fine. Methinks Mozilla released a turd. -----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of James_TDS Sent: Friday, August 10, 2012 11:47 AM To: SMBManagedServices@yahoogroups.com Subject: RE: [SMBManagedServices] RE: next hop packet loss As I said I suspect Checkpoint is "breaking the Internet" in an attempt to block various DDOS attacks. The failure of tracert and ICMP is not isolated to Checkpoint and Above.net as I had a similar problem with a local TW customer on a static IP. Because their in house router was down and not responding to anything TW would drop the Tracert long before it even came close to my client. I gave them heck about this as it made it impossible to remotely monitor the customer because when the customer calls and says the "Internet is down" the first thing I do is tracert to their IP. When I see the route die in another city that tells me the ISP is having issues vs. the route dying one hop out from my customer's IP. They gave me some crap about active routing and such. Put anything on that IP and have it respond to pings and the route will complete. As I said Telnet checkpoint.com 80 fails for me but SLChecker works so again it's probably some DDOS thing and they are checking user agents before replying and I assume SLCheck mimics IE or something. Handy tool. -----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of Jim Ray Sent: Friday, August 10, 2012 8:23 AM To: SMBManagedServices@yahoogroups.com Subject: RE: [SMBManagedServices] RE: next hop packet loss I am stumped why http://www.checkpoint.com won't resolve with Firefox yet will with Internet Explorer and Safari. I know Microsoft won't let you do what you need to do with Firefox yet am surprised with Check Point. Above.net is not echoing ICMP, though, before one reaches Check Point.
From the NANOG group, I found out it is possible to use command line switch to specify type of traffic and to get around ICMP issue. Apparently, TCP works; however, another person said UDP is preferred embodiment.
This test resolved web site yet resulted in lost connection: telnet www.checkpoint.com 80 GET / HTTP/1.1 Host: www.checkpoint.com I captured packets with Wireshark yet did not see anything that jumped out at me as root cause for failure. Meanwhile back at the ranch, my friend brought over business card for Check Point representative, and I plan to pick up the phone and call thereby bypassing TCP/IP in its entirety. -----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of James_TDS Sent: Thursday, August 09, 2012 10:50 AM To: SMBManagedServices@yahoogroups.com Subject: RE: [SMBManagedServices] RE: next hop packet loss Go back a few post and see where I mentioned that the hop in question was not responding to the ICMP request, it wasn't down they just refuse to echo. Probably a more valid test would have been: telnet checkpoint.com 80 GET However I just tested that as well and Checkpoint doesn't respond correctly. Not sure what they are doing on the frontend but they are breaking Internet "rules" probably in an effort to not be DDOS'd. I checked again with SLChecker and it responds correctly so they are likely not responding to Telnet because it doesn't send a user agent ID. -----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of Jim Ray Sent: Thursday, August 09, 2012 8:39 AM To: SMBManagedServices@yahoogroups.com Cc: Herring, David Subject: [SMBManagedServices] RE: next hop packet loss Hey, I get the idgit award for this one. Time Warner's next hop that was dropping packets was really a situation where next hop was not responding to ICMP from tracert. Neither of us was able to diagnose the problem until last night when I found out Safari pulled up http://www.checkpoint.com from same network and Firefox on PC did not. So, apparently, Check Point does not like Firefox. Internet Explorer worked. Meanwhile back at the ranch, I have learned about TCP switch in tracert thanks to peers here and on NANOG and have gotten down and dirty with Wireshark. Regards, Jim Ray, President Neuse River Networks 2 Davis Drive, PO Box 13169 Research Triangle Park, NC 27709 919-838-1672 x100 www.NeuseRiverNetworks.com -----Original Message----- From: Herring, David [mailto:david.herring@twcable.com] Sent: Thursday, August 09, 2012 7:54 AM To: Jim Ray; Adrian Bool Subject: RE: next hop packet loss Got it.. no worries.. I know we are not always the best either! What would be great- that you let the below be known to your user group? I know we let them know when we thought it was Business class problem... David Herring Channel Manager | Channel Partner Program, East Region TWC Business Class 101 Innovation Avenue| Morrisville, NC 27560 919.573.7635 -----Original Message----- From: Jim Ray [mailto:jim@neuse.net] Sent: Wednesday, August 08, 2012 7:48 PM To: Adrian Bool Cc: Herring, David Subject: RE: next hop packet loss Dude...don't laugh too hard when I tell you I found the problem: http://www.CheckPoint.com not compatible with Firefox, only with Safari and Internet Explorer or possibly others. David, apparently, tracert is not a valid test if ICMP is not active. So, my apologies. Regards, Jim Ray, President Neuse River Networks 2 Davis Drive, PO Box 13169 Research Triangle Park, NC 27709 919-838-1672 x100 www.NeuseRiverNetworks.com -----Original Message----- From: Adrian Bool [mailto:aid@logic.org.uk] Sent: Tuesday, August 07, 2012 9:22 AM To: Jim Ray Subject: Re: next hop packet loss Oh, if you do get a connect on the telnet session, type, GET / HTTP/1.1 Host: www.checkpoint.com <return> <return> aid On 7 Aug 2012, at 14:14, "Jim Ray" <jim@neuse.net> wrote:
Ah, good eyes :-)
Thank you, sir. Will try again.
Regards,
Jim Ray, President Neuse River Networks 2 Davis Drive, PO Box 13169 Research Triangle Park, NC 27709 919-838-1672 x100 www.NeuseRiverNetworks.com
-----Original Message----- From: Adrian Bool [mailto:aid@logic.org.uk] Sent: Tuesday, August 07, 2012 9:14 AM To: Jim Ray Subject: Re: next hop packet loss
Hi Jim,
It looks like you just used telnet on its own (so it used port 23, which *will* be blocked by Checkpoint). Instead you need to specify the HTTP port as well,
telnet www.checkpoint.com 80
If you give that a go again; whilst capturing with Wireshark & see what happens.
Cheers,
aid
This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout. ------------------------------------ Moderated and managed Amy LubyYahoo! Groups Links ------------------------------------ Moderated and managed Amy LubyYahoo! Groups Links ------------------------------------ Moderated and managed Amy LubyYahoo! Groups Links ------------------------------------ Moderated and managed Amy LubyYahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/SMBManagedServices/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/SMBManagedServices/join (Yahoo! ID required) <*> To change settings via email: SMBManagedServices-digest@yahoogroups.com SMBManagedServices-fullfeatured@yahoogroups.com <*> To unsubscribe from this group, send an email to: SMBManagedServices-unsubscribe@yahoogroups.com <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
Works fine in Firefox for me, and always has (within the limits of the shoddily designed website that is). Nonetheless, I'd never buy anything from them since they are an anti-security organization. Their Web site uses so much gratuitous javascript crap and hard-coded assumptions about character cell sizes and pixel density that it is completely unuseable. I have no reason to believe that any other product they sell is any better designed -- if you can't create a web site that does not require increasing attack surface in order to use it, then I would assume that all their products work and are designed the same way, and that deployment of any of their products increases attack surface rather than decreasing it. On the other hand they are probably four-colour-glossy-brochure and buzzword compliant. Then again I'm an curmudgeonly old fart that can't even spell dot Snot. --- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
-----Original Message----- From: Jim Ray [mailto:jim@neuse.net] Sent: Saturday, 11 August, 2012 10:36 To: SMBManagedServices@yahoogroups.com Cc: nanog@nanog.org; david.herring@twcable.com Subject: RE: [SMBManagedServices] RE: next hop packet loss
Get a load of this:
New version of Firefox works fine. Methinks Mozilla released a turd.
-----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of James_TDS Sent: Friday, August 10, 2012 11:47 AM To: SMBManagedServices@yahoogroups.com Subject: RE: [SMBManagedServices] RE: next hop packet loss
As I said I suspect Checkpoint is "breaking the Internet" in an attempt to block various DDOS attacks. The failure of tracert and ICMP is not isolated to Checkpoint and Above.net as I had a similar problem with a local TW customer on a static IP. Because their in house router was down and not responding to anything TW would drop the Tracert long before it even came close to my client. I gave them heck about this as it made it impossible to remotely monitor the customer because when the customer calls and says the "Internet is down" the first thing I do is tracert to their IP. When I see the route die in another city that tells me the ISP is having issues vs. the route dying one hop out from my customer's IP. They gave me some crap about active routing and such. Put anything on that IP and have it respond to pings and the route will complete.
As I said Telnet checkpoint.com 80 fails for me but SLChecker works so again it's probably some DDOS thing and they are checking user agents before replying and I assume SLCheck mimics IE or something. Handy tool.
-----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of Jim Ray Sent: Friday, August 10, 2012 8:23 AM To: SMBManagedServices@yahoogroups.com Subject: RE: [SMBManagedServices] RE: next hop packet loss
I am stumped why http://www.checkpoint.com won't resolve with Firefox yet will with Internet Explorer and Safari. I know Microsoft won't let you do what you need to do with Firefox yet am surprised with Check Point.
Above.net is not echoing ICMP, though, before one reaches Check Point.
From the NANOG group, I found out it is possible to use command line switch to specify type of traffic and to get around ICMP issue. Apparently, TCP works; however, another person said UDP is preferred embodiment.
This test resolved web site yet resulted in lost connection:
telnet www.checkpoint.com 80 GET / HTTP/1.1 Host: www.checkpoint.com
I captured packets with Wireshark yet did not see anything that jumped out at me as root cause for failure.
Meanwhile back at the ranch, my friend brought over business card for Check Point representative, and I plan to pick up the phone and call thereby bypassing TCP/IP in its entirety.
-----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of James_TDS Sent: Thursday, August 09, 2012 10:50 AM To: SMBManagedServices@yahoogroups.com Subject: RE: [SMBManagedServices] RE: next hop packet loss
Go back a few post and see where I mentioned that the hop in question was not responding to the ICMP request, it wasn't down they just refuse to echo.
Probably a more valid test would have been:
telnet checkpoint.com 80 GET
However I just tested that as well and Checkpoint doesn't respond correctly. Not sure what they are doing on the frontend but they are breaking Internet "rules" probably in an effort to not be DDOS'd. I checked again with SLChecker and it responds correctly so they are likely not responding to Telnet because it doesn't send a user agent ID.
-----Original Message----- From: SMBManagedServices@yahoogroups.com [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of Jim Ray Sent: Thursday, August 09, 2012 8:39 AM To: SMBManagedServices@yahoogroups.com Cc: Herring, David Subject: [SMBManagedServices] RE: next hop packet loss
Hey, I get the idgit award for this one. Time Warner's next hop that was dropping packets was really a situation where next hop was not responding to ICMP from tracert. Neither of us was able to diagnose the problem until last night when I found out Safari pulled up http://www.checkpoint.com from same network and Firefox on PC did not.
So, apparently, Check Point does not like Firefox. Internet Explorer worked.
Meanwhile back at the ranch, I have learned about TCP switch in tracert thanks to peers here and on NANOG and have gotten down and dirty with Wireshark.
Regards,
Jim Ray, President Neuse River Networks 2 Davis Drive, PO Box 13169 Research Triangle Park, NC 27709 919-838-1672 x100 www.NeuseRiverNetworks.com
-----Original Message----- From: Herring, David [mailto:david.herring@twcable.com] Sent: Thursday, August 09, 2012 7:54 AM To: Jim Ray; Adrian Bool Subject: RE: next hop packet loss
Got it.. no worries.. I know we are not always the best either!
What would be great- that you let the below be known to your user group? I know we let them know when we thought it was Business class problem...
David Herring Channel Manager | Channel Partner Program, East Region TWC Business Class 101 Innovation Avenue| Morrisville, NC 27560 919.573.7635
-----Original Message----- From: Jim Ray [mailto:jim@neuse.net] Sent: Wednesday, August 08, 2012 7:48 PM To: Adrian Bool Cc: Herring, David Subject: RE: next hop packet loss
Dude...don't laugh too hard when I tell you I found the problem:
http://www.CheckPoint.com not compatible with Firefox, only with Safari and Internet Explorer or possibly others.
David, apparently, tracert is not a valid test if ICMP is not active. So, my apologies.
Regards,
Jim Ray, President Neuse River Networks 2 Davis Drive, PO Box 13169 Research Triangle Park, NC 27709 919-838-1672 x100 www.NeuseRiverNetworks.com
-----Original Message----- From: Adrian Bool [mailto:aid@logic.org.uk] Sent: Tuesday, August 07, 2012 9:22 AM To: Jim Ray Subject: Re: next hop packet loss
Oh, if you do get a connect on the telnet session, type,
GET / HTTP/1.1 Host: www.checkpoint.com <return> <return>
aid
On 7 Aug 2012, at 14:14, "Jim Ray" <jim@neuse.net> wrote:
Ah, good eyes :-)
Thank you, sir. Will try again.
Regards,
Jim Ray, President Neuse River Networks 2 Davis Drive, PO Box 13169 Research Triangle Park, NC 27709 919-838-1672 x100 www.NeuseRiverNetworks.com
-----Original Message----- From: Adrian Bool [mailto:aid@logic.org.uk] Sent: Tuesday, August 07, 2012 9:14 AM To: Jim Ray Subject: Re: next hop packet loss
Hi Jim,
It looks like you just used telnet on its own (so it used port 23, which *will* be blocked by Checkpoint). Instead you need to specify the HTTP port as well,
telnet www.checkpoint.com 80
If you give that a go again; whilst capturing with Wireshark & see what happens.
Cheers,
aid
This E-mail and any of its attachments may contain Time Warner Cable proprietary information, which is privileged, confidential, or subject to copyright belonging to Time Warner Cable. This E-mail is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient of this E-mail, you are hereby notified that any dissemination, distribution, copying, or action taken in relation to the contents of and attachments to this E-mail is strictly prohibited and may be unlawful. If you have received this E-mail in error, please notify the sender immediately and permanently delete the original and any copy of this E-mail and any printout.
------------------------------------
Moderated and managed Amy LubyYahoo! Groups Links
------------------------------------
Moderated and managed Amy LubyYahoo! Groups Links
------------------------------------
Moderated and managed Amy LubyYahoo! Groups Links
------------------------------------
Moderated and managed Amy LubyYahoo! Groups Links
<*> To visit your group on the web, go to: http://groups.yahoo.com/group/SMBManagedServices/
<*> Your email settings: Individual Email | Traditional
<*> To change settings online go to: http://groups.yahoo.com/group/SMBManagedServices/join (Yahoo! ID required)
<*> To change settings via email: SMBManagedServices-digest@yahoogroups.com SMBManagedServices-fullfeatured@yahoogroups.com
<*> To unsubscribe from this group, send an email to: SMBManagedServices-unsubscribe@yahoogroups.com
<*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
participants (2)
-
Jim Ray
-
Keith Medcalf