reaching website

Discussion in 'Computer Security' started by Wes Morse, Apr 5, 2006.

  1. Wes Morse

    Wes Morse Guest

    I am trying to access a website http://www.vilaweb.cat from my work
    network and everytime I get a standard "page not found message" even when
    I try to ping it with cmd it says not found but I know the website is
    reachable using a proxy and when I ping it from some website like dnsstuff.

    Does anybody knows why is this happening? I do not think the website is
    being blocked, sometimes they block websites by mistake but we always get
    the block page message.
    Wes Morse, Apr 5, 2006
    #1
    1. Advertising

  2. Wes Morse

    Box750 Guest

    I have just realised something else, the website http://www.avui.cat
    has exactly the same problem, I now believe that the problem is with
    the .cat domain (Catalan Nation) it has been created recently and only
    Catalan institutions are able to use them at the moment, does anybody
    know why some private network do not recognise it and others do?
    Box750, Apr 5, 2006
    #2
    1. Advertising

  3. Wes Morse

    donnie Guest

    On 05 Apr 2006 12:59:33 GMT, Wes Morse <> wrote:

    >
    >
    >I am trying to access a website http://www.vilaweb.cat from my work
    >network and everytime I get a standard "page not found message" even when
    >I try to ping it with cmd it says not found but I know the website is
    >reachable using a proxy and when I ping it from some website like dnsstuff.
    >
    >Does anybody knows why is this happening? I do not think the website is
    >being blocked, sometimes they block websites by mistake but we always get
    >the block page message.

    ###################################
    It's whatever filter your boss is using. Both those sites are
    accessible.
    >
    >
    donnie, Apr 5, 2006
    #3
  4. Wes Morse

    Moe Trin Guest

    On 05 Apr 2006, in the Usenet newsgroup alt.computer.security, in article
    <>, Wes Morse wrote:

    [I have no idea what newsreader you posted from - but get a better one]

    >^M
    >^M
    >I am trying to access a website http://www.vilaweb.cat from my work ^M
    >network and everytime I get a standard "page not found message" even when ^M
    >I try to ping it with cmd it says not found but I know the website is ^M
    >reachable using a proxy and when I ping it from some website like dnsstuff.^M


    The .cat domain is _relatively_ recent. Discuss this with the network
    administrator and ask if they can 'resolve' the name. In the mean time,
    you can try accessing it by it's correct name.

    [compton ~]$ host www.vilaweb.cat
    www.vilaweb.cat is a nickname for vilaweb.com
    vilaweb.com has address 195.219.58.141
    vilaweb.com mail is handled (pri=10) by mail.partal.com
    [compton ~]$

    >Does anybody knows why is this happening? I do not think the website is ^M
    >being blocked, sometimes they block websites by mistake but we always get ^M
    >the block page message.^M


    More likely a mis-configured DNS server. What I take to be your second
    post from 212.85.13.68 shows no PTR record, which indicates technical
    incompetence, even though RIPE does identify the host as part of the
    Camden Town setup.

    In article <>,
    "Box750" <> writes:

    >I have just realised something else, the website http://www.avui.cat
    >has exactly the same problem, I now believe that the problem is with
    >the .cat domain (Catalan Nation) it has been created recently and only
    >Catalan institutions are able to use them at the moment, does anybody
    >know why some private network do not recognise it and others do?


    [compton ~]$ host www.avui.cat
    www.avui.cat has address 213.27.159.54
    [compton ~]$

    You might try accessing the site by IP. If that works, it's probably
    the DNS setup. As for why some can recognize it and others not, perhaps
    the powers that be don't see why a UK government system may want to
    access a site reserved for the Catalan linguistic and cultural community.

    Old guy
    Moe Trin, Apr 5, 2006
    #4
  5. Wes Morse

    Jim Watt Guest

    On Wed, 05 Apr 2006 14:57:11 -0500,
    (Moe Trin) wrote:

    >You might try accessing the site by IP. If that works, it's probably
    >the DNS setup. As for why some can recognize it and others not, perhaps
    >the powers that be don't see why a UK government system may want to
    >access a site reserved for the Catalan linguistic and cultural community.


    works for me, probably a DNS issue, wonder of scotland and wales
    will be looking for their own tld ?
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Apr 5, 2006
    #5
  6. Wes Morse

    Winged Guest

    Moe Trin wrote:

    > You might try accessing the site by IP. If that works, it's probably
    > the DNS setup. As for why some can recognize it and others not, perhaps
    > the powers that be don't see why a UK government system may want to
    > access a site reserved for the Catalan linguistic and cultural community.
    >
    > Old guy


    That IP range sure rings bells. A few weeks ago we saw an ..uh odd
    upload...I know we blocked a range at the firewall to something similar
    to prevent repeat activity. I would not be surprised that others may
    have done so. Sometimes when sites are blocked at various levels you
    get a page not found. It is not uncommon for us to block entire class C
    network if we have issues with a remote network and have no business
    reason to communicate with the domain. It may well be a DNS issue but I
    seem to remember that IP range though not the actual addy. I would not
    be surprised if some other orgs noted issues. When we use this method
    to block access typically users get page not found instead of the normal
    prohibited site message. Just a further possibility.

    Would recommend user contacts network admin. They usually will be more
    than happy to run down why and where communication break down and they
    will be the ones who have the power (maybe) to fix it.

    Winged
    Winged, Apr 6, 2006
    #6
  7. Wes Morse

    Moe Trin Guest

    On Wed, 05 Apr 2006, in the Usenet newsgroup alt.computer.security, in article
    <>, Jim Watt wrote:

    >works for me, probably a DNS issue, wonder of scotland and wales
    >will be looking for their own tld ?


    I dunno about the Scots, but the guys from Wales haven't been able to
    write it down so anyone can read it yet. I'm sure there is hope for them,
    as Guernsey (.gg), Gibralter (.gi), Isle of Man (.im), and Jersey (.je)
    (but not Alderney or Sark or even the Channel Islands) not only have a
    tld, but have domains under those tlds.

    Old guy
    Moe Trin, Apr 6, 2006
    #7
  8. Wes Morse

    Moe Trin Guest

    On Thu, 06 Apr 2006, in the Usenet newsgroup alt.computer.security, in article
    <d56c0$4434a272$45493f2f$>, Winged wrote:

    >That IP range sure rings bells.


    Which one? 195.219.58.141 is in 195.219.58.128/25 from Barcelona, but that
    is a SWIP from 195.219.0.0/16 assigned to Teleglobe in the UK. The second,
    213.27.159.54, is in 213.27.159.48/28 SWIPed to "Corporasio Catalana de
    Comunicacio" (also in Barcelona) and the actual assignee is COLT Telecom
    Espana SA in Madrid who has 213.27.128.0/17. Both of those assignees have
    "problems" they don't seem to want to resolve.

    >A few weeks ago we saw an ..uh odd upload...I know we blocked a range at
    >the firewall to something similar to prevent repeat activity. I would not
    >be surprised that others may have done so. Sometimes when sites are
    >blocked at various levels you get a page not found. It is not uncommon
    >for us to block entire class C network if we have issues with a remote
    >network and have no business reason to communicate with the domain.


    "Classful" designations like "Class C" were superseded in 1993 - you want
    to talk about a /24 now - but that's not at all unusual. At work, I know
    we block on as large as a /5 - that would be 8 former "Class A"s, and I
    don't think that unusual. Certainly there are a lot of /16s (former "Class
    B") that are blocked because of abuse.

    >It may well be a DNS issue but I seem to remember that IP range though not
    >the actual addy. I would not be surprised if some other orgs noted issues.


    Neither range seems to be blocked from here, though there could be others in
    that /16 or /17 that are.

    >When we use this method to block access typically users get page not found
    >instead of the normal prohibited site message.


    Depends - if we block (null route) a range, you can't even resolve the
    hostname unless the authoritative nameserver is in a different range that
    isn't being blocked. Even trying to connect to a host using the IP address
    will fail.

    Old guy
    Moe Trin, Apr 6, 2006
    #8
  9. Wes Morse

    Jim Watt Guest

    On Thu, 06 Apr 2006 15:04:03 -0500,
    (Moe Trin) wrote:

    >On Wed, 05 Apr 2006, in the Usenet newsgroup alt.computer.security, in article
    ><>, Jim Watt wrote:
    >
    >>works for me, probably a DNS issue, wonder of scotland and wales
    >>will be looking for their own tld ?

    >
    >I dunno about the Scots, but the guys from Wales haven't been able to
    >write it down so anyone can read it yet. I'm sure there is hope for them,
    >as Guernsey (.gg), Gibralter (.gi), Isle of Man (.im), and Jersey (.je)
    >(but not Alderney or Sark or even the Channel Islands) not only have a
    >tld, but have domains under those tlds.


    Indeed, but those places are rather different to what is an integral
    part of the Spanish state. Scotland and Wales are similar in being
    part of the UK rather than overseas territories

    I admit to owning some .gi domains, which are a lot more expensive
    than .com's Indeed when I registered gibnet.com my original request
    was for gibnet.gi but the tld had not been issued and it seemed easier
    to go for a .com than start it. That was a mistake.
    --
    Jim Watt
    http://www.gibnet.com
    Jim Watt, Apr 7, 2006
    #9
  10. Wes Morse

    Winged Guest

    Moe Trin wrote:
    > On Thu, 06 Apr 2006, in the Usenet newsgroup alt.computer.security, in article
    > <d56c0$4434a272$45493f2f$>, Winged wrote:
    >
    >
    >>That IP range sure rings bells.

    >
    >
    > Which one? 195.219.58.141 is in 195.219.58.128/25 from Barcelona, but that
    > is a SWIP from 195.219.0.0/16 assigned to Teleglobe in the UK. The second,
    > 213.27.159.54, is in 213.27.159.48/28 SWIPed to "Corporasio Catalana de
    > Comunicacio" (also in Barcelona) and the actual assignee is COLT Telecom
    > Espana SA in Madrid who has 213.27.128.0/17. Both of those assignees have
    > "problems" they don't seem to want to resolve.
    >
    >
    >>A few weeks ago we saw an ..uh odd upload...I know we blocked a range at
    >>the firewall to something similar to prevent repeat activity. I would not
    >>be surprised that others may have done so. Sometimes when sites are
    >>blocked at various levels you get a page not found. It is not uncommon
    >>for us to block entire class C network if we have issues with a remote
    >>network and have no business reason to communicate with the domain.

    >
    >
    > "Classful" designations like "Class C" were superseded in 1993 - you want
    > to talk about a /24 now - but that's not at all unusual. At work, I know
    > we block on as large as a /5 - that would be 8 former "Class A"s, and I
    > don't think that unusual. Certainly there are a lot of /16s (former "Class
    > B") that are blocked because of abuse.
    >
    >
    >>It may well be a DNS issue but I seem to remember that IP range though not
    >>the actual addy. I would not be surprised if some other orgs noted issues.

    >
    >
    > Neither range seems to be blocked from here, though there could be others in
    > that /16 or /17 that are.
    >
    >
    >>When we use this method to block access typically users get page not found
    >>instead of the normal prohibited site message.

    >
    >
    > Depends - if we block (null route) a range, you can't even resolve the
    > hostname unless the authoritative nameserver is in a different range that
    > isn't being blocked. Even trying to connect to a host using the IP address
    > will fail.
    >
    > Old guy


    Ah configuration differences. You are correct in a typical
    configuration. Our DNS is managed by other demigods outside our
    immediate subnets. Alas, my first response is at our firewall layers
    which I have immediate control. Therefore authoritive response can be
    received though a route is blocked.

    Due to space and time consideration I tend to block a subnet ranges
    (255 address block subnet range (/24 or multiple /24 ranges depending on
    range owner and other considerations)if something is occurring from a
    location that has not been defined as being business critical as a first
    response. Overkill, sometimes yes. If a user complains about being
    unable to reach a specific site we will look at where block is occurring
    and determine whether to allow communications.

    Often it seems I do not have the luxury of spending a great amount of
    time on individual issues and this stops some attack vectors cold except
    for those attackers who are determined and attack across multiple
    distributed subnets. Those require different responses depending on the
    situation. Of course many variables are involved in a block decision.

    When I referred to the Class C (subnet) I was referring to blocking the
    255 address range of the 3rd triplet or a /24. I am leery of blocking
    classless supernets (ie </24) due to getting addresses that in not my
    intention to block. I avoid block wide scale ranges unless a specific
    threat exists to require it. I avoid blocking full class A networks if
    possible so multiple A(s) would require an extraordinary threat. There
    have been threats where temporarily we blocked extended ranges until we
    understood and countered threat however this is not normal operational
    behavior. While I understand classless networks this old dog still
    thinks in network classes. Blocking can be effective for some attack
    vectors.

    I still stand by response for user to talk to his network administrators
    as they are the ones empowered to fix the issue versus user trying
    various methods on his own to work around the communication problem. I
    know in our shop we will at least look at users communication issues and
    either fix the issue or tell the user why the communication is blocked.
    I prefer users not try to be creative when dealing with something blocked.

    Winged
    Winged, Apr 7, 2006
    #10
  11. Wes Morse

    Moe Trin Guest

    On Fri, 07 Apr 2006, in the Usenet newsgroup alt.computer.security, in article
    <d7849$4436ed41$45493f2f$>, Winged wrote:

    >Ah configuration differences. You are correct in a typical
    >configuration. Our DNS is managed by other demigods outside our
    >immediate subnets. Alas, my first response is at our firewall layers
    >which I have immediate control. Therefore authoritive response can be
    >received though a route is blocked.


    Obviously a lot depends on where the perimeter is located. We have two
    people who are in charge of the corporate firewall, though the NOC staff
    can do things in an emergency. Out here in BoonyVille, we do run firewalls
    at the division and facility level, but they rarely are used to block
    external addresses. In a perceived emergency, we can put blocks in place
    against external addreses, but this happens rarely.

    >Due to space and time consideration I tend to block a subnet ranges
    >(255 address block subnet range (/24 or multiple /24 ranges depending on
    >range owner and other considerations)if something is occurring from a
    >location that has not been defined as being business critical as a first
    >response. Overkill, sometimes yes.


    Users may think it overkill - some network/security types may say it's
    underkill. I read of a mail admin in another newsgroup that applies a
    /24 block if even one item of spam is received from that block from a
    major bandwidth provider.

    >If a user complains about being unable to reach a specific site we will
    >look at where block is occurring and determine whether to allow
    >communications.


    That's normal.

    >I am leery of blocking classless supernets (ie </24) due to getting
    >addresses that in not my intention to block. I avoid block wide scale
    >ranges unless a specific threat exists to require it. I avoid blocking
    >full class A networks if possible so multiple A(s) would require an
    >extraordinary threat.


    [compton ~]$ cut -d' ' -f3 <IP.ADDR/stats/[ALR]* | grep '\.' | sort |
    uniq -c | column
    44 255.0.0.0 9716 255.255.0.0 31442 255.255.255.0
    3 255.128.0.0 1488 255.255.128.0 59 255.255.255.128
    13 255.192.0.0 2599 255.255.192.0 38 255.255.255.192
    34 255.224.0.0 7043 255.255.224.0 35 255.255.255.224
    87 255.240.0.0 6016 255.255.240.0 11 255.255.255.240
    203 255.248.0.0 2263 255.255.248.0 7 255.255.255.248
    423 255.252.0.0 3248 255.255.252.0
    628 255.254.0.0 4235 255.255.254.0
    [compton ~]$ cut -d' ' -f3 <IP.ADDR/stats/[ALR]* | grep -vc '\.'
    2456
    [compton ~]$ cut -d' ' -f3 <IP.ADDR/stats/[ALR]* | sort -n | uniq -c |
    tail -9 | column
    1 2424832 1 3014656 1 7733248
    1 2621440 1 3604480 1 9175040
    2 2686976 1 5177344 1 12582912
    [compton ~]$ mask 2424832
    2424832 (37 x 65536) (9472 x 256)
    [compton ~]$

    That's derived from the RIR database (AFRINIC, APNIC, ARIN, LACNIC, RIPE)
    from last month. In general, IANA is recommending that the RIRs not allocate
    smaller than a /24 (although there exists 155 assignments of less than
    255 IP addresses - the table above shows 150), suggesting that if you need
    such a range, you should get it from a bandwidth provider. They are also
    getting parsimonious handing out IPv4 space. Gone are the days of a /8
    or even a /12. Of the ten large CIDR blocks noted above, only three are
    public providers - the '12582912' block being one assigned to Comcast.

    The reason we go with the larger blocks is economy of scale. Which takes
    less CPU time to block - 1024 adjacent /24s or one /14? We also have the
    benefit that mail from overseas is MX routed to our overseas offices which
    also have "local" IPs. Thus, we could block most of Asia with 9 rules if
    we wanted to - and so on.

    >While I understand classless networks this old dog still thinks in
    >network classes.


    Understood - see RFC1878 for tables of the /x to IP range. The fly in the
    ointment is those non-binary ranges. Other than using a tac-nuke, how do
    you block a range of 163.62.0.0 - 163.116.255.255 (which is net "EDF-NET05"
    from Electricite de France Service National)? That's where you start to
    get hair loss. (And yes, I do know it takes five rules [/15, /11, /12, /14
    and /16] to describe that range in binary.)

    >I still stand by response for user to talk to his network administrators
    >as they are the ones empowered to fix the issue versus user trying
    >various methods on his own to work around the communication problem. I
    >know in our shop we will at least look at users communication issues and
    >either fix the issue or tell the user why the communication is blocked.


    Agreed.

    >I prefer users not try to be creative when dealing with something blocked.


    That's an awfully polite way of saying "we'll flay 'em alive, and feed the
    bits to the backhoe Ghods as an offering to prevent damage to the cables".

    Old guy
    Moe Trin, Apr 8, 2006
    #11
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre
    Replies:
    1
    Views:
    463
    Jack Taugher
    Feb 25, 2005
  2. Greenhorn
    Replies:
    0
    Views:
    402
    Greenhorn
    Apr 1, 2005
  3. John Seeliger

    Re: Possible to stop M. Updates from reaching Yahoo?

    John Seeliger, Sep 22, 2003, in forum: Computer Support
    Replies:
    43
    Views:
    1,172
    Blinky the Shark
    Sep 26, 2003
  4. Rick
    Replies:
    1
    Views:
    519
  5. Use.Netuser.ntl

    Reaching URL on NTL Broadband

    Use.Netuser.ntl, Jun 10, 2005, in forum: Computer Support
    Replies:
    7
    Views:
    787
    Old Gringo
    Jun 10, 2005
Loading...

Share This Page