stealth-blocking, isp blocking website

Discussion in 'Computer Security' started by Dhruv, Oct 25, 2004.

  1. Dhruv

    Dhruv Guest

    Hi,


    Can someone tell me one thing. Is there a piece of software that if you feed in a
    particular URL, it can detect all major ISPs around the globe that have
    blocked it?

    Do you know of one? Is there a way to find out? Are there some tools I can use?

    Thanks

    :DHRUV
    Dhruv, Oct 25, 2004
    #1
    1. Advertising

  2. Dhruv

    Moe Trin Guest

    In article <>, Dhruv wrote:

    >Can someone tell me one thing. Is there a piece of software that if you
    >feed in a particular URL, it can detect all major ISPs around the globe
    >that have blocked it?


    Please think about that for a minute. The major ISPs are not friends
    with each other - they are competition. Do you know what that means?
    IT MEANS THEY DON'T PUBLISH THEIR BLOCKLISTS!!! They don't want to
    tell their competition what they are doing. Wow - Ford not telling GM
    what they are doing in next year's cars. Amazing.

    >Do you know of one? Is there a way to find out?


    No and No

    >Are there some tools I can use?


    http://groups.google.com/ and read the news.admin.net-abuse.*
    newsgroups.

    >NNTP-Posting-Host: 68.166.0.136


    Covad - a lot of their netspace is blocked for their support of spammers.

    Old guy
    Moe Trin, Oct 25, 2004
    #2
    1. Advertising

  3. Dhruv

    Dhruv Guest

    My client site is not hosted with covad. It is natwestfraud.com. I
    just want to know whether it is being blocked by major isp Bt internet
    and others.

    Thanks

    :D

    (Moe Trin) wrote in message news:<>...
    > In article <>, Dhruv wrote:
    >
    > >Can someone tell me one thing. Is there a piece of software that if you
    > >feed in a particular URL, it can detect all major ISPs around the globe
    > >that have blocked it?

    >
    > Please think about that for a minute. The major ISPs are not friends
    > with each other - they are competition. Do you know what that means?
    > IT MEANS THEY DON'T PUBLISH THEIR BLOCKLISTS!!! They don't want to
    > tell their competition what they are doing. Wow - Ford not telling GM
    > what they are doing in next year's cars. Amazing.
    >
    > >Do you know of one? Is there a way to find out?

    >
    > No and No
    >
    > >Are there some tools I can use?

    >
    > http://groups.google.com/ and read the news.admin.net-abuse.*
    > newsgroups.
    >
    > >NNTP-Posting-Host: 68.166.0.136

    >
    > Covad - a lot of their netspace is blocked for their support of spammers.
    >
    > Old guy
    Dhruv, Oct 26, 2004
    #3
  4. > (Moe Trin) wrote in message
    news:<>...
    > > In article <>, Dhruv

    wrote:
    > >
    > > >Can someone tell me one thing. Is there a piece of software that if you
    > > >feed in a particular URL, it can detect all major ISPs around the globe
    > > >that have blocked it?

    > >
    > > Please think about that for a minute. The major ISPs are not friends
    > > with each other - they are competition. Do you know what that means?
    > > IT MEANS THEY DON'T PUBLISH THEIR BLOCKLISTS!!! They don't want to
    > > tell their competition what they are doing. Wow - Ford not telling GM
    > > what they are doing in next year's cars. Amazing.
    > >
    > > >Do you know of one? Is there a way to find out?

    > >
    > > No and No
    > >
    > > >Are there some tools I can use?

    > >
    > > http://groups.google.com/ and read the news.admin.net-abuse.*
    > > newsgroups.
    > >
    > > >NNTP-Posting-Host: 68.166.0.136

    > >
    > > Covad - a lot of their netspace is blocked for their support of

    spammers.

    "Dhruv" <> wrote in message
    news:...
    > My client site is not hosted with covad. It is natwestfraud.com. I
    > just want to know whether it is being blocked by major isp Bt internet
    > and others.


    Hokay.. let's think about this.

    So, you have/hire an IP address (that may be shared with others), and
    there's this "thing" that reads your site, and decides whether or not you're
    doing... (pauses) something that you haven't told us.

    Well.

    There's a command in VMS "dir /since=tomorrow"; unfortunately, the VAXen I
    used didn't have the appropriate hardware upgrade (crystal ball ;o), so
    we're stuck with a lack of magical hardware in both cases.

    Chances are, either someone has blocked you, you are unable to use a browser
    (oh, hang on, the site is actually up, and - for those people that don't get
    warm and fuzzy after a lost cause - it's indifferently crafted and full of
    sponsored adverts. Oh, and the only interesting links seem to be 404s.. no
    accounting for taste, but it might be worth reading the Help file that came
    with your FTP client)

    Incidentally, you might like to know that the charges made on the (one) page
    the seemed to work make it seem that you're onto a bit of a hiding to
    nothing - can't comment on your case, but the page is strewn with factual
    inaccuracies, and you'll probably get the site pulled on the basis of the
    dodgy photographs alone. Let alone the copyright ;o)

    Or was this just a paranoid read-my-website stunt all along..?

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
    Hairy One Kenobi, Oct 26, 2004
    #4
  5. Dhruv

    Moe Trin Guest

    In article <>, Dhruv wrote:

    >My client site is not hosted with covad. It is natwestfraud.com. I
    >just want to know whether it is being blocked by major isp Bt internet
    >and others.


    [compton ~]$ host natwestfraud.com
    natwestfraud.com has address 66.150.28.110
    natwestfraud.com mail is handled (pri=10) by mail.globalhosting.com
    [compton ~]$ host www.natwestfraud.com
    www.natwestfraud.com has address 66.150.28.110
    [compton ~]$ nwhois 66.150.28.110
    [whois.arin.net]
    Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
    66.150.0.0 - 66.151.255.255
    Globalhosting, Inc. PNAP-ACS-GLOBHO-RM-01 (NET-66-150-28-0-1)
    66.150.28.0 - 66.150.31.255

    # ARIN WHOIS database, last updated 2004-10-26 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    [compton ~]$

    Oh, sweet mother of... Boy you really picked a winner there. Wander over
    to the newsgroup news.admin.net-abuse.sightings and
    news.admin.net-abuse.blocklists (do a search on http://groups.google.com/)
    and look for Internap. Not only do we not accept mail from that /15,
    we don't even accept packets - mail, web, FTP, DNS - anything at all.
    I really doubt that we're alone in doing that.

    I can't say what BT Internet (or others) might be doing - why not try to
    mail them and ask? If your mail gets bounced - that might be a clue. Try
    mailing from other ISPs you may have access to.

    Old guy
    Moe Trin, Oct 28, 2004
    #5
  6. Dhruv

    Guest

    Okay I will try your suggestion. But why are they blocking it and how
    do i get it unblocked?

    This site is a consumer site and it doesn't do anything as spamming.
    Big corporations just want to block it because it is on the first page
    on google for the natwest bank.

    :DHRUV
    Moe Trin wrote:
    > In article <>, Dhruv

    wrote:
    >
    > >My client site is not hosted with covad. It is natwestfraud.com. I
    > >just want to know whether it is being blocked by major isp Bt

    internet
    > >and others.

    >
    > [compton ~]$ host natwestfraud.com
    > natwestfraud.com has address 66.150.28.110
    > natwestfraud.com mail is handled (pri=10) by mail.globalhosting.com
    > [compton ~]$ host www.natwestfraud.com
    > www.natwestfraud.com has address 66.150.28.110
    > [compton ~]$ nwhois 66.150.28.110
    > [whois.arin.net]
    > Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
    > 66.150.0.0 - 66.151.255.255
    > Globalhosting, Inc. PNAP-ACS-GLOBHO-RM-01 (NET-66-150-28-0-1)
    > 66.150.28.0 - 66.150.31.255
    >
    > # ARIN WHOIS database, last updated 2004-10-26 19:10
    > # Enter ? for additional hints on searching ARIN's WHOIS database.
    > [compton ~]$
    >
    > Oh, sweet mother of... Boy you really picked a winner there. Wander

    over
    > to the newsgroup news.admin.net-abuse.sightings and
    > news.admin.net-abuse.blocklists (do a search on

    http://groups.google.com/)
    > and look for Internap. Not only do we not accept mail from that /15,
    > we don't even accept packets - mail, web, FTP, DNS - anything at all.
    > I really doubt that we're alone in doing that.
    >
    > I can't say what BT Internet (or others) might be doing - why not try

    to
    > mail them and ask? If your mail gets bounced - that might be a clue.

    Try
    > mailing from other ISPs you may have access to.
    >
    > Old guy
    , Jan 10, 2005
    #6
  7. Dhruv

    Moe Trin Guest

    In article <>,
    wrote:

    >Okay I will try your suggestion. But why are they blocking it and how
    >do i get it unblocked?


    Do read the FAQ at news.admin.net-abuse.blocklists (there is a link at
    the bottom of every post in that moderated newsgroup). I rather doubt it
    is your website that is "the problem". You are in a bad Internet
    neighborhood amd that is much more likely to be the cause.

    >This site is a consumer site and it doesn't do anything as spamming.


    It may be as innocent as a new borne baby, but your upstream apparently
    has problems. Recall my post where I said

    -----------
    >> [compton ~]$ host www.natwestfraud.com
    >> www.natwestfraud.com has address 66.150.28.110
    >> [compton ~]$ nwhois 66.150.28.110
    >> [whois.arin.net]
    >> Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
    >> 66.150.0.0 - 66.151.255.255
    >> Globalhosting, Inc. PNAP-ACS-GLOBHO-RM-01 (NET-66-150-28-0-1)
    >> 66.150.28.0 - 66.150.31.255


    >> Oh, sweet mother of... Boy you really picked a winner there.


    >> Not only do we not accept mail from that /15,

    ^^^^^
    >> we don't even accept packets - mail, web, FTP, DNS - anything at all.

    -----------

    "that /15" means 66.150.0.0 - 66.151.255.255. Actually, we don't accept
    packets from six other blocks (/15s down to /19s) assigned to Internap as
    well. Are you still at 66.150.28.110? Apparently. Looking at one of
    my external proxies, I see that Globalhosting, Inc (or Internap - their
    server seems to be authoritative and is the one answering) doesn't feel
    it necessary to comply with RFCs, and have a PTR record in the DNS for
    that address. (This means I can look up www.natwestfraud.com and get
    66.150.28.110, but when I look up the IP address 66.150.28.110, I get a
    "Host not found" message - talk to your upstream and ask why.) Some people
    don't like that either.

    >Big corporations just want to block it because it is on the first page
    >on google for the natwest bank.


    You must have a big page on your web browser - when I google for 'natwest
    bank', your "natwestfraud.com" shows up as hit number 35. No, I rather
    doubt that has much to do with the blockage at all. I'm not in the UK,
    so I can't say what someone like BT is doing, but it's their network,
    and they make the rules on their network. The Internet is a cooperative
    of networks, and unless you have some contract with network $FOO, they
    are not obligated to carry your packets. If you (or your upstream) has
    made network $FOO unhappy for some reason, then _that_ issue has to be
    cleared up.

    Old guy
    Moe Trin, Jan 11, 2005
    #7
  8. Dhruv

    Guest

    I'm not too technical however when I try 66.150.28.110 in the web
    browser it resolves to the website natwestfraud. How come I can get to
    it and you get host not found when you go via ip.
    Also, what do you mean talk with your upstream? Does that mean my web
    host?
    Do you think that changing the site to the ip 69.36.177.172 would do
    any good? Is that ip on a blacklist? What is $FOO?

    Sorry I'm not a security person but I just want to resolve/understand
    the problem so I can resolve it so it doesn't occur in future.
    Thanks

    :DHRUV
    , Jan 20, 2005
    #8
  9. Dhruv

    Moe Trin Guest

    In article <>,
    wrote:

    >I'm not too technical however when I try 66.150.28.110 in the web
    >browser it resolves to the website natwestfraud.


    No it doesn't. Your browser is going to that address and getting some
    web page - that page indicates it's natwestfraud. If you change that web
    page on the server, you can make it say that it's microsoft.com or
    whitehouse.gov, or anything else. But that has NO effect on the hostname
    of the computer, or the reverse DNS name. The criminals who are sending
    out fake mail from this or that bank or paypal or whatever, and tell you to
    "click here" to go to some web site and "confirm" your account number and
    security codes are doing exactly the same thing. You are not using the name
    service - that Internet service that translates between IP addresses
    and hostnames.

    The IP protocol operates with IP addresses - but people are more comfortable
    with hostnames. In the dark past on ARPANET, there was a single hosts file,
    that was sent to every computer on the net. Every time there was a change,
    there was a new hosts file - this was bad enough when there were a thousand
    computers connected, there are now hundreds of millions, and if we were to
    try to distribute that hosts file to every one, the Internet would be
    gridlocked. Instead, we use a database now, called Domain Name Service. It's
    a distributed database, and works by first querying one of the 13 master
    servers around the world, and that server refers you to another with more
    specific knowledge, and so on. Thus you ask "who knows about
    www.eyeuniversal.com and get told to ask the server who knows .com (as
    opposed to .net, or .edu, or .us, or .cn). That server would direct you to
    ask the name server that knows about eyeuniversal.com, and only then would
    you find the IP address. When going the other way (IP to name) the
    procedure is similar. As a user, you probably are totally unaware of this
    stuff going on under the covers - but it does happen. I don't use windoze,
    but if you are using windows NT, w2k, or XP, the command "ipconfig /all" will
    list the address of the local name servers that are doing all this work for
    you. If you are using Windows 9X, ME then winipcfg and the more button will
    tell you.

    >How come I can get to it and you get host not found when you go via ip.


    Because I'm not using some browser, but are using tools that query the
    DNS systems directly. The web is not the Internet - it's only a small
    portion of what's out there, and some 'all-singing, all-dancing' web
    browser is an invitation to disaster, because it's not telling you what
    it's actually doing when it "finds" some information.

    >Also, what do you mean talk with your upstream? Does that mean my web
    >host?


    Your ISP, or who ever you use to connect between your computer (and that
    includes the one that is running natwestfraud) with the Internet.

    >Do you think that changing the site to the ip 69.36.177.172 would do
    >any good? Is that ip on a blacklist


    [compton ~]$ host 69.36.177.172
    172.177.36.69.IN-ADDR.ARPA domain name pointer eyeuniversal.com
    [compton ~]$ arinwhois 69.36.177.172
    [whois.arin.net]

    OrgName: WestHost
    OrgID: WESTHO
    Address: 164 N Spring Creek Pkwy
    City: Providence
    StateProv: UT
    PostalCode: 84332
    Country: US

    NetRange: 69.36.160.0 - 69.36.191.255
    CIDR: 69.36.160.0/19
    NetName: WESTHOST-NOC

    [snip]

    OrgAbuseEmail:

    [snip]

    A _VERY_ quick scan at groups.google.com in the news.admin.net-abuse.*
    newsgroups doesn't show it. Why not use that to mail to the network
    people at bt.net, and ask them? They may also tell you why they don't
    like 66.150.28.110.

    >What is $FOO?


    The name of a variable - it's normally used when referring to something
    without being able or needing to actually name it. It's a way of saying
    'generic' or '<mumble>' when the actual name isn't important to the
    discussion.

    Old guy
    Moe Trin, Jan 20, 2005
    #9
  10. Dhruv

    Guest

    Instead of "use that to mail to the network people at bt.net, and ask
    them? They may also tell you why they don't like 66.150.28.110."
    Shouldn't I just switch my site over to the new ip for eyeuniversal
    that was safe? Wouldn't that be easier. I don't think there will be
    any hope with bt bureaucracy. I wish there was a program to check your
    site with different isps on the net.

    Also when you say a "VERY_ quick scan at groups.google.com in the
    news.admin.net-abuse.*". How do I do that? Do I just type in the ip
    and the newsgroup and see if it yields any results. Do you have a
    results page or steps to what you did so that I can check an ip in the
    future?

    Thanks again.

    :D
    , Jan 25, 2005
    #10
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silverstrand

    ABS Stealth Computer Case @ A True Review

    Silverstrand, Dec 1, 2005, in forum: Front Page News
    Replies:
    0
    Views:
    730
    Silverstrand
    Dec 1, 2005
  2. joeblow
    Replies:
    8
    Views:
    5,012
    joeblow
    Jul 8, 2004
  3. JaR
    Replies:
    12
    Views:
    2,437
  4. Silverstrand

    Diamond Stealth X550

    Silverstrand, Feb 2, 2006, in forum: Front Page News
    Replies:
    0
    Views:
    620
    Silverstrand
    Feb 2, 2006
  5. Thrumbar Pathfinder

    Need driver for Diamond Stealth 3d 2000

    Thrumbar Pathfinder, Sep 26, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    1,887
    Nathan E. Jeffries
    Oct 14, 2003
Loading...

Share This Page