stealth-blocking, isp blocking website

Discussion in 'Computer Security' started by Dhruv, Oct 25, 2004.

  1. Dhruv

    Dhruv Guest

    Hi,


    Can someone tell me one thing. Is there a piece of software that if you feed in a
    particular URL, it can detect all major ISPs around the globe that have
    blocked it?

    Do you know of one? Is there a way to find out? Are there some tools I can use?

    Thanks

    :DHRUV
     
    Dhruv, Oct 25, 2004
    #1
    1. Advertisements

  2. Dhruv

    Moe Trin Guest

    Please think about that for a minute. The major ISPs are not friends
    with each other - they are competition. Do you know what that means?
    IT MEANS THEY DON'T PUBLISH THEIR BLOCKLISTS!!! They don't want to
    tell their competition what they are doing. Wow - Ford not telling GM
    what they are doing in next year's cars. Amazing.
    No and No
    http://groups.google.com/ and read the news.admin.net-abuse.*
    newsgroups.
    Covad - a lot of their netspace is blocked for their support of spammers.

    Old guy
     
    Moe Trin, Oct 25, 2004
    #2
    1. Advertisements

  3. Dhruv

    Dhruv Guest

    My client site is not hosted with covad. It is natwestfraud.com. I
    just want to know whether it is being blocked by major isp Bt internet
    and others.

    Thanks

    :D
     
    Dhruv, Oct 26, 2004
    #3
  4. (Moe Trin) wrote in message
     
    Hairy One Kenobi, Oct 26, 2004
    #4
  5. Dhruv

    Moe Trin Guest

    [compton ~]$ host natwestfraud.com
    natwestfraud.com has address 66.150.28.110
    natwestfraud.com mail is handled (pri=10) by mail.globalhosting.com
    [compton ~]$ host www.natwestfraud.com
    www.natwestfraud.com has address 66.150.28.110
    [compton ~]$ nwhois 66.150.28.110
    [whois.arin.net]
    Internap Network Services PNAP-06-2001 (NET-66-150-0-0-1)
    66.150.0.0 - 66.151.255.255
    Globalhosting, Inc. PNAP-ACS-GLOBHO-RM-01 (NET-66-150-28-0-1)
    66.150.28.0 - 66.150.31.255

    # ARIN WHOIS database, last updated 2004-10-26 19:10
    # Enter ? for additional hints on searching ARIN's WHOIS database.
    [compton ~]$

    Oh, sweet mother of... Boy you really picked a winner there. Wander over
    to the newsgroup news.admin.net-abuse.sightings and
    news.admin.net-abuse.blocklists (do a search on http://groups.google.com/)
    and look for Internap. Not only do we not accept mail from that /15,
    we don't even accept packets - mail, web, FTP, DNS - anything at all.
    I really doubt that we're alone in doing that.

    I can't say what BT Internet (or others) might be doing - why not try to
    mail them and ask? If your mail gets bounced - that might be a clue. Try
    mailing from other ISPs you may have access to.

    Old guy
     
    Moe Trin, Oct 28, 2004
    #5
  6. Dhruv

    dmalhotr2001 Guest

    Okay I will try your suggestion. But why are they blocking it and how
    do i get it unblocked?

    This site is a consumer site and it doesn't do anything as spamming.
    Big corporations just want to block it because it is on the first page
    on google for the natwest bank.

    :DHRUV
     
    dmalhotr2001, Jan 10, 2005
    #6
  7. Dhruv

    Moe Trin Guest

    Do read the FAQ at news.admin.net-abuse.blocklists (there is a link at
    the bottom of every post in that moderated newsgroup). I rather doubt it
    is your website that is "the problem". You are in a bad Internet
    neighborhood amd that is much more likely to be the cause.
    It may be as innocent as a new borne baby, but your upstream apparently
    has problems. Recall my post where I said

    -----------
    -----------

    "that /15" means 66.150.0.0 - 66.151.255.255. Actually, we don't accept
    packets from six other blocks (/15s down to /19s) assigned to Internap as
    well. Are you still at 66.150.28.110? Apparently. Looking at one of
    my external proxies, I see that Globalhosting, Inc (or Internap - their
    server seems to be authoritative and is the one answering) doesn't feel
    it necessary to comply with RFCs, and have a PTR record in the DNS for
    that address. (This means I can look up www.natwestfraud.com and get
    66.150.28.110, but when I look up the IP address 66.150.28.110, I get a
    "Host not found" message - talk to your upstream and ask why.) Some people
    don't like that either.
    You must have a big page on your web browser - when I google for 'natwest
    bank', your "natwestfraud.com" shows up as hit number 35. No, I rather
    doubt that has much to do with the blockage at all. I'm not in the UK,
    so I can't say what someone like BT is doing, but it's their network,
    and they make the rules on their network. The Internet is a cooperative
    of networks, and unless you have some contract with network $FOO, they
    are not obligated to carry your packets. If you (or your upstream) has
    made network $FOO unhappy for some reason, then _that_ issue has to be
    cleared up.

    Old guy
     
    Moe Trin, Jan 11, 2005
    #7
  8. Dhruv

    dmalhotr2001 Guest

    I'm not too technical however when I try 66.150.28.110 in the web
    browser it resolves to the website natwestfraud. How come I can get to
    it and you get host not found when you go via ip.
    Also, what do you mean talk with your upstream? Does that mean my web
    host?
    Do you think that changing the site to the ip 69.36.177.172 would do
    any good? Is that ip on a blacklist? What is $FOO?

    Sorry I'm not a security person but I just want to resolve/understand
    the problem so I can resolve it so it doesn't occur in future.
    Thanks

    :DHRUV
     
    dmalhotr2001, Jan 20, 2005
    #8
  9. Dhruv

    Moe Trin Guest

    No it doesn't. Your browser is going to that address and getting some
    web page - that page indicates it's natwestfraud. If you change that web
    page on the server, you can make it say that it's microsoft.com or
    whitehouse.gov, or anything else. But that has NO effect on the hostname
    of the computer, or the reverse DNS name. The criminals who are sending
    out fake mail from this or that bank or paypal or whatever, and tell you to
    "click here" to go to some web site and "confirm" your account number and
    security codes are doing exactly the same thing. You are not using the name
    service - that Internet service that translates between IP addresses
    and hostnames.

    The IP protocol operates with IP addresses - but people are more comfortable
    with hostnames. In the dark past on ARPANET, there was a single hosts file,
    that was sent to every computer on the net. Every time there was a change,
    there was a new hosts file - this was bad enough when there were a thousand
    computers connected, there are now hundreds of millions, and if we were to
    try to distribute that hosts file to every one, the Internet would be
    gridlocked. Instead, we use a database now, called Domain Name Service. It's
    a distributed database, and works by first querying one of the 13 master
    servers around the world, and that server refers you to another with more
    specific knowledge, and so on. Thus you ask "who knows about
    www.eyeuniversal.com and get told to ask the server who knows .com (as
    opposed to .net, or .edu, or .us, or .cn). That server would direct you to
    ask the name server that knows about eyeuniversal.com, and only then would
    you find the IP address. When going the other way (IP to name) the
    procedure is similar. As a user, you probably are totally unaware of this
    stuff going on under the covers - but it does happen. I don't use windoze,
    but if you are using windows NT, w2k, or XP, the command "ipconfig /all" will
    list the address of the local name servers that are doing all this work for
    you. If you are using Windows 9X, ME then winipcfg and the more button will
    tell you.
    Because I'm not using some browser, but are using tools that query the
    DNS systems directly. The web is not the Internet - it's only a small
    portion of what's out there, and some 'all-singing, all-dancing' web
    browser is an invitation to disaster, because it's not telling you what
    it's actually doing when it "finds" some information.
    Your ISP, or who ever you use to connect between your computer (and that
    includes the one that is running natwestfraud) with the Internet.
    [compton ~]$ host 69.36.177.172
    172.177.36.69.IN-ADDR.ARPA domain name pointer eyeuniversal.com
    [compton ~]$ arinwhois 69.36.177.172
    [whois.arin.net]

    OrgName: WestHost
    OrgID: WESTHO
    Address: 164 N Spring Creek Pkwy
    City: Providence
    StateProv: UT
    PostalCode: 84332
    Country: US

    NetRange: 69.36.160.0 - 69.36.191.255
    CIDR: 69.36.160.0/19
    NetName: WESTHOST-NOC

    [snip]

    OrgAbuseEmail:

    [snip]

    A _VERY_ quick scan at groups.google.com in the news.admin.net-abuse.*
    newsgroups doesn't show it. Why not use that to mail to the network
    people at bt.net, and ask them? They may also tell you why they don't
    like 66.150.28.110.
    The name of a variable - it's normally used when referring to something
    without being able or needing to actually name it. It's a way of saying
    'generic' or '<mumble>' when the actual name isn't important to the
    discussion.

    Old guy
     
    Moe Trin, Jan 20, 2005
    #9
  10. Dhruv

    dmalhotr2001 Guest

    Instead of "use that to mail to the network people at bt.net, and ask
    them? They may also tell you why they don't like 66.150.28.110."
    Shouldn't I just switch my site over to the new ip for eyeuniversal
    that was safe? Wouldn't that be easier. I don't think there will be
    any hope with bt bureaucracy. I wish there was a program to check your
    site with different isps on the net.

    Also when you say a "VERY_ quick scan at groups.google.com in the
    news.admin.net-abuse.*". How do I do that? Do I just type in the ip
    and the newsgroup and see if it yields any results. Do you have a
    results page or steps to what you did so that I can check an ip in the
    future?

    Thanks again.

    :D
     
    dmalhotr2001, Jan 25, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.