[155484] in North American Network Operators' Group
RE: next hop packet loss
daemon@ATHENA.MIT.EDU (Keith Medcalf)
Sat Aug 11 14:21:21 2012
Date: Sat, 11 Aug 2012 12:20:43 -0600
In-Reply-To: <530DFF0280267643A67908BB181189E5981E3A@garcia.neuse.local>
From: "Keith Medcalf" <kmedcalf@dessus.com>
To: "Jim Ray" <jim@neuse.net>,
"SMBManagedServices@yahoogroups.com" <SMBManagedServices@yahoogroups.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>,
"david.herring@twcable.com" <david.herring@twcable.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Works fine in Firefox for me, and always has (within the limits of the shod=
dily designed website that is). Nonetheless, I'd never buy anything from t=
hem since they are an anti-security organization. Their Web site uses so m=
uch gratuitous javascript crap and hard-coded assumptions about character c=
ell sizes and pixel density that it is completely unuseable. I have no rea=
son to believe that any other product they sell is any better designed -- i=
f you can't create a web site that does not require increasing attack surfa=
ce in order to use it, then I would assume that all their products work and=
are designed the same way, and that deployment of any of their products in=
creases attack surface rather than decreasing it.
On the other hand they are probably four-colour-glossy-brochure and buzzwor=
d compliant. Then again I'm an curmudgeonly old fart that can't even spell=
dot Snot.
---
() ascii ribbon campaign against html e-mail
/\ www.asciiribbon.org
> -----Original Message-----
> From: Jim Ray [mailto:jim@neuse.net]
> Sent: Saturday, 11 August, 2012 10:36
> To: SMBManagedServices@yahoogroups.com
> Cc: nanog@nanog.org; david.herring@twcable.com
> Subject: RE: [SMBManagedServices] RE: next hop packet loss
>
> Get a load of this:
>
> New version of Firefox works fine. Methinks Mozilla released a turd.
>
>
> -----Original Message-----
> From: SMBManagedServices@yahoogroups.com
> [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of James_TDS
> Sent: Friday, August 10, 2012 11:47 AM
> To: SMBManagedServices@yahoogroups.com
> Subject: RE: [SMBManagedServices] RE: next hop packet loss
>
> As I said I suspect Checkpoint is "breaking the Internet" in an attempt
> to block various DDOS attacks. The failure of tracert and ICMP is not
> isolated to Checkpoint and Above.net as I had a similar problem with a
> local TW customer on a static IP. Because their in house router was down
> and not responding to anything TW would drop the Tracert long before it
> even came close to my client. I gave them heck about this as it made it
> impossible to remotely monitor the customer because when the customer
> calls and says the "Internet is down" the first thing I do is tracert to
> their IP. When I see the route die in another city that tells me the ISP
> is having issues vs. the route dying one hop out from my customer's IP.
> They gave me some crap about active routing and such. Put anything on
> that IP and have it respond to pings and the route will complete.
>
> As I said Telnet checkpoint.com 80 fails for me but SLChecker works so
> again it's probably some DDOS thing and they are checking user agents
> before replying and I assume SLCheck mimics IE or something. Handy tool.
>
>
>
> -----Original Message-----
> From: SMBManagedServices@yahoogroups.com
> [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of Jim Ray
> Sent: Friday, August 10, 2012 8:23 AM
> To: SMBManagedServices@yahoogroups.com
> Subject: RE: [SMBManagedServices] RE: next hop packet loss
>
> I am stumped why http://www.checkpoint.com won't resolve with Firefox
> yet will with Internet Explorer and Safari. I know Microsoft won't let
> you do what you need to do with Firefox yet am surprised with Check
> Point.
>
> Above.net is not echoing ICMP, though, before one reaches Check Point.
>
> >From the NANOG group, I found out it is possible to use command line
> switch to specify type of traffic and to get around ICMP issue.
> Apparently, TCP works; however, another person said UDP is preferred
> embodiment.
>
> This test resolved web site yet resulted in lost connection:
>
> telnet www.checkpoint.com 80
> GET / HTTP/1.1
> Host: www.checkpoint.com
>
> I captured packets with Wireshark yet did not see anything that jumped
> out at me as root cause for failure.
>
> Meanwhile back at the ranch, my friend brought over business card for
> Check Point representative, and I plan to pick up the phone and call
> thereby bypassing TCP/IP in its entirety.
>
>
> -----Original Message-----
> From: SMBManagedServices@yahoogroups.com
> [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of James_TDS
> Sent: Thursday, August 09, 2012 10:50 AM
> To: SMBManagedServices@yahoogroups.com
> Subject: RE: [SMBManagedServices] RE: next hop packet loss
>
> Go back a few post and see where I mentioned that the hop in question
> was not responding to the ICMP request, it wasn't down they just refuse
> to echo.
>
> Probably a more valid test would have been:
>
> telnet checkpoint.com 80
> GET
>
> However I just tested that as well and Checkpoint doesn't respond
> correctly. Not sure what they are doing on the frontend but they are
> breaking Internet "rules" probably in an effort to not be DDOS'd. I
> checked again with SLChecker and it responds correctly so they are
> likely not responding to Telnet because it doesn't send a user agent ID.
>
>
> -----Original Message-----
> From: SMBManagedServices@yahoogroups.com
> [mailto:SMBManagedServices@yahoogroups.com] On Behalf Of Jim Ray
> Sent: Thursday, August 09, 2012 8:39 AM
> To: SMBManagedServices@yahoogroups.com
> Cc: Herring, David
> Subject: [SMBManagedServices] RE: next hop packet loss
>
> Hey, I get the idgit award for this one. Time Warner's next hop that was
> dropping packets was really a situation where next hop was not
> responding to ICMP from tracert. Neither of us was able to diagnose the
> problem until last night when I found out Safari pulled up
> http://www.checkpoint.com from same network and Firefox on PC did not.
>
> So, apparently, Check Point does not like Firefox. Internet Explorer
> worked.
>
> Meanwhile back at the ranch, I have learned about TCP switch in tracert
> thanks to peers here and on NANOG and have gotten down and dirty with
> Wireshark.
>
> Regards,
>
> Jim Ray, President
> Neuse River Networks
> 2 Davis Drive, PO Box 13169
> Research Triangle Park, NC 27709
> 919-838-1672 x100
> www.NeuseRiverNetworks.com
>
>
> -----Original Message-----
> From: Herring, David [mailto:david.herring@twcable.com]
> Sent: Thursday, August 09, 2012 7:54 AM
> To: Jim Ray; Adrian Bool
> Subject: RE: next hop packet loss
>
> Got it.. no worries.. I know we are not always the best either!
>
> What would be great- that you let the below be known to your user
> group?
> I know we let them know when we thought it was Business class
> problem...
>
>
>
> David Herring
> Channel Manager | Channel Partner Program, East Region TWC Business
> Class
> 101 Innovation Avenue| Morrisville, NC 27560
> 919.573.7635
>
>
>
>
>
>
> -----Original Message-----
> From: Jim Ray [mailto:jim@neuse.net]
> Sent: Wednesday, August 08, 2012 7:48 PM
> To: Adrian Bool
> Cc: Herring, David
> Subject: RE: next hop packet loss
>
> Dude...don't laugh too hard when I tell you I found the problem:
>
> http://www.CheckPoint.com not compatible with Firefox, only with Safari
> and Internet Explorer or possibly others.
>
> David, apparently, tracert is not a valid test if ICMP is not active.
> So, my apologies.
>
> Regards,
>
> Jim Ray, President
> Neuse River Networks
> 2 Davis Drive, PO Box 13169
> Research Triangle Park, NC 27709
> 919-838-1672 x100
> www.NeuseRiverNetworks.com
>
>
> -----Original Message-----
> From: Adrian Bool [mailto:aid@logic.org.uk]
> Sent: Tuesday, August 07, 2012 9:22 AM
> To: Jim Ray
> Subject: Re: next hop packet loss
>
>
> Oh, if you do get a connect on the telnet session, type,
>
> GET / HTTP/1.1
> Host: www.checkpoint.com
> <return>
> <return>
>
>
> aid
>
>
>
> On 7 Aug 2012, at 14:14, "Jim Ray" <jim@neuse.net> wrote:
>
> > Ah, good eyes :-)
> >
> > Thank you, sir. Will try again.
> >
> > Regards,
> >
> > Jim Ray, President
> > Neuse River Networks
> > 2 Davis Drive, PO Box 13169
> > Research Triangle Park, NC 27709
> > 919-838-1672 x100
> > www.NeuseRiverNetworks.com
> >
> >
> >
> > -----Original Message-----
> > From: Adrian Bool [mailto:aid@logic.org.uk]
> > Sent: Tuesday, August 07, 2012 9:14 AM
> > To: Jim Ray
> > Subject: Re: next hop packet loss
> >
> >
> > Hi Jim,
> >
> > It looks like you just used telnet on its own (so it used port 23,
> > which
> > *will* be blocked by Checkpoint). Instead you need to specify the
> > HTTP port as well,
> >
> > telnet www.checkpoint.com 80
> >
> > If you give that a go again; whilst capturing with Wireshark & see
> > what happens.
> >
> > Cheers,
> >
> > aid
> >
>
>
> This E-mail and any of its attachments may contain Time Warner Cable
> proprietary information, which is privileged, confidential, or subject
> to copyright belonging to Time Warner Cable. This E-mail is intended
> solely for the use of the individual or entity to which it is addressed.
> If you are not the intended recipient of this E-mail, you are hereby
> notified that any dissemination, distribution, copying, or action taken
> in relation to the contents of and attachments to this E-mail is
> strictly prohibited and may be unlawful. If you have received this
> E-mail in error, please notify the sender immediately and permanently
> delete the original and any copy of this E-mail and any printout.
>
>
> ------------------------------------
>
> Moderated and managed Amy LubyYahoo! Groups Links
>
>
>
>
>
> ------------------------------------
>
> Moderated and managed Amy LubyYahoo! Groups Links
>
>
>
>
>
> ------------------------------------
>
> Moderated and managed Amy LubyYahoo! Groups Links
>
>
>
>
>
> ------------------------------------
>
> Moderated and managed Amy LubyYahoo! Groups Links
>
> <*> To visit your group on the web, go to:
> http://groups.yahoo.com/group/SMBManagedServices/
>
> <*> Your email settings:
> Individual Email | Traditional
>
> <*> To change settings online go to:
> http://groups.yahoo.com/group/SMBManagedServices/join
> (Yahoo! ID required)
>
> <*> To change settings via email:
> SMBManagedServices-digest@yahoogroups.com
> SMBManagedServices-fullfeatured@yahoogroups.com
>
> <*> To unsubscribe from this group, send an email to:
> SMBManagedServices-unsubscribe@yahoogroups.com
>
> <*> Your use of Yahoo! Groups is subject to:
> http://docs.yahoo.com/info/terms/
>
