Re: CVS blocked or delayed from some IP ranges?

To: Frank Wille <frank%phoenix.owl.de@localhost>
Subject: Re: CVS blocked or delayed from some IP ranges?
From: Steven Bellovin <smb%cs.columbia.edu@localhost>
Date: Wed, 22 Dec 2010 09:15:40 -0500

On Dec 22, 2010, at 4:13 03AM, Frank Wille wrote:

> On Tue, 21 Dec 2010 16:29:26 -0500
> Steven Bellovin <smb%cs.columbia.edu@localhost> wrote:
> 
>>> traceroute to cvs.netbsd.org (204.152.190.10), 64 hops max, 40 byte
>>> packets 1  arwen (192.168.0.250)  1.715 ms  1.557 ms  1.061 ms
>>> 2  217.0.116.114 (217.0.116.114)  44.702 ms  44.948 ms  49.642 ms
>>> 3  217.0.71.218 (217.0.71.218)  48.611 ms  47.670 ms  46.292 ms
>>> 4  217.239.40.62 (217.239.40.62)  211.661 ms  209.550 ms  210.340 ms
>>> 5  80.156.160.90 (80.156.160.90)  213.932 ms  210.192 ms  212.977 ms
>>> 6  int-0-0-1-0.r1.sql1.isc.org (149.20.65.10)  212.130 ms  213.540
>>> ms  213.060 ms 7  cvs.netbsd.org (204.152.190.10)  211.208 ms
>>> 207.631 ms  210.059 ms
>> 
>> What would be interesting is a traceroute when it isn't working.
> 
> This is the traceroute when it wasn't working. Pinging works, but the
> SSH and CVS ports seem sometimes blocked for me.
> 
When a connection attempt is failing, what does netstat show?  Does it show the 
attempt in SYN_SENT state or ESTAB state?  The former is consistent with 
port-blocking; the latter suggests some sort of application-level timeout or 
PMTU problem.
> 
>> (You may want to try pkgsrc/net/tcptraceroute as well.)
> 
> Good idea. I will try that as soon as the connection fails again (ok today).
> 
> BTW, I cannot run tcptraceroute directly on my router, because it doesn't
> handle P2P interfaces?
> 
> frank@arwen tcptraceroute cvs.netbsd.org 22
> Sorry, media type of device pppoe0 (#51) is not supported
> 
Since you say it's a router, is there some machine connected to it that you can 
use?  (I once had my own implementation of tcptraceoute that didn't have that 
flaw, but it would take a lot of work to make it functional again, I fear.)

> So my guess still is that cvs.netbsd.org is filtering IP addresses
> for some ports. Maybe I should write admins@ now.

I wouldn't yet -- that strikes me as extremely improbable.  (No one else is 
having such problems; why should the admins single you out?)

                --Steve Bellovin, http://www.cs.columbia.edu/~smb

Follow-Ups:
- Re: CVS blocked or delayed from some IP ranges?
  - From: Frank Wille

References:
- CVS blocked or delayed from some IP ranges?
  - From: Frank Wille
- Re: CVS blocked or delayed from some IP ranges?
  - From: Steven Bellovin
- Re: CVS blocked or delayed from some IP ranges?
  - From: Frank Wille
- Re: CVS blocked or delayed from some IP ranges?
  - From: Steven Bellovin
- Re: CVS blocked or delayed from some IP ranges?
  - From: Frank Wille

Prev by Date: Re: CVS blocked or delayed from some IP ranges?
Next by Date: Re: CVS blocked or delayed from some IP ranges?
Previous by Thread: Re: CVS blocked or delayed from some IP ranges?
Next by Thread: Re: CVS blocked or delayed from some IP ranges?
Indexes:

Home | Main Index | Thread Index | Old Index