HWF unreachable

not had any problems myself, anyone else? (also had a look at google stats which don't show any deviation)
 
It's getting weird. Others can connect to HWF without problems at the times when I can't connect. I've also tried to connect to HWF by using its IP adress, without success.

I can only connect to HWF when using 3G on my iPhone.

Pinging is also not possible either. I'm using OpenDNS, and got an AirPort extreme router. As usual, I've reset the router and the cable modem.

I've also tried different computers in my network.

The same problem happens when connecting to zone365. All other websites in the world appear to work fine.

Tried it with Safari 3, Firefox 3 and IE.

Traceroute gives this output:
Code: 
traceroute to hardwareforums.com (207.58.155.243), 64 hops max, 40 byte packets
 1 *192.168.2.1 (192.168.2.1) *1.909 ms *1.158 ms *1.121 ms
 2 *195.190.242.7 (195.190.242.7) *20.330 ms 213.75.64.153 (213.75.64.153) *18.892 ms *25.106 ms
 3 *213.75.64.153 (213.75.64.153) *19.454 ms *19.948 ms *19.139 ms
 4 *213.75.64.166 (213.75.64.166) *21.094 ms *20.616 ms *20.610 ms
 5 *TenGE13-2.br02.ams01.pccwbtn.net (195.69.145.37) *26.603 ms *22.169 ms *22.108 ms
 6 *servint.ge5-7.br01.wdc02.pccwbtn.net (63.218.83.2) *107.688 ms *105.792 ms *105.851 ms
 7 *sc-smv2911.servint.net (207.58.153.30) *105.988 ms *112.582 ms *144.345 ms
 8 ** * *
 9 ** *

Now the weird thing is, when it does work (a few times a day), HWF loads very quickly...
 
I just noticed that I CAN access HWF when using an online proxy server. Could it be possible that an IP range has been blocked that includes mine (84.25.10.75)? HWF isn't blocked by my ISP, because all my friends have the same ISP, and can connect without any issues...
 
There's nothing blocked statically in the firewall tables; the block chain is dynamic. It blocks based on abusive behavior, meaning known attacks or DoS activity. Right now there are 5 IPs in the dynamic table, and all 5 are in Asia.

BTW, OpenDNS tampers with your forward lookups, I'd use your local root DNS servers instead if I was you. :)
 
Anti-Trend said:
BTW, OpenDNS tampers with your forward lookups, I'd use your local root DNS servers instead if I was you. :)
Click to expand...

I'll try that. The weird thing is that others that use OpenDNS don't have any issues with loading HWF.

But don't you guys have some kind of plugin installed that cause issues with page loading for annoying users? Isn't it possible that an IP range has been added that inludes my IP address?

edit: I've just changed my DNS settings to use my ISPs DNS servers. HWF appears to be working....for now.
 
Nope, just looked over that too. There is a short list of abusive subnets, all in China or India. You're not in any, or you wouldn't even be able to connect.

My first guess would be to look into things like local routing problems, stale cache, DNS, or packet loss. It could also be something like a 3rd-party targeted ad (dynamic content) that is aimed at your locale, which is failing. I've seen this once or twice myself in the last few years. That would explain the intermittent nature of the issue. In any case, if you experience it again, I'd try the following:

  1. Can you connect to zone365.com? It's hosted on the same server.
  2. Try connecting to the IP directly: 207.58.155.243
  3. Clear your browser cache.
  4. Try a different browser -- could be a misbehaving plugin.
  5. Try pinging the IP address. Any dropped packets?
  6. Try telnet'ing straight to port 80 and doing an HTTP GET.
  7. If all else fails, record the date, time, and your IP address at the time of the issue, and fire me an email. I can look into the server's logs and see if there's a local correlation.
 
It's still working, but I'll try to remember everything that I tried before:

Anti-Trend said:
Try connecting to the IP directly: 207.58.155.243
Click to expand...
Tried that. Wasn't working either.

Anti-Trend said:
Can you connect to zone365.com? It's hosted on the same server.
Click to expand...
Same problems.

Anti-Trend said:
Clear your browser cache.
Click to expand...
Tried that too.

Anti-Trend said:
Try a different browser -- could be a misbehaving plugin.
Click to expand...
Tried it with Safari 3, Firefox 3 and IE7. The 1st two on Mac OS X and Windows XP.

Anti-Trend said:
Try pinging the IP address. Any dropped packets?
Click to expand...
I only received time-outs, so 100% of the packets where lost.

Anti-Trend said:
Try telnet'ing straight to port 80 and doing an HTTP GET.
Click to expand...
Do you know what command I need to use for that in either Windows or BSD?

Anti-Trend said:
If all else fails, record the date, time, and your IP address at the time of the issue, and fire me an email. I can look into the server's logs and see if there's a local correlation.
Click to expand...
Sure, I'll do that when it happens again :)
 
RHochstenbach said:
I only received time-outs, so 100% of the packets where lost.
Click to expand...
Not enough data for a solid assesment, but sounds like it's not DNS, or a browser issue. I'm leaning towards routing, or an RFC-bending app/plugin/malware/other that has temporarily angered the self-hardening firewall script on the server by making Waayyyyyy too many simultaneous connections.

RHochstenbach said:
Do you know what command I need to use for that in either Windows or BSD?
Click to expand...
Code: 
telnet hardwareforums.com 80
GET /index.php HTTP/1.1
When done, Ctrl+] then type "quit" and hit enter.
 
Guess what? I got a moment and grepped the firewall logs for your IP. Found it... several hundred times. You've been blocked recently for activity that looks like syn flooding or spoofing. This can be caused by naughty client apps, malfunctioning router sending out-of-order packets, malware, or somebody (e.g. your ISP) tampering with your traffic.

So, in short, my assessment from the hip is as follows:
Something bad is happening to your traffic, between your person and our server, cause unknown. Could be something bad on your PC, could be something wrong with a network appliance, could be a naughty ISP. The firewall sees a bunch of invalid TCP traffic and drops it by default. After the script sees a pattern emerge of junk traffic from your IP, it bans you for a short while under the assumption that you must be an attacker.
 
Anti-Trend said:
I'm leaning towards routing, or an RFC-bending app/plugin/malware/other that has temporarily angered the self-hardening firewall script on the server by making Waayyyyyy too many simultaneous connections.
Click to expand...
It can't be malware, because I tried it on 2 Apple computers, an iPhone and an iPod Touch. And I don't have a firewall active on the OS, but only in my router (AirPort Extreme). But I can visit other websites and forums without any problems. So it can't be caused by a blocked port 80, HTTP or anything specific to vBulletin.

But I've noticed that HWF hasn't been unreachable anymore since I used the DNS servers of my ISP instead of OpenDNS....
 
RHochstenbach said:
It can't be malware, because I tried it on 2 Apple computers, an iPhone and an iPod Touch. And I don't have a firewall active on the OS, but only in my router (AirPort Extreme). But I can visit other websites and forums without any problems. So it can't be caused by a blocked port 80, HTTP or anything specific to vBulletin.

But I've noticed that HWF hasn't been unreachable anymore since I used the DNS servers of my ISP instead of OpenDNS....
Click to expand...
In that case, most likely candidates are your router or your ISP, or possibly something upstream of you. It will be hard to detect on your end during a full "outage", since you've most likely been put on the firewall's blacklist at that point, so any connections from your IP will fail. But you might try a different router if you have one, or bypass altogether, and see if the behavior changes. There's also this: Test Your ISP | Electronic Frontier Foundation
 
Anti-Trend said:
Guess what? I got a moment and grepped the firewall logs for your IP. Found it... several hundred times. You've been blocked recently for activity that looks like syn flooding or spoofing. This can be caused by naughty client apps, malfunctioning router sending out-of-order packets, malware, or somebody (e.g. your ISP) tampering with your traffic.

So, in short, my assessment from the hip is as follows:
Something bad is happening to your traffic, between your person and our server, cause unknown. Could be something bad on your PC, could be something wrong with a network appliance, could be a naughty ISP. The firewall sees a bunch of invalid TCP traffic and drops it by default. After the script sees a pattern emerge of junk traffic from your IP, it bans you for a short while under the assumption that you must be an attacker.
Click to expand...
That is weird. Could it be possible that someone 'stole' my IP? It can't be caused by the ISP, because my friends use the same ISP, and blocking websites to customers is illegal here.

Btw can you view detailed information about each event like the domain name and host name? My domain is landg1.lb.home.nl, and my hostname is CP1340521-A. I've also contacted my ISP. They might give me a new IP address.

As for the router, I have an airport extreme. I think that the problems started after the latest firmware update, but I'm not sure.
 
If somebody stole your IP, they'd have to be on the same ISP in the same subnet as you, and the MAC table on the ISP's router upstream of you would have to be very liberally configured to let other account holders use your IP. Plus, the symptoms would be *very* heavy packet loss, around 50% of your traffic would hit the wrong host. Since you're not reporting that behavior, I really doubt that's the case. :)

Now the firmware on the airport, that is a more likely cause. Is there any way you can temporarily remove that from the equation for troubleshooting?
 
Anti-Trend said:
Now the firmware on the airport, that is a more likely cause. Is there any way you can temporarily remove that from the equation for troubleshooting?
Click to expand...
I can't connect the computer directly to the cable modem, because all wires here are fixed to the building. I did revert the router's firmware to an older version that always worked. I suddenly recall that I'm beta-testing the new EuroDocsis 3.0 technology with my ISP. But I've contacted them, and the I'll see if they find the bottleneck.
 
I've executed the netstat command while attempting to connect to HWF. It gave me this output:
Code: 
tcp4 0 0 192.168.2.200.49307 snake.hardwarefo.http LAST_ACK
tcp4 0 0 192.168.2.200.49305 snake.hardwarefo.http LAST_ACK
I don't know if that shows anything useful...
 
You must log in or register to reply here.
Back
Top