But then why isn't github.com also blocked? From my employer's network, this address is reachable using IE11:
https://github.com/JohnArchieMckown/ But "tracert github.com" yields a similar result as "tracert gist.github.com" (different last address component, 129 instead of 141): Tracing route to github.com [192.30.252.129] over a maximum of 30 hops: 1 * * * Request timed out. Etc. Schizophrenic, if you ask me. And yes, my impression is that many (if not most) large companies and especially financial industry companies are moving to prevent all software installs on workstations, sometimes with limited exceptions for actual software developers. Peter -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Bigendian Smalls Sent: Friday, March 04, 2016 12:00 PM To: [email protected] Subject: Re: gist.github.com unreachable [was: RE: rexx and tso alllocate] On Mar 4, 2016, at 10:46 AM, Leonardo Vaz <[email protected]> wrote: > > You could be right, it might just be unintentional blocking. > > I would certainly prefer this version vs intentional blocking since the later > is pretty much security by obscurity (as long as you don't know the code you > can't do harm...) > > Leo Respectfully, this is not security by obscurity. Companies who block, say GitHub, intentionally as a site which contains untrusted downloads, are not pretending github - or the code therein -doesn't exist. They're throwing up a roadblock, which is likely backed by a policy. It's almost always possible to circumvent these things for a determined employee - but that isn't the point. It's meant to remind the employees (and stop the ones who aren't determined to violate the policy) that downloading or installing software (or potentially uploading company intellectual property) is a no-no. The security part comes by taking away rights in Windows, for example, that allow users to install new software. None of the above is foolproof, but that doesn't mean they shouldn't layer it on as another security control - if that's what the company has decided fits their risk appetite. Chad > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of John McKown > Sent: Friday, March 04, 2016 11:23 AM > To: [email protected] > Subject: Re: gist.github.com unreachable [was: RE: rexx and tso alllocate] > >> On Fri, Mar 4, 2016 at 10:16 AM, Leonardo Vaz <[email protected]> wrote: >> >> That's not a private IP address on his LAN, it is the gist.github.com >> IP address. > > Correct. But if the LAN authorities think, as he did, that 192.0.0.0/8 is > all private, instead of just 192.168.0.0/16, then their routing tables may be > set up to not forward 192.30.252.141 to the outside world, but route the > entire 192.0.0.0/8 to the inside only. Which would time out. As it did. > > > >> >> -----Original Message----- >> From: IBM Mainframe Discussion List [mailto:[email protected]] >> On Behalf Of John McKown >> Sent: Friday, March 04, 2016 11:13 AM >> To: [email protected] >> Subject: Re: gist.github.com unreachable [was: RE: rexx and tso >> alllocate] >> >> On Fri, Mar 4, 2016 at 9:50 AM, Farley, Peter x23353 < >> [email protected]> wrote: >> >>> You aren't the only one Steve. From my employer's network I can't >>> reach gist.github.com at all, even just the main site never mind >>> John's >> area. >>> Trying a tracert to gist.github.com only gets timeouts: >>> >>> Tracing route to gist.github.com [192.30.252.141] over a maximum of >>> 30 >>> hops: >>> >>> 1 * * * Request timed out. >>> Etc. >>> >>> That DNS address (192.30.252.141) looks odd to me. I thought >>> 192.*.*.* was reserved for private local networks, or is that only >> 192.168.*.*? >> >> the private IPv4 address ranges are: 10.0.0.0/8, 172.16.0.0/12, and >> 192.168.0.0/16 ref: https://en.wikipedia.org/wiki/Private_network >> >> I'll almost bet your LAN people are laboring under the same delusion. >> >> >>> >>> I can reach gist from home though, maybe you can as well. >>> >>> Peter -- This message and any attachments are intended only for the use of the addressee and may contain information that is privileged and confidential. If the reader of the message is not the intended recipient or an authorized representative of the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by e-mail and delete the message and any attachments from your system. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
