, Network Engineer
Consulting Radiologists, Ltd.
-Original Message-
From: Andrey Gordon [mailto:andrey.gor...@gmail.com]
Sent: Tuesday, February 09, 2010 1:35 PM
To: Nanog
Subject: black listing of web traffic
Hi list
I have a problem that I can't seem to find a solution to yet. My student
Hi list
I have a problem that I can't seem to find a solution to yet. My student
network is being NATted out and anyone who's on that network had troubles
accessing random websites.
For example, going to www.apple.com or www.facebook.com would work great,
but store.apple.com would either not load
I know that cisco either are or have integrated the IronPort
reputation service into their IPS devices, maybe a check on www.senderbase.org
could help.
Chris Campbell
-
On 9 Feb 2010, at 19:36, Andrey Gordon andrey.gor...@gmail.com
wrote:
Hi list
I have a problem
On Tue, 9 Feb 2010, Jon Lewis wrote:
Other than the Spamhaus DROP list, I've never heard of blacklisting being
applied to IP routing.
The RBL was originally distributed via BGP.
Tony.
--
f.anthony.n.finch d...@dotat.at http://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR
True...and I was a subscriber, so I should have remembered that...but it
was roughly a decade ago and in that form dead most of that time.
Irrelevant to this guy's current issue.
On Tue, 9 Feb 2010, Tony Finch wrote:
On Tue, 9 Feb 2010, Jon Lewis wrote:
Other than the Spamhaus DROP list,
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consistently take forever
Andrey Gordon wrote:
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would
Thx to all the folks replying off the list.
The more I trouble shoot the more I'm convinced that it's not the sites that
are doing rate-limiting. I went to a website of one of my previous employers
(a small company). Chances of them having a fancy reverse proxy with some
sort of black list
Could it be a dns issue? Some sites trying to resolve your ip address
and others don't?
Sent from my iPhone
On Feb 9, 2010, at 4:47 PM, Andrey Gordon andrey.gor...@gmail.com
wrote:
Can't find my IP on any of the black lists. Don't have any proxies.
Sites
that behave poorly are
By changing my outbound IP address to a different one (i suspect effectively
resetting sessions) the problem was solved. So, after that I set it back to
the original source NAT. And the sites open up just fine still. It really
behaves like a NAT table exhaustion, but the firewall only reports
Thanks to all,
The problem seems to be fixed by changing the NAT ip to something else and
than back.
It does seem much like NAT exhaustion even though the f/w claims only 13K
session for two dynamic NATs and about 20 static ones.
What I don't get is why there is consistency in opening sites. Why
That's not surprising behaviour on a PaloAlto unit, they are still
very young in the market and my colleagues have had issues with NAT
and proxy arp in the recent past.
Chris Campbell
-
On 9 Feb 2010, at 22:31, Andrey Gordon andrey.gor...@gmail.com
wrote:
By changing
On Tue, 09 Feb 2010 17:44:01 EST, Andrey Gordon said:
It does seem much like NAT exhaustion even though the f/w claims only 13K
session for two dynamic NATs and about 20 static ones.
What I don't get is why there is consistency in opening sites. Why does
facebook open all the time and
On Tue, 2010-02-09 at 17:04 -0500, Andrey Gordon wrote:
Thx to all the folks replying off the list.
The more I trouble shoot the more I'm convinced that it's not the sites that
are doing rate-limiting. I went to a website of one of my previous employers
(a small company). Chances of them
On Tue, 2010-02-09 at 17:44 -0500, Andrey Gordon wrote:
What I don't get is why there is consistency in opening sites. Why does
facebook open all the time and store.apple.com barely opens all the time.
I'd say if it would be NAT exhaustion, they would all behave the same way
meaning open and
15 matches
Mail list logo
