OT mrplc offline?

[TimWilborne]

I've informed Chakorules of the issue.

As one last test to make sure it is an issue with mrplc.com's server, do a tracert on 207.58.141.134.

 

[surferb]

Thanks Tim! I can hit vps.twcontrols.com (207.58.141.134). We'll see about those other guys.

I've informed Chakorules of the issue.

As one last test to make sure it is an issue with mrplc.com's server, do a tracert on 207.58.141.134.

 

[just_lionel]

Yep, I get to vps.twcontrols.com as well (11 hops)

 

[Ken Moore]

Posted by Chako on MrPLC.com in response the access issues.






I've requested USERs IP addresses to make sure they did not get on the automatic tripwire block list. They might be blocked at our firewall level.

They should visit this page:
http://www.whatismyip.com/

Report back what their IP address.

If users are using public ips such as 192.168.x.x.

That is NO GOOD.

That is an internal IP address scheme, illegal to surf the web this way in my opinion. Hackers will hide behind internal IP address ranges like 192.168.x.x/16 and 10.x.x.x/8. these ranges are blocks by our firewall.

Their IT people have not configured their system correctly to identity themselves as a genuine internet user.

I've posted this back in 2005:
http://forums.mrplc.com/index.php?showtopic=6007

These user that display private IPs do not have their LAN configured correctly for NAT. They should as best pratice display their public IP when surfing the web.

If I open this doorway, I will be exposing mrplc to hack attacks I dealt with in 2003 and 2004 time period, and an EXESSIVE amounts of spam postings.

Here is a book on this topic: Hack Proofing Linux
http://books.google.com/books?id=5vVy6F80g...4&ct=result

I am sorry for the users, I deeply regret this, but their IT people are not following best practices for public and private IP addresses if this is the case.

The above would be ONE REASON why certain users can not access mrplc.com

The second would be an automatic tripwire block in the firewall.

 

[just_lionel]

Do you my ip here? or email him?

 

[jrwb4gbm]

No problem here at my house in NC, USA using residential DSL service.

 

[Pego]

If I do a tracert I get a time-out and my IP is 94.157.xxxx.xxx

 

[BobB]

Chris has contacted me and I have sent him some info.
Interestingly enough I think this has only happened since I have hooked up with a wireless broadband connection on a 3G/HDSPA link as I am away. Not home so I cannot check my normal cable broadband connection to see if it works or not.

 

[TimWilborne]

Yep, I get to vps.twcontrols.com as well (11 hops)

Ok, the last hop is all that is different between MrPLC and Patchn as their servers are on the same trunk line. I'd say everything is good on your end, Chakorules will get it straightened out

 

[Pego]

I don't know if Chakorules changed anything or it was the reset I did of my firewall, but I can visit the MrPLC website again.

 

[TimWilborne]

Could everyone give it a try now?

 

[surferb]

Everybody up now? Chako posted a better second reply.

Ok I figured it out.

Wow...Buckled down for this...I dug deep into the firewall, and I forgot I setup firewall blocks for unassigned subnets. Believe it or not, here is your internet lesson for the day.

All the subnet IPs have not been sold yet.
Here is a list of IP subnets you can purchase:
http://www.iana.org/assignments/ipv4-address-space

If you look at the top, you'll see the list got updated 12-22-2008.

that means some company bought another IP BLOCK.

One of the users having problems had an IP of 173.x.x.x Until Dec 2008, there was no such thing as 173.x.x.x IP addresses. Therefore, parniod CHAKORULES blocked any IP address range not currently owed.

Here "WAS" the firewall block: (These are listing of IP blocks that no one owns) or unallocated:

1.0.0.0/8
2.0.0.0/8
5.0.0.0/8
23.0.0.0/8
27.0.0.0/8
31.0.0.0/8
36.0.0.0/8
37.0.0.0/8
39.0.0.0/8
42.0.0.0/8
46.0.0.0/8
94.0.0.0/8
95.0.0.0/8
100.0.0.0/8
101.0.0.0/8
102.0.0.0/8
103.0.0.0/8
104.0.0.0/8
105.0.0.0/8
106.0.0.0/8
107.0.0.0/8
108.0.0.0/8
109.0.0.0/8
110.0.0.0/8
111.0.0.0/8
112.0.0.0/8
113.0.0.0/8
114.0.0.0/8
115.0.0.0/8
173.0.0.0/8
174.0.0.0/8
175.0.0.0/8
176.0.0.0/8
177.0.0.0/8
178.0.0.0/8
179.0.0.0/8
180.0.0.0/8
181.0.0.0/8
182.0.0.0/8
183.0.0.0/8
184.0.0.0/8
185.0.0.0/8
186.0.0.0/8
187.0.0.0/8
197.0.0.0/8
223.0.0.0/8
240.0.0.0/8
241.0.0.0/8
242.0.0.0/8
243.0.0.0/8
244.0.0.0/8
245.0.0.0/8

Now compare that to the list updated 12-22-2008.
http://www.iana.org/assignments/ipv4-address-space

Here are the blocks recently purchased:

108/8 ARIN 2008-12 whois.arin.net ALLOCATED
110/8 APNIC 2008-11 whois.apnic.net ALLOCATED
111/8 APNIC 2008-11 whois.apnic.net ALLOCATED
112/8 APNIC 2008-05 whois.apnic.net ALLOCATED
113/8 APNIC 2008-05 whois.apnic.net ALLOCATED
173/8 ARIN 2008-02 whois.arin.net ALLOCATED
174/8 ARIN 2008-02 whois.arin.net ALLOCATED
184/8 ARIN 2008-12 whois.arin.net ALLOCATED
197/8 AfriNIC 2008-10 whois.afrinic.net ALLOCATED

So I had to go in and update my parniod firewall list...

Wow...apnic.net just purchased a bunch of IP blocks this year...that must mean alot of servers going up.

I opened up the door on the above IP BLOCKS. Let me know if that fixes everyone.

Lesson in IP BLOCKS is over.

Thanks for making me dig into this.
Chako

 

[BobB]

Chris fixed it - my IP was 114.x.x.x and apparently has recently been purchased.

 

[just_lionel]

Up and running over here as well!