odd lack of some internet connectivity

[dgcombs at gmail.com (Dan McGinn-Combs)]

I had this experience a couple times before. Here's what the problem boiled
down to in these instances...

1) Couldn't get to 3Com's web site (among others) was due to an MTU problem
converting token ring (on the inside) to ethernet (on the outside) of the
proxy-based firewall. Yeah, it was olden days, but every other site we could
think of was working just fine... only a very few didn't.

2) Couldn't get to some sites from some spots within our network - but could
at other places. That is, site 1 had no problem getting to Yahoo.com, but
site 2 couldn't. Turns out that our router group had fiddled with the MTU
size on the internal Nortel hardware and the internal routers were dropping
fragmented packets. You could telnet to port 80 and GET bits and pieces all
day long but as soon as you tried to use a browser to download the whole kit
'n' kaboodle, it would reset the connection.

3) We had issues establishing proper HTTP connections behind load balancers.
That is, the load balancers were negotiating an MTU size (hmmm... I think
I'm beginning to see a common thread) rather than passing the negotiation
traffic through. That way, the end point devices couldn't establish a
meaningful relationship.

4) Just to complete the group, we also had similar problems using PPTP VPN
tunnels within IPSec tunnels and connecting Check Point IPSec tunnels to
Cisco IPSec tunnels. The default MTU sizes were getting eaten up with with
overhead and left no room for actual you know... data.

Just some random thoughts as I'm trying to extract every last bit of
caffeine I can from this teabag.

Dan

On Mon, Nov 3, 2008 at 8:15 AM, Robin Wood <dninja at gmail.com> wrote:

> Hi
> See if anyone can help me with this weird problem ...
>
> I've just been to see a friend at his company as he was complaining
> about not being able to access certain websites or certain parts of
> sites that used to work fine. My first thought was browser or local
> firewall problem so I took my laptop along to eliminate the
> possibility of that being the fault.
>
> After some playing we found a couple of sites (hotmail and part of the
> Ryan Air booking system) that just timed out when we tried to access
> them, this was through my laptop and through their machines. I've just
> tried the same sites 10 mins later at home and they are working fine
> so it isn't that the sites aren't down. I also tried hitting the site
> through netcat and again, it just timed out.
>
> It isn't a http vs https issue as I successfully visited a number of
> sites of both types.
>
> It isn't even just web traffic, the ftp connection they use to publish
> their website allowed us to login and get a directory listing of the
> root directory and change into a subdirectory but getting a directory
> listing of that directory timed out. The same connection works fine
> from my friends home network so it isn't a permissions issue.
>
> I'm at a loss of what to suggest, they are using smoothwall express v2
> between their switch and modem but that hasn't been updated for months
> so is unlikely to be the cause, just in case it was playing up we
> tried rebooting it and the problem still persisted.
>
> The problem has been happening for over a month now but nothing has
> been changed in a lot longer than that so it shouldn't be a config
> issue.
>
> I've suggested talking to their ISP (BT) to see if they can suggest
> anything. Has anyone here got any suggestions of what to try, I'm
> completely stumped!
>
> Robin
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Dan McGinn-Combs, Security+, GSEC, CISSP, CISA
dgcombs at gmail.com
Grand Central: +1 404 492 7532
Peachtree City, Georgia USA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20081103/2656e5d0/attachment.htm