nanog mailing list archives

Re: Websurfing trouble to .gov and .il.us

From: valdis.kletnieks () vt edu
Date: Tue, 13 Mar 2018 14:27:37 -0400

On Mon, 12 Mar 2018 17:44:47 -0000, Sam Kretchmer said:

I am part of a small ISP based in Chicago. We have several clients
complaining of an inability to hit a couple specific government websites,
specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx and
https://www.deadiversion.usdoj.gov/. It does seem to be related to the IP's
they use, specifically parts of 213.159.132/22


First thing that comes to mind:  Fire up wireshark and
see if anything pops out.

Second thing: PMTU black hole or similar - the 3 packet handshake
completes, and TLS fires up, and then comes to a screeching halt
when something large causes a MTU-sized packet to happen.

Double-check the pages, make sure they aren't doing something
squirrelly like fetching CSS from some *other* site that's down
or PMTU black holed.

Oh, and 519 lashes with a wet noodle for the IL state division of IT
for having a Login.aspx on an http: site. ;)

Attachment: _bin
Description:

Current thread:

Websurfing trouble to .gov and .il.us Sam Kretchmer (Mar 13)
- Re: Websurfing trouble to .gov and .il.us William Herrin (Mar 13)
- Re: Websurfing trouble to .gov and .il.us Stephen Satchell (Mar 13)
- Re: Websurfing trouble to .gov and .il.us lists (Mar 13)
- Re: Websurfing trouble to .gov and .il.us valdis . kletnieks (Mar 13)