Sign in to follow this  
Followers 0
Nathan

Problems accessing MrPLC.com

14 posts in this topic

Users on PLCS.NET are reporting not being able to get to MrPLC.com. DNS resolution appears to be working for all. They are from a variety of non-US countries. I can access this site fine from Korea. http://www.plctalk.net/qanda/showthread.php?p=303476

Share this post


Link to post
Share on other sites
I've requested USERs IP addresses to make sure they did not get on the automatic tripwire block list. They might be blocked at our firewall level. They should visit this page: http://www.whatismyip.com/ Report back what their IP address. If users are using public ips such as 192.168.x.x. That is NO GOOD. That is an internal IP address scheme, illegal to surf the web this way in my opinion. Hackers will hide behind internal IP address ranges like 192.168.x.x/16 and 10.x.x.x/8. these ranges are blocks by our firewall. Their IT people have not configured their system correctly to identity themselves as a genuine internet user. I've posted this back in 2005: http://forums.mrplc.com/index.php?showtopic=6007 These user that display private IPs do not have their LAN configured correctly for NAT. They should as best pratice display their public IP when surfing the web. If I open this doorway, I will be exposing mrplc to hack attacks I dealt with in 2003 and 2004 time period, and an EXESSIVE amounts of spam postings. Here is a book on this topic: Hack Proofing Linux http://books.google.com/books?id=5vVy6F80g...4&ct=result I am sorry for the users, I deeply regret this, but their IT people are not following best practices for public and private IP addresses if this is the case. The above would be ONE REASON why certain users can not access mrplc.com The second would be an automatic tripwire block in the firewall.

Share this post


Link to post
Share on other sites
Ok I figured it out. Wow...Buckled down for this...I dug deep into the firewall, and I forgot I setup firewall blocks for unassigned subnets. Believe it or not, here is your internet lesson for the day. All the subnet IPs have not been sold yet. Here is a list of IP subnets you can purchase: http://www.iana.org/assignments/ipv4-address-space If you look at the top, you'll see the list got updated 12-22-2008. that means some company bought another IP BLOCK. One of the users having problems had an IP of 173.x.x.x Until Dec 2008, there was no such thing as 173.x.x.x IP addresses. Therefore, parniod CHAKORULES blocked any IP address range not currently owed. Here "WAS" the firewall block: (These are listing of IP blocks that no one owns) or unallocated: 1.0.0.0/8 2.0.0.0/8 5.0.0.0/8 23.0.0.0/8 27.0.0.0/8 31.0.0.0/8 36.0.0.0/8 37.0.0.0/8 39.0.0.0/8 42.0.0.0/8 46.0.0.0/8 94.0.0.0/8 95.0.0.0/8 100.0.0.0/8 101.0.0.0/8 102.0.0.0/8 103.0.0.0/8 104.0.0.0/8 105.0.0.0/8 106.0.0.0/8 107.0.0.0/8 108.0.0.0/8 109.0.0.0/8 110.0.0.0/8 111.0.0.0/8 112.0.0.0/8 113.0.0.0/8 114.0.0.0/8 115.0.0.0/8 173.0.0.0/8 174.0.0.0/8 175.0.0.0/8 176.0.0.0/8 177.0.0.0/8 178.0.0.0/8 179.0.0.0/8 180.0.0.0/8 181.0.0.0/8 182.0.0.0/8 183.0.0.0/8 184.0.0.0/8 185.0.0.0/8 186.0.0.0/8 187.0.0.0/8 197.0.0.0/8 223.0.0.0/8 240.0.0.0/8 241.0.0.0/8 242.0.0.0/8 243.0.0.0/8 244.0.0.0/8 245.0.0.0/8 Now compare that to the list updated 12-22-2008. http://www.iana.org/assignments/ipv4-address-space Here are the blocks recently purchased: 108/8 ARIN 2008-12 whois.arin.net ALLOCATED 110/8 APNIC 2008-11 whois.apnic.net ALLOCATED 111/8 APNIC 2008-11 whois.apnic.net ALLOCATED 112/8 APNIC 2008-05 whois.apnic.net ALLOCATED 113/8 APNIC 2008-05 whois.apnic.net ALLOCATED 173/8 ARIN 2008-02 whois.arin.net ALLOCATED 174/8 ARIN 2008-02 whois.arin.net ALLOCATED 184/8 ARIN 2008-12 whois.arin.net ALLOCATED 197/8 AfriNIC 2008-10 whois.afrinic.net ALLOCATED So I had to go in and update my parniod firewall list... Wow...apnic.net just purchased a bunch of IP blocks this year...that must mean alot of servers going up. I opened up the door on the above IP BLOCKS. Let me know if that fixes everyone. Lesson in IP BLOCKS is over. Thanks for making me dig into this. Chako

Share this post


Link to post
Share on other sites
Yep, it fits, one of the people having trouble had an IP starting with 94

Share this post


Link to post
Share on other sites
Thanks, for the lesson. LEARN something today so you can TEACH something tomorrow!

Share this post


Link to post
Share on other sites
So I need to open 94.x.x.x also? Chako

Share this post


Link to post
Share on other sites
And just wait until IPV6 is online. You'll have even more fun Chako.

Share this post


Link to post
Share on other sites
Ha, ha - Awesome! I wasn't buying the NAT explanation, but I'd never thought about changes to unassigned subnets! Makes you wonder how many of the Internet routers still block these in their ACLs... Thanks for the fix and the lesson Chako.

Share this post


Link to post
Share on other sites
Just opened up 94.x.x.x.x It was purchased back in 2007, they must just have put it online. 094/8 RIPE NCC 2007-07 whois.ripe.net ALLOCATED Glad everyone is good. I'll have to make it a habit to monitor IPV4 and IPV6 too!

Share this post


Link to post
Share on other sites
Ok just for fun. You guys see how many IP blocks are left. Don't dwell on the fact BobL gave away the farm that this issue will be solved in IPV6 (Internet Protocol Version 6.0)... 0.0.0.0 through 255.255.255.255 how many public IP addresses is that? Each part of an IP address is a byte = eight bits binary. The entire IP address is 32-bits long = 4 bytes. Or to us PLC folks, a double word. One octet, I think is 2 to the 24th power or about 16 million times 255 octets. 4 billion something total - minus the private IP range..... (Good thing they allow private IPs assigned, and NATing through routers) There are over 4 billion devices that require public IPs or computers on this planet. Not counting all the unknown PCs behind a firewall router..... In 2004, 19 IP blocks where purchased In 2005, 11 IP blocks where purchased In 2006, 10 IP blocks where purchased In 2007, 14 IP blocks where purchased In 2008, 9 IP blocks where purchased. There are about 50 more blocks left. How long will it be before the human race uses up all of the IPV4 standard IP addresses? At an average of 10 blocks per year, only FIVE years left before IPV4 is toast... IPV6 is a 128-bit IP address packet. Can you imagine what will happen when we transition? 10 octets is 160 million computers or servers going up each year...that's insane. Crazy....

Share this post


Link to post
Share on other sites
Funny...my first thought was back to the cables that got recently taken out in the Mediterranean sea. I figured it was outright loss of connectivity due to the fact that right now everything is being rerouted (there are very few direct Asia/Europe links) and the traffic over those links is extremely high.

Share this post


Link to post
Share on other sites
Nagh - pretty obvious that it was an ACL issue (see troubleshooting speculation on PLCTalk). Most of them could traceroute up to the last leg. Routing protocols do a pretty good job even when major links drop. They'd be randomly getting timed out instead of dest host unreachable errors. I tried to first describe the problem from a non-technical perspective. I hate when people come to me with an IT problem framed around their attempted troubleshooting. That info is good, but not in describing the problem~especially when they don't know my system or I'm dealing with known outages. Where can I read about the cable issue?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0