[Discuss] Problem accessing blu.org

Derek Atkins derek at ihtfp.com
Wed May 20 15:21:45 EDT 2020


Interesting, "communication administratively prohibited".

Does BLU run Fail2ban?  Maybe your Comcast IP Address got banned/blocked?
Although that wouldn't explain why traceroutes would stop so quickly.

If you run traceroute again can you still get that far or does it stop at
the first hop?

Note, from
https://serverfault.com/questions/434211/what-does-z-and-x-mean-in-a-traceroute

Since Linux uses UDP for trace-routes, this can originate from a
--reject-with icmp-host-prohibited rule at the destination. Some Linux
distros have this as a default configuration. To fix this you need to
reply with --reject-with icmp-port-unreachable on UDP ports 33434 through
33534.

-derek


On Wed, May 20, 2020 3:08 pm, Jerry Feldman wrote:
> This is my current traceroute about 5 mins after resetting my cable modem
> Note the !X. Note that vranix is a cname for driftwood.blu.org
> [gaf at gaf ~]$ traceroute blu.org
> traceroute to blu.org (216.235.254.230), 30 hops max, 60 byte packets
>  1  * * *
>  2  96.120.64.29 (96.120.64.29)  20.949 ms  22.637 ms  22.027 ms
>  3  162.151.169.205 (162.151.169.205)  21.398 ms  22.473 ms  22.657 ms
>  4  be-310-ar01.woburn.ma.boston.comcast.net (96.108.44.221)  22.884 ms
>  34.046 ms  35.013 ms
>  5  96.108.71.30 (96.108.71.30)  35.387 ms  36.020 ms  35.471 ms
>  6  50.231.30.210 (50.231.30.210)  36.075 ms  17.799 ms  18.689 ms
>  7  vranix.blu.org (216.235.254.230)  17.894 ms !X  16.698 ms !X  30.475
> ms
> !X
>
> On Wed, May 20, 2020 at 3:01 PM Jerry Feldman <gaf.linux at gmail.com> wrote:
>
>> Thanks Derek.
>> I've spent hours chatting and speaking with Comcast. They elevated me to
>> 'advanced repair'. The first advanced guy I chatted with seemed to be
>> pretty sharp, but resetting the modem broke off the chat. The second guy
>> I
>> spoke to over the phone elevated me to  'advanced repair' and this guy
>> wasn't too sharp. First he always went to the browser, and I told him it
>> was on the terminal. He finally said it wasn't comcast. One thing I
>> wanted
>> to do was to have comcast reset dhcp so I could get a different IP
>> address.
>>
>> I reset the cable modem/gateway a few minutes ago and I am able to
>> access
>> blu.org. I did this so I could display the meeting page. As long as I
>> don't refresh that tab, I can display it on jitsi so if I lose
>> connectivity
>> with blu, I can still display the web site.
>>
>> On Wed, May 20, 2020 at 8:41 AM Derek Atkins <derek at ihtfp.com> wrote:
>>
>>> Here is another question for you:  what is your local network
>>> configuration?  Are you using Comcast's modem/router directly or do you
>>> have your own router behind their modem?  If the latter, what happens
>>> if
>>> you try to "remove" your own router?  Does that change anything?
>>>
>>> Another avenue to look at is whether you might be filling up the
>>> modem's
>>> NAT table?  A very unlikely scenario, but it's certainly one I've hit
>>> (on
>>> AT&T).
>>>
>>> IF you can display the problem with only comcast equipment I'd phone
>>> into
>>> their tech support.
>>>
>>> -derek
>>>
>>> On Wed, May 20, 2020 8:11 am, Jerry Feldman wrote:
>>> > I've rebooted the router a few times. After I reboot the router, I am
>>> able
>>> > to access the site for about 5 minutes. I am certain the blocking is
>>> > relatively local.
>>> >
>>> > On Tue, May 19, 2020 at 2:41 PM Joe Polcari <Joe at polcari.com> wrote:
>>> >
>>> >> FYI – I am inside Comcast’s network – so not blocked in any manner,
>>> in
>>> >> fact nothing is blocked in any manner in the ISP part of the
>>> network.
>>> >>
>>> >> – let me see how much of this I can paste here
>>> >>
>>> >>
>>> >>
>>> >> $ traceroute blu.org
>>> >>
>>> >> traceroute to blu.org (216.235.254.230), 64 hops max, 52 byte
>>> packets
>>> >>
>>> >>  1  * * *
>>> >>
>>> >>  2  192.168.1.1 (192.168.1.1)  3.825 ms  3.507 ms  4.291 ms
>>> >>
>>> >>
>>> >>
>>> >> Suffice it to say that from Florida it routes through Georgia, to
>>> >> Chicago,
>>> >> to Woburn to blu.org.
>>> >>
>>> >>
>>> >>
>>> >> 22  50.231.30.210 (50.231.30.210)  72.456 ms  71.796 ms  70.346 ms
>>> >>
>>> >> 23  vranix.blu.org (216.235.254.230)  71.067 ms !Z  79.478 ms !Z
>>> 71.794
>>> >> ms !Z
>>> >>
>>> >>
>>> >>
>>> >> $ ping blu.org
>>> >>
>>> >> PING blu.org (216.235.254.230): 56 data bytes
>>> >>
>>> >> 64 bytes from 216.235.254.230: icmp_seq=0 ttl=45 time=70.776 ms
>>> >>
>>> >> 64 bytes from 216.235.254.230: icmp_seq=1 ttl=45 time=69.724 ms
>>> >>
>>> >> 64 bytes from 216.235.254.230: icmp_seq=2 ttl=45 time=70.567 ms
>>> >>
>>> >> 64 bytes from 216.235.254.230: icmp_seq=3 ttl=45 time=70.714 ms
>>> >>
>>> >> ^C
>>> >>
>>> >> --- blu.org ping statistics ---
>>> >>
>>> >> 4 packets transmitted, 4 packets received, 0.0% packet loss
>>> >>
>>> >> round-trip min/avg/max/stddev = 69.724/70.445/70.776/0.423 ms
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> From: Discuss <discuss-bounces+joe=polcari.com at lists.blu.org> on
>>> behalf
>>> >> of Bill Ricker <bill.n1vux at gmail.com>
>>> >> Date: Tuesday, May 19, 2020 at 11:22 AM
>>> >> To: Derek Atkins <derek at ihtfp.com>
>>> >> Cc: "discuss at blu.org" <discuss at blu.org>
>>> >> Subject: Re: [Discuss] Problem accessing blu.org
>>> >>
>>> >>
>>> >>
>>> >> One wonders if COMCAST is an ISP or just an infotainment company
>>> >> providing
>>> >>
>>> >> Web access to related media properties only.
>>> >>
>>> >>
>>> >>
>>> >> Perhaps COMCAST has blackholed the BLU IP address because it has a
>>> >>
>>> >> mailserver/Listserve and isn't named Google or Yahoo or AOL and thus
>>> is
>>> >>
>>> >> misdiagnosed as an infected site or worm control node :-/  .
>>> >>
>>> >>
>>> >>
>>> >> If it helps, from VZ FIOS
>>> >>
>>> >> traceroute to 216.235.254.230 (216.235.254.230), 30 hops max, 60
>>> byte
>>> >>
>>> >> packets
>>> >>
>>> >> 1  172.17.2.1 (172.17.2.1)  0.573 ms  2.032 ms  2.167 ms
>>> >>
>>> >> 2  * * *
>>> >>
>>> >> 3  B3367.BSTNMA-LCR-21.verizon-gni.net (100.41.9.174)  9.625 ms
>>> >>
>>> >> B3367.BSTNMA-LCR-22.verizon-gni.net (100.41.9.176)  13.575 ms
>>> >>
>>> >> B3367.BSTNMA-LCR-21.verizon-gni.net (100.41.9.174)  11.152 ms
>>> >>
>>> >> 4  * * *
>>> >>
>>> >> 5  * * *
>>> >>
>>> >> 6  0.ae13.GW13.NYC1.ALTER.NET (140.222.234.193)  24.780 ms  11.364
>>> ms
>>> >>
>>> >> 0.ae11.GW13.NYC1.ALTER.NET (140.222.234.191)  17.289 ms
>>> >>
>>> >> 7  windstream-gw.customer.alter.net (204.148.1.234)  17.595 ms
>>> 17.132
>>> >> ms
>>> >>
>>> >> 17.585 ms
>>> >>
>>> >> 8  ae10-0.cr01.nycm01-ny.us.windstream.net (40.129.35.248)  15.832
>>> ms
>>> >>
>>> >> 14.770 ms  15.087 ms
>>> >>
>>> >> 9  h255.81.138.40.static.ip.windstream.net (40.138.81.255)  15.009
>>> ms
>>> >>
>>> >> 14.565 ms  13.248 ms
>>> >>
>>> >> 10  te-0-4-0-0.wrcmankgs04.onecommunications.net (64.69.99.239)
>>> 15.371
>>> >> ms
>>> >>
>>> >> 15.149 ms  17.693 ms
>>> >>
>>> >> 11  te-3-1.wrcsmank-r76-02.onecommunications.net (64.69.99.234)
>>> 15.472
>>> >> ms
>>> >>
>>> >> 22.063 ms  22.031 ms
>>> >>
>>> >> 12  static-72-248-107-33.mas.onecommunications.net (72.248.107.33)
>>> >> 17.148
>>> >>
>>> >> ms  15.806 ms  15.384 ms
>>> >>
>>> >> 13  vranix.blu.org (216.235.254.230)  11.826 ms !X  16.396 ms !X
>>> 9.762
>>> >> ms
>>> >>
>>> >> !X
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> I do like how an HTTP connection to the real hostname or IP address
>>> >>
>>> >> provides a choice page to select the virtual site ! Nice touch.
>>> >>
>>> >>
>>> >>
>>> >> 216.235.254.230
>>> >>
>>> >>
>>> >>
>>> >> This server belongs to Boston Linux & UNIX <http://blu.org>, a Linux
>>> and
>>> >>
>>> >> UNIX user group.
>>> >>
>>> >> ------------------------------
>>> >>
>>> >> Guest Websites
>>> >>
>>> >>
>>> >>
>>> >>     1. BUGC <http://www.bugc.org>
>>> >>
>>> >>     2. HeliVets <http://www.heli-vets.net>
>>> >>
>>> >>     3. VHCMA <http://www.vhcma.org>
>>> >>
>>> >>     4. VHFCN <http://www.vhfcn.org>
>>> >>
>>> >>     5. VHPAF <http://www.vhpaf.org>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >>
>>> >> Discuss mailing list
>>> >>
>>> >> Discuss at lists.blu.org
>>> >>
>>> >> http://lists.blu.org/mailman/listinfo/discuss
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Discuss mailing list
>>> >> Discuss at lists.blu.org
>>> >> http://lists.blu.org/mailman/listinfo/discuss
>>> >>
>>> >
>>> >
>>> > --
>>> > --
>>> > Jerry Feldman <gaf.linux at gmail.com>
>>> > Boston Linux and Unix
>>> > PGP key id: 6F6BB6E7
>>> > Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7
>>> >
>>>
>>>
>>> --
>>>        Derek Atkins                 617-623-3745
>>>        derek at ihtfp.com             www.ihtfp.com
>>>        Computer and Internet Security Consultant
>>>
>>>
>>
>> --
>> --
>> Jerry Feldman <gaf.linux at gmail.com>
>> Boston Linux and Unix
>> PGP key id: 6F6BB6E7
>> Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7
>>
>
>
> --
> --
> Jerry Feldman <gaf.linux at gmail.com>
> Boston Linux and Unix
> PGP key id: 6F6BB6E7
> Key fingerprint: 0EDC 2FF5 53A6 8EED 84D1  3050 5715 B88D 6F6B B6E7
>


-- 
       Derek Atkins                 617-623-3745
       derek at ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant



More information about the Discuss mailing list