It seems like a lame excuse. tcptraceroute is to bypass firewall. Normally you would run traceroute. Which suggest they might block a larger range of ports. Nmap would show all the ranges are blocked. BTW, tell them to use ZombieZapper against DDOS.
http://www.suggestafix.com/index.php?showtopic=1895 Here are the results I ran on netvision.net.il tcptraceroute netvision.net.il Selected device eth2, address 10.0.0.5, port 34527 for outgoing packets Tracing the path to netvision.net.il (62.0.18.221) on TCP port 80 (http), 30 hops max 1 10.0.0.1 1.136 ms 1.022 ms 1.022 ms 2 10.163.160.1 11.996 ms 9.137 ms 9.063 ms 3 172.18.2.14 9.291 ms 10.326 ms 11.478 ms 4 172.17.0.169 11.413 ms 14.965 ms 10.424 ms 5 CORE-1.PT-SUSITA-gig4-12.012.net.il (212.199.18.133) 200.404 ms CORE-1.PT-SUSITA-gig4-2.012.net.il (212.199.170.18) 167.329 ms 106.137 ms 6 CORE-1.MRK-tengig7-3.012.net.il (212.199.6.82) 10.169 ms 13.232 ms 11.085 ms 7 * BB.MR-01-gig3-8.012.net.il (212.199.19.217) 12.954 ms 10.638 ms 8 gi0-1.peersw01.ptk.nv.net.il (212.143.12.50) 9.514 ms 11.738 ms 10.703 ms 9 * vl101.coresw1.ptk.nv.net.il (212.143.10.1) 11.112 ms 10.815 ms 10 * ge1-5.coresw1.hfa.nv.net.il (212.143.12.93) 12.784 ms 14.589 ms 11 po41.srvc4.hfa.nv.net.il (212.143.8.50) 14.701 ms 13.859 ms 13.076 ms 12 * * * 13 nvb.netvision.net.il (62.0.18.221) [open] 14.049 ms 28.000 ms 58.943 ms ---------------------------------------------------------- traceroute netvision.net.il traceroute to netvision.net.il (62.0.18.221), 30 hops max, 40 byte packets 1 10.0.0.1 (10.0.0.1) 1.963 ms 3.321 ms 4.583 ms 2 10.163.160.1 (10.163.160.1) 14.831 ms 18.463 ms 22.821 ms 3 172.18.2.14 (172.18.2.14) 29.602 ms 33.470 ms 38.706 ms 4 172.17.0.169 (172.17.0.169) 41.919 ms 45.026 ms 50.168 ms 5 CORE-1.PT-SUSITA-gig4-12.012.net.il (212.199.18.133) 53.678 ms * * 6 CORE-1.MRK-tengig7-3.012.net.il (212.199.6.82) 65.499 ms 9.560 ms 12.288 ms 7 BB.MR-01-gig3-8.012.net.il (212.199.19.217) 16.122 ms 20.342 ms * 8 gi0-1.peersw01.ptk.nv.net.il (212.143.12.50) 28.201 ms 32.621 ms 36.436 ms 9 * vl101.coresw1.ptk.nv.net.il (212.143.10.1) 45.054 ms 49.730 ms 10 ge1-5.coresw1.hfa.nv.net.il (212.143.12.93) 54.835 ms 59.280 ms 63.632 ms 11 po41.srvc4.hfa.nv.net.il (212.143.8.50) 65.898 ms 57.562 ms 57.864 ms 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * ------------------------------------------------- mtr -r -c 10 www.netvision.net.il HOST: carin Loss% Snt Last Avg Best Wrst StDev 1. 10.0.0.1 0.0% 10 1.1 1.1 1.1 1.7 0.2 2. 10.163.160.1 0.0% 10 7.4 8.6 6.9 17.6 3.2 3. 172.18.2.14 0.0% 10 11.3 10.5 9.8 11.3 0.5 4. 172.17.0.169 0.0% 10 26.8 13.9 9.6 26.8 5.3 5. CORE-1.PT-SUSITA-gig4-1.012. 10.0% 10 150.8 43.6 10.6 150.8 54.5 6. CORE-1.MRK-tengig7-3.012.net 0.0% 10 11.8 19.4 10.1 81.0 21.8 7. BB.MR-01-gig3-8.012.net.il 30.0% 10 10.9 13.4 10.9 21.0 3.5 8. gi0-1.peersw01.ptk.nv.net.il 0.0% 10 20.1 14.5 10.6 23.4 5.3 9. vl101.coresw1.ptk.nv.net.il 20.0% 10 11.3 13.2 10.3 21.6 3.9 10. ge1-5.coresw1.hfa.nv.net.il 20.0% 10 14.3 16.1 12.9 21.6 2.8 11. po41.srvc4.hfa.nv.net.il 0.0% 10 11.8 13.8 11.8 24.3 3.8 12. ??? 100.0 10 0.0 0.0 0.0 0.0 0.0 On Fri, Apr 25, 2008 at 1:46 AM, Michael Tewner <[EMAIL PROTECTED]> wrote: > BTW, > > Top Netvision support people have claimed that it's an anti-DDOS > mechanism.... > > But that seems strange - I mean, filtering legitimate TCP web requests > (tcptracroute) - 20% of the packets over just a few requests? > > Can anyone on Netvision try a simple web request with a sniffer and > see if there are any packet re-requests? (I would, but I'm our of > town) > > > > > On Sat, Apr 5, 2008 at 8:51 PM, Michael Tewner <[EMAIL PROTECTED]> wrote: > > Yeah - I seem to be getting 20-30% loss on TCP packets to www.cnn.com > > on the same router that was dropping the ICMP packets. (#4 below) > > > > Selected device eth0, address 10.1.1.193, port 38669 for outgoing packets > > Tracing the path to www.cnn.com (64.236.29.120) on TCP port 80 (www), > > 30 hops max > > 1 10.1.1.254 0.514 ms 0.974 ms 0.985 ms > > 2 XXXXXXXXX 0.986 ms 0.988 ms 0.983 ms > > 3 xxxxxxx.ser.netvision.net.il (XXXXXXXX) 9.403 ms 11.062 ms 12.373 ms > > 4 vl100.coresw2.hfa.nv.net.il (212.143.8.69) 13.803 ms * 10.785 ms > > 5 ge0-1.gw2.hfa.nv.net.il (212.143.8.212) 9.913 ms 9.894 ms 26.442 ms > > 6 pos1-0.brdr1.nyc.nv.net.il (212.143.12.13) 255.455 ms 247.516 ms > > > > > > On Fri, Apr 4, 2008 at 11:30 PM, Amos Shapira <[EMAIL PROTECTED]> wrote: > > > On Fri, Apr 4, 2008 at 10:35 PM, Michael Tewner <[EMAIL PROTECTED]> > wrote: > > > > > > > Just talked to Netvision Asakim support - > > > > He was knowlegable - ran `mtr` on his workstation and saw the packet > > > loss. > > > > > > > > He explained that "there is no problem" and that the core routers are > > > > dropping the ping packets based on the amount of load on the router. > > > > He explained that the router should only be dropping ICMP packets. > > > > > > I didn't read all the messages on this thread but maybe if you could run > the > > > same tests with tcptraceroute you could see weather the packet drop > happens > > > to TCP packets or not? > > > > > > --Amos > > > > > > > > > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
