.
Dylan Ebner, Network Engineer
Consulting Radiologists, Ltd.
-Original Message-
From: Andrey Gordon [mailto:andrey.gor...@gmail.com]
Sent: Tuesday, February 09, 2010 1:35 PM
To: Nanog
Subject: black listing of web traffic
Hi list
I have a problem that I can't seem to find a solutio
On Tue, 2010-02-09 at 17:44 -0500, Andrey Gordon wrote:
> What I don't get is why there is consistency in opening sites. Why does
> facebook open all the time and store.apple.com barely opens all the time.
> I'd say if it would be NAT exhaustion, they would all behave the same way
> meaning open an
On Tue, 2010-02-09 at 17:04 -0500, Andrey Gordon wrote:
> Thx to all the folks replying off the list.
>
> The more I trouble shoot the more I'm convinced that it's not the sites that
> are doing rate-limiting. I went to a website of one of my previous employers
> (a small company). Chances of them
On Tue, 09 Feb 2010 17:44:01 EST, Andrey Gordon said:
> It does seem much like NAT exhaustion even though the f/w claims only 13K
> session for two dynamic NATs and about 20 static ones.
> What I don't get is why there is consistency in opening sites. Why does
> facebook open all the time and stor
That's not surprising behaviour on a PaloAlto unit, they are still
very young in the market and my colleagues have had issues with NAT
and proxy arp in the recent past.
Chris Campbell
-
On 9 Feb 2010, at 22:31, "Andrey Gordon"
wrote:
> By changing my outbound IP addres
Thanks to all,
The problem seems to be fixed by changing the NAT ip to something else and
than back.
It does seem much like NAT exhaustion even though the f/w claims only 13K
session for two dynamic NATs and about 20 static ones.
What I don't get is why there is consistency in opening sites. Why d
By changing my outbound IP address to a different one (i suspect effectively
resetting sessions) the problem was solved. So, after that I set it back to
the original source NAT. And the sites open up just fine still. It really
behaves like a NAT table exhaustion, but the firewall only reports 13000
Could it be a dns issue? Some sites trying to resolve your ip address
and others don't?
Sent from my iPhone
On Feb 9, 2010, at 4:47 PM, Andrey Gordon
wrote:
Can't find my IP on any of the black lists. Don't have any proxies.
Sites
that behave poorly are consistent. That is to say that
Thx to all the folks replying off the list.
The more I trouble shoot the more I'm convinced that it's not the sites that
are doing rate-limiting. I went to a website of one of my previous employers
(a small company). Chances of them having a fancy reverse proxy with some
sort of black list filteri
Andrey Gordon wrote:
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consi
Andrey Gordon wrote:
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consi
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consistently take forever to
True...and I was a subscriber, so I should have remembered that...but it
was roughly a decade ago and in that form dead most of that time.
Irrelevant to this guy's current issue.
On Tue, 9 Feb 2010, Tony Finch wrote:
On Tue, 9 Feb 2010, Jon Lewis wrote:
Other than the Spamhaus DROP list, I'
On Tue, 9 Feb 2010, Jon Lewis wrote:
>
> Other than the Spamhaus DROP list, I've never heard of blacklisting being
> applied to IP routing.
The RBL was originally distributed via BGP.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY
On Tue, 9 Feb 2010, Andrey Gordon wrote:
I have a problem that I can't seem to find a solution to yet. My student
network is being NATted out and anyone who's on that network had troubles
accessing random websites.
For example, going to www.apple.com or www.facebook.com would work great,
but sto
I know that cisco either are or have integrated the IronPort
reputation service into their IPS devices, maybe a check on www.senderbase.org
could help.
Chris Campbell
-
On 9 Feb 2010, at 19:36, "Andrey Gordon"
wrote:
> Hi list
>
> I have a problem that I can't seem to
Hi list
I have a problem that I can't seem to find a solution to yet. My student
network is being NATted out and anyone who's on that network had troubles
accessing random websites.
For example, going to www.apple.com or www.facebook.com would work great,
but store.apple.com would either not load
17 matches
Mail list logo