Utterly confused.... Routing issue? or something else?

Printable View

October 23rd, 2003, 11:46 PM
Tiger Shark

Utterly confused.... Routing issue? or something else?

I have a series of subnets, (private), whose oubound path to the web would be:-

1. local machine
2. Local router (default route to local firewall)
3. Local firewall (default route to demil router)
4. Demil router (default route to ISP)

The issue was noticed when I tried to connect from a local machine through the local router to www.microsoft.com.... It failed.... as did updates/windowsupdates...etc.... The local machine can connect to any other web site.... The local machine gives the same nslookup as another machine on a different network using a different ISP, clearing the dnscache and retrying gets the same dns results. Connecting directly to the router, (through the console port), there are no routes other than:-

0.0.0.0 0.0.0.0 xxx.xxx.xxx

Furthermore, checking ACL's there are none.

Tracert's from local machines get past the demil router except to www.microsoft.com etc. which stops at the demil saying "destination unreachable". Everything else goes past the demil. From my subnets that go out a different T1 they all get anywhere..... Just on these subnets through that router, Microsoft is unreachable. I've looked everywhere I know and I can't work out why M$ sites are blocked/dropped by a router that is outside any restrictive software I have in place... it can't ping M$ in any way...traceroutes fail too from the router too, at the router...... It's the demil that gives the "destination unreachable".

Has someone "F"ed with my demil router or I am "F"ing stupid???????

I'm confused and therefore a tad peeved......

Any assistance is gratefully accepted.....
October 24th, 2003, 01:11 AM
nihil

Hi Tiger,

I suspect that something (I mean someone) has tried a cute stunt and M$ are blocking it? I had no problem with the link you gave, you do not through other routers? is is some sort of ISP/MAC ADDY that identifies that one as "not trusted"

I am really guessing here, but the link worked for me.

Good luck

Johnno
October 24th, 2003, 04:52 AM
KorpDeath

As stated before you may be the victim of someone using the demil router for attacks on M$. Or that router has lost that particular route.

Can you check the demil router for the route cache entries?
October 24th, 2003, 11:09 AM
Tiger Shark

Thanks guys...... At least at this point it doens't appear that it's me being F'ing stupid..... :confused:

I'll take another look when I get to work..... Can't be bothered to run through all the garbage I have to do to get to that router from home and I haven't finished coffee #1 yet either....

I'll check for cached routes but that shouldn't be an issue...... I have ONLY the one route in the router 0.0.0.0 0.0.0.0 xxx.xxx.xxx.xxx.

I would appreciate a favor though before I get to work...... Can a couple of you post the last three router IP's you see on a tracert www.microsoft.com so I can confirm the final route into M$. What I want to do is ping the routers real close to M$ and see if I can. If I can get close to M$ but not to M$ itself it would tend to confirm that M$ is dropping my connections.... Which would be a bad thing since I have no logs or anything for that router since it sits outside the FW.....

Thanks in advance...
October 24th, 2003, 11:26 AM
yourname

14 32 ms 31 ms 31 ms pos5-0.ur1.sjc5.web.wcom.net [152.63.54.170]
15 28 ms 28 ms 34 ms 63.66.208.13
16 29 ms 31 ms 28 ms 63.66.208.35
17 32 ms 31 ms 31 ms 206.112.112.47

those are my last 4 hops to www.microsoft.com hope it helps

/yourname
October 24th, 2003, 11:49 AM
freealans

8 so5-0-0-2488M.ar2.NYC1.gblx.net (67.17.64.150) 1.906 ms 7.853 ms 9.880 ms
9 208.50.13.102 (208.50.13.102) 1.972 ms 1.935 ms 1.761 ms
10 P13-0.NYKCR2.New-york.opentransit.net (193.251.241.30) 1.990 ms 1.856 ms 1.883 ms
11 P2-0.NYKBB5.New-york.opentransit.net (193.251.241.230) 1.894 ms 8.723 ms 2.018 ms
12 80.15.249.110 (80.15.249.110) 2.191 ms 2.067 ms 2.098 ms
October 24th, 2003, 11:52 AM
nihil

Hi Tiger,

It jumps about the UK then leaves London and goes to 80.15.236.16 and I get a "No rDNS" message

Cheers
October 24th, 2003, 01:12 PM
Tiger Shark

Well........ What can I say......

As an old friend in this business who taught me an awful lot once said:-

"Sometimes this stuff is just voodoo"...... :eek:

So, I come in this morning and my snort box on that last subnet before "the world" has been whining all night about "destination unreachable, (Host Unreachable)"........ Ok, it's still not working thinks me......

Term Serv onto a the local machine with the console connection to the router and do a quick ping of M$ to determine the resolved address, which resolves to the same place it was last night and the bloody thing responded.... So I pinged it again...... It responded again..... I sat back, stared somewhat blankly at the screen and tracerted it..... Perfect - all the way through..... Hmmm.... Tracert windowsupdate.microsoft.com.... Perfect..... Hmmmm..... Open IE.... goto www.microsoft.com.... There's the page..... wtf.... Voodoo, Ghosts, Poltergeists.... I dunno but it seems like the hour I wasted last night was just that - wasted.....

Or maybe it's the evil Gates screwing with me..... He's probably laughing his ass off at me right now while he decides when he'll play the same prank again.... ;)

Thanks to those who replied..... At least you made me feel sane - for a while...... :D