Just failed some hour ago, a traceroute shows it stops at google: 7 209.85.255.118 (209.85.255.118) 33.281 ms 209.85.255.122 (209.85.255.122)
40.234 ms 209.85.255.126 (209.85.255.126) 34.114 ms 8 * grml: ~/compile/pantel/fm_pic # whois 209.85.255.118 # # Query terms are ambiguous. The query is assumed to be: # "n 209.85.255.118" # # Use "?" to get help. #
# # The following results may also be obtained via: #
formatting link
?showDetails=true&showARIN=false #
NetRange: 209.85.128.0 - 209.85.255.255 CIDR: 209.85.128.0/17 OriginAS: NetName: GOOGLE
New Google management? Disaster? Can anyone ping 8.8.4.4?
64 bytes from 8.8.4.4: icmp_seq=1 ttl=55 time=50.3 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=55 time=49.6 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=55 time=49.6 ms
64 bytes from 8.8.4.4: icmp_seq=4 ttl=55 time=50.8 ms
cut C:\Documents and Settings\klant\Desktop\test>PING 8.8.4.4 -l 56
Pinging 8.8.4.4 with 56 bytes of data:
Reply from 8.8.4.4: bytes=56 time=22ms TTL=57 Reply from 8.8.4.4: bytes=56 time=14ms TTL=57 Reply from 8.8.4.4: bytes=56 time=14ms TTL=57 Reply from 8.8.4.4: bytes=56 time=14ms TTL=57
Ping statistics for 8.8.4.4: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 14ms, Maximum = 22ms, Average = 16ms
On a sunny day (Tue, 19 Apr 2011 14:30:41 -0600) it happened m II wrote in :
OK, all of you, thank you. I found the reason, one of my security scripts added 8.8.8.8 and 8.8.4.4 to the firewall.
I started wondering when it both did not work via KPN (fixed IP), and Vodafone mobile (variable IP). Then I remembered that I still had the protection scripts running from the time I had the servers here...
Normally I would check for entries in that every day, but as the servers are now elsewhere I never looked at it. Log of 'dos_stop' (Denial Of Service attack protection) script: dos_stop: Wed Apr 20 09:36:49 2011 dos_stop: testing for 20 seconds Rejected IPs: 8.8.8.8 count= 0 repeat_count= 3 time=Thu Apr 14 19:54:05 2011 last seen=Thu Apr 14 19:54:03 2011 8.8.4.4 count= 0 repeat_count= 3 time=Tue Apr 19 19:39:40 2011 last seen=Tue Apr 19 19:39:39 2011
2 IP addresses rejected
What happens is, that if it sees to many connections in a given time on port 53, it then adds that IP to the firewall. I was busy roaming the web and ebay, must have been too many name lookups... You can see from that log that I lost 8.8.8.8 already on april 14. But as I had nameservers 8.8.8.8 and 8.8.4.4 in /etc/resolv.conf, and IIRC already swapped it so it tried 8.8.4.4 first because it was so slow, how easy it is to forget things:-) LOL Thank you all for the help.
64 bytes from 8.8.4.4: icmp_seq=1 ttl=58 time=26.1 ms
64 bytes from 8.8.4.4: icmp_seq=2 ttl=58 time=23.7 ms
64 bytes from 8.8.4.4: icmp_seq=3 ttl=58 time=27.7 ms from Hong Kong
Perhaps you need to extend the pseudo connection time for 53/udp, so the expected replies are not counted towards DoS? I remember needing to do something like that here for a different reason, the replies were coming way past the normally expected times.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.