On Sep 13, 2011, at 2:28 PM, Bryan Burke wrote: >> ...with zero successful connections to that IP. The connectivity failure is >> entirely reproducible by hand: >> >> % telnet 88.198.67.125 80 >> Trying 88.198.67.125... >> telnet: connect to address 88.198.67.125: Connection refused >> telnet: Unable to connect to remote host > > I should say that when I did this, I got the same, but the connection seemed > to be timing > out, not being refused (despite what telnet says). Was it the same for you?
No, I get an immediate connection refused and an ICMP port unreachable back: # tcpdump -nq host 88.198.67.125 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes 14:32:31.222347 IP 17.209.4.71.55899 > 88.198.67.125.80: tcp 0 14:32:31.397480 IP 88.198.67.125 > 17.209.4.71: ICMP 88.198.67.125 tcp port 80 unreachable, length 72 ^C 2 packets captured > I ask because that would indicate either that the web server on that IP is > down, or that > some firewall is silently dropping packets. The webserver appears down from here; while a firewall could be configured to return ICMP_UNREACH_PORT, normally they just drop the traffic and you get connection timeouts as you've described... Regards, -- -Chuck _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
