Re: [clamav-users] Yet Another US Mirror Issue

Bryan Burke Tue, 13 Sep 2011 15:16:09 -0700

> No, I get an immediate connection refused and an ICMP port unreachable back:
> 
> # tcpdump -nq host 88.198.67.125
> tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
> listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes
> 14:32:31.222347 IP 17.209.4.71.55899 > 88.198.67.125.80: tcp 0
> 14:32:31.397480 IP 88.198.67.125 > 17.209.4.71: ICMP 88.198.67.125 tcp port 
> 80 unreachable, length 72


My fault; just different telnet behaviors: I was using BSD telnet, which 
apparently kept
trying to connect. When I used linux telnet, it ends immediately. So no 
discrepancy there.

And I momentarily forgot the behavior of so-called "closed" ports (not blocked 
by
firewall, but nothing running on them... thought the packets were dropped). So 
assuming a
common firewall setup, it would appear the webserver is down.

For potential aid in comparing notes and diagnosing the problem, I'm attaching 
some
network information (whois and traceroute).

If no firewall rule at the remote site explains this, then I can only surmise 
that some
hop along the way is blocking the connections.

If, however, this is due to some rate-limiting rule at the end point, is that 
acceptable?
I don't know if ClamAV has a policy they ask their mirror hosts to adhere to, 
but if so,
would this constitute grounds for removal from the pool?

If not, then at this point, I'm guessing there's enough data here for the team 
to make a
decision one way or the other concerning this host. Even if removed, it can 
always be
re-added when the cause of this issue is tracked down and fixed.

At least concerning this issue, is there anything more to be done?

-- 
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bbu...@eecs.utk.edu
(865) 974-4694

WHOIS:
The University of Tennessee Health Science Center UTK-NET (NET-160-36-0-0-1) 
160.36.0.0 - 160.36.255.255
Various Registries (Maintained by ARIN) NET160 (NET-160-0-0-0-0) 160.0.0.0 - 
160.255.255.255

traceroute:
 1  chm01v150.ns.utk.edu (160.36.56.1)  0.383 ms  0.430 ms  0.371 ms
 2  10.8.2.30 (10.8.2.30)  0.605 ms  0.547 ms  0.477 ms
 3  bsm01v20.ns.utk.edu (160.36.128.133)  0.962 ms  0.967 ms  0.975 ms
 4  bhm01ge3-3.ns.utk.edu (160.36.2.74)  0.671 ms  0.940 ms  0.869 ms
 5  gi1-8.mpd01.atl04.atlas.cogentco.com (38.104.182.37)  6.564 ms  6.551 ms  
6.580 ms
 6  te0-1-0-1.mpd22.atl01.atlas.cogentco.com (154.54.3.169)  18.520 ms 
te0-1-0-1.ccr22.atl01.atlas.cogentco.com (154.54.6.121)  18.685 ms  18.603 ms
 7  te0-4-0-7.mpd22.dca01.atlas.cogentco.com (154.54.27.93)  18.552 ms 
te0-1-0-2.ccr22.dca01.atlas.cogentco.com (154.54.28.230)  18.521 ms 
te0-2-0-3.mpd22.dca01.atlas.cogentco.com (154.54.2.102)  18.642 ms
 8  te0-1-0-1.ccr22.iad02.atlas.cogentco.com (154.54.26.138)  19.529 ms 
te0-1-0-1.mpd22.iad02.atlas.cogentco.com (154.54.26.122)  19.656 ms 
te0-3-0-5.ccr22.iad02.atlas.cogentco.com (154.54.41.238)  19.922 ms
 9  te1-8.ccr02.iad01.atlas.cogentco.com (154.54.31.174)  19.450 ms 
te2-7.ccr02.iad01.atlas.cogentco.com (154.54.31.214)  19.676 ms 
te1-2.ccr02.iad01.atlas.cogentco.com (154.54.31.194)  19.713 ms
10  kpn.iad01.atlas.cogentco.com (154.54.10.242)  19.364 ms  19.434 ms  19.377 
ms
11  nyk-s2-rou-1021.US.eurorings.net (134.222.227.133)  26.53 ms  25.576 ms  
25.506 ms
12  nntr-s1-rou-1022.FR.eurorings.net (134.222.226.162)  101.182 ms  103.179 ms 
 101.83 ms
13  ffm-s1-rou-1022.DE.eurorings.net (134.222.229.30)  117.550 ms  117.294 ms  
117.393 ms
14  ffm-s1-rou-1021.DE.eurorings.net (134.222.228.85)  118.820 ms  116.595 ms  
118.851 ms
15  nbg-s1-rou-1001.DE.eurorings.net (134.222.225.26)  119.864 ms  120.319 ms  
120.34 ms
16  kpn-gw.hetzner.de (134.222.107.21)  121.689 ms  121.654 ms  121.642 ms
17  hos-bb2.juniper1.fs.hetzner.de (213.239.240.146)  122.426 ms 
hos-bb2.juniper2.rz14.hetzner.de (213.239.240.151)  123.412 ms  123.453 ms
18  hos-tr2.ex3k4.rz14.hetzner.de (213.239.224.165)  124.146 ms 
hos-tr1.ex3k4.rz14.hetzner.de (213.239.224.133)  128.706 ms  127.250 ms
19  mx00.akxnet.de (88.198.67.125)  122.800 ms  122.781 ms  122.707 ms

traceroute -n:
 1  160.36.56.1  0.456 ms  2.169 ms  2.226 ms
 2  10.8.2.30  7.586 ms  0.622 ms  0.563 ms
 3  160.36.128.133  0.541 ms  0.529 ms  0.566 ms
 4  160.36.2.74  0.594 ms  0.580 ms  0.630 ms
 5  38.104.182.37  6.674 ms  6.600 ms  6.551 ms
 6  154.54.3.169  18.612 ms 154.54.6.121  18.850 ms  19.305 ms
 7  154.54.3.66  18.513 ms 154.54.1.122  18.616 ms 154.54.27.97  18.489 ms
 8  154.54.30.126  19.643 ms 154.54.30.118  19.548 ms 154.54.7.158  19.570 ms
 9  154.54.31.214  19.513 ms 154.54.31.174  19.478 ms 154.54.31.234  19.504 ms
10  154.54.10.242  19.359 ms  19.324 ms  19.288 ms
11  134.222.227.133  42.719 ms  33.734 ms  32.88 ms
12  134.222.226.162  101.309 ms  101.216 ms  112.846 ms
13  134.222.231.145  118.146 ms  118.101 ms  118.99 ms
14  134.222.228.89  120.349 ms  118.313 ms  124.437 ms
15  134.222.225.26  119.494 ms  119.264 ms  119.573 ms
16  134.222.107.21  121.526 ms  121.521 ms  121.526 ms
17  213.239.240.146  122.320 ms 213.239.240.151  123.484 ms 213.239.240.146  
122.595 ms
18  213.239.224.229  126.177 ms 213.239.224.133  127.128 ms 213.239.224.197  
123.172 ms
19  88.198.67.125  122.857 ms  122.756 ms  122.780 ms

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [clamav-users] Yet Another US Mirror Issue

Reply via email to