|
4 Dec 2002, 21:59
|
#1
|
Registered User
Join Date: Jul 2002
Location: U.S.
Posts: 28
|
Certain websites are unreachable on network comps
Hey guys
Im having a bit of a problem here. For some reason all computers on a large network can not ping or in any other way rich a few websites (e.g. yahoo.com) even though they are reachable outside the network. I dont know how it was done (and who did it) or how to fix it. Any help would be appreciated.
__________________
do not let anyone decieve you with the legitimization of their myth
|
|
|
4 Dec 2002, 22:05
|
#2
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
You admin could have disabled/blocked the ICMP (which contains ping) protocol on your firewall. Which is relatively easy since it all runs over a specific port.
__________________
"Yay"
|
|
|
4 Dec 2002, 22:06
|
#3
|
Born Sinful
Join Date: Nov 2000
Location: Loughborough, UK
Posts: 4,059
|
Sounds like a DNS problem to me.
Try pinging the IP of Yahoo.com (64.58.76.176) and see what happens. You can also try going to it as http://64.58.76.176.
__________________
Worth dying for. Worth killing for. Worth going to hell for. Amen.
|
|
|
5 Dec 2002, 10:39
|
#4
|
Registered User
Join Date: Mar 2001
Posts: 205
|
Quote:
Originally posted by Structural Integrity
You admin could have disabled/blocked the ICMP (which contains ping) protocol on your firewall. Which is relatively easy since it all runs over a specific port.
|
what port does it listen on ? i wnat to block it on my firewall
__________________
#linux - home of idiots
#impulsed - home of genius..?
|
|
|
5 Dec 2002, 11:20
|
#5
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
"iptables -A INPUT -p icmp --icmp-type ping -j DROP" is what I use in my firewall script.
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
5 Dec 2002, 11:58
|
#6
|
Registered User
Join Date: Mar 2001
Posts: 205
|
Quote:
Originally posted by Gayle28uk
"iptables -A INPUT -p icmp --icmp-type ping -j DROP" is what I use in my firewall script.
|
ping is an icmp type ?
sorry, nitpicking
but s-i gave the impression that icmp listened the same sort of way that tcp/udp over ip do..
__________________
#linux - home of idiots
#impulsed - home of genius..?
|
|
|
5 Dec 2002, 12:52
|
#7
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
Quote:
Originally posted by Slidey
ping is an icmp type ?
sorry, nitpicking
but s-i gave the impression that icmp listened the same sort of way that tcp/udp over ip do..
|
Not as far as I know it doesn't, there's no port you can block to stop just pings. Blocking port 4444(?) will stop all ICMP data, not just pings. My iptables command should drop all ping requests while allowing other ICMP protocols through
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
6 Dec 2002, 02:30
|
#8
|
/dev/zero Retired Mod
Join Date: May 2000
Posts: 415
|
Quote:
Originally posted by Gayle28uk
Not as far as I know it doesn't, there's no port you can block to stop just pings. Blocking port 4444(?) will stop all ICMP data, not just pings. My iptables command should drop all ping requests while allowing other ICMP protocols through
|
Forgive my ignorance, but I thought ports were an invention of TCP, how would blocking a particular port affect transmission of ICMP data?
__________________
#linux : Home of Genius
<idimmu> ok i was chained to a desk with this oriental dude
|
|
|
6 Dec 2002, 07:44
|
#9
|
Registered User
Join Date: Aug 2000
Location: UK
Posts: 228
|
Sounds more like a routing or firewall issue.
__________________
<DrNick> hey i've been playing pa for ages and i know lots of people who bathe with 6 busty babes
<breeze|away> i agree about mang tho .. he is our mentor of perviness
R4: 48:25:13, 2E5 HC R5: n00b
R6: 3:10:1 Mangor, The Daddy
R7: 3:3:11 Retired
R8: c43 Finally free
PAX: 3:7:9 The Mentor of Perviness
|
|
|
6 Dec 2002, 10:28
|
#10
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
Quote:
Originally posted by MT
Forgive my ignorance, but I thought ports were an invention of TCP, how would blocking a particular port affect transmission of ICMP data?
|
No, forgive MY ignorance. Apparently I was talking ****e and you are indeed correct. I should have posted the iptables command and left it at that, at least I know that works
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
6 Dec 2002, 10:52
|
#11
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
My bad.... ICMP lies directly on IP, not on TCP/UDP, so it doesn't use a port. (I should think before I post)
anyway, yes, ICMP can be blocked by firewalls.
__________________
"Yay"
|
|
|
6 Dec 2002, 11:28
|
#12
|
Registered User
Join Date: Mar 2001
Posts: 205
|
indeed you should
i wish people would think before they start posting technical information as to whether they know that information is true, or whether they're making it up...
__________________
#linux - home of idiots
#impulsed - home of genius..?
|
|
|
6 Dec 2002, 11:36
|
#13
|
Bitch
Join Date: Jun 2002
Location: North Yorkshire
Posts: 3,848
|
Quote:
Originally posted by Slidey
indeed you should
i wish people would think before they start posting technical information as to whether they know that information is true, or whether they're making it up...
|
My iptables bit was right
I just got the rest wrong
__________________
ACHTUNG!!!
Das machine is nicht fur gefingerpoken und mittengrabben. Ist easy
schnappen der springenwerk, blowenfusen und corkenpoppen mit
spitzensparken. Ist nicht fur gewerken by das dummkopfen. Das
rubbernecken sightseeren keepen hands in das pockets. Relaxen und vatch
das blinkenlights!!!
|
|
|
6 Dec 2002, 11:44
|
#14
|
Rawr rawr
Join Date: Dec 2000
Location: Upside down
Posts: 5,300
|
Quote:
Originally posted by Slidey
indeed you should
i wish people would think before they start posting technical information as to whether they know that information is true, or whether they're making it up...
|
=/
I've indulged myself in the TCP/IP stack for such a long time I didn't find it nescesary to check this. Also I presumed that it was a port block since my firewall had it listed under "wel known ports" for blocks. So I found it obvious it was a port block.
I made a mistake, mmkay!
__________________
"Yay"
|
|
|
|
All times are GMT +1. The time now is 11:42.
| |