www.house.gov not reachable.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Appears to be slashdot effect. Is anyone able to reach it? $ traceroute-nanog www.house.gov traceroute to www.house.gov (143.228.144.184), 30 hops max, 40 byte packets 1 * * 192.168.1.1 (192.168.1.1) 0.694 ms 2 rrcs-24-43-96-129.west.biz.rr.com (24.43.96.129) 12.547 ms 14.746 ms 11.975 ms 3 cpe-24-30-162-209.socal.rr.com (24.30.162.209) 13.230 ms 10.382 ms 10.428 ms 4 tge4-0-2.lsanca4-rtr1.socal.rr.com (24.30.162.233) 15.257 ms 16.641 ms 19.161 ms 5 * * * 6 te-4-1.car1.Tustin1.Level3.net (4.71.104.157) 21.439 ms te-1-3.car1.Tustin1.Level3.net (4.79.140.37) 18.273 ms te-1-4.car1.Tustin1.Level3.net (4.79.140.1) 18.181 ms 7 ae-2-3.bar1.Tustin1.Level3.net (4.69.132.218) 20.702 ms 20.403 ms 17.741 ms 8 ae-6-6.ebr1.LosAngeles1.Level3.net (4.69.136.202) 21.904 ms 19.457 ms 17.880 ms 9 ae-81-81.csw3.LosAngeles1.Level3.net (4.69.137.10) 29.696 ms ae-71-71.csw2.LosAngeles1.Level3.net (4.69.137.6) 22.903 ms ae-61-61.csw1.LosAngeles1.Level3.net (4.69.137.2) 39.060 ms 10 ae-4-99.edge1.LosAngeles1.Level3.net (4.68.20.199) 19.504 ms ae-2-79.edge1.LosAngeles1.Level3.net (4.68.20.71) 24.409 ms ae-1-69.edge1.LosAngeles1.Level3.net (4.68.20.7) 20.251 ms 11 192.205.33.225 (192.205.33.225) 98.923 ms level3-gw.la2ca.ip.att.net (192.205.33.229) 18.833 ms 192.205.33.225 (192.205.33.225) 17.658 ms 12 tbr2.la2ca.ip.att.net (12.127.3.214) 84.049 ms 83.400 ms 82.004 ms 13 cr2.la2ca.ip.att.net (12.122.19.213) 87.134 ms 83.234 ms 83.367 ms 14 12.122.30.29 (12.122.30.29) 85.060 ms 83.920 ms 82.151 ms 15 cr2.dvmco.ip.att.net (12.122.30.26) 85.061 ms 82.887 ms 82.259 ms 16 * cr1.cgcil.ip.att.net (12.122.31.86) 83.637 ms 82.557 ms 17 cr1.cl2oh.ip.att.net (12.122.2.206) 82.341 ms 83.166 ms 84.391 ms 18 cr2.cl2oh.ip.att.net (12.122.2.126) 84.642 ms 84.020 ms 85.446 ms 19 cr2.phlpa.ip.att.net (12.122.2.210) 199.738 ms 81.896 ms 82.662 ms 20 cr1.wswdc.ip.att.net (12.122.4.54) 84.546 ms 82.374 ms 82.072 ms 21 12.123.10.1 (12.123.10.1) 85.794 ms 83.924 ms 82.481 ms 22 * * * 23 * * * 24 * * * 25 * * * regards, /virendra -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI4AbKpbZvCIJx1bcRAiCWAKDGEnwwlKkjtPp20/oBj+v4+XOw1wCg9VBr BnYN/jFjC4TEbzUdbytrWFY= =gAsi -----END PGP SIGNATURE-----
virendra rode wrote:
Appears to be slashdot effect. Is anyone able to reach it?
I don't have full diagnostic skills--it seems to server up a blank page. They apparently block ICMP as current best practice seems to require.
Trying 143.228.144.184... Connected to www.house.gov. Escape character is '^]'. GET / HTTP/1.0 . HTTP/1.1 200 OK Server: "USHR Webserver Ver 5.4.1" Date: Sun, 28 Sep 2008 22:43:33 GMT Content-type: text/html Connection: close <?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <head> <title>United States House of Representatives, 110th Congress, 2nd Session</title> having issues puling up via a browser though... On Sun, Sep 28, 2008 at 6:43 PM, Laurence F. Sheldon, Jr. <LarrySheldon@cox.net> wrote:
virendra rode wrote:
Appears to be slashdot effect. Is anyone able to reach it?
I don't have full diagnostic skills--it seems to server up a blank page.
They apparently block ICMP as current best practice seems to require.
_______________________________________________ outages mailing list outages@outages.org https://puck.nether.net/mailman/listinfo/outages
On Sep 28, 2008, at 18:45, Christian Koch wrote:
having issues puling up via a browser though...
I tried the same and it took a long time to return - perhaps exceeding a browser timeout. I think virendra called it - load problems. They can call me for an LVS cluster. ;) -Bill ----- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 bill@bfccomputing.com Cell: 603.252.2606 http://www.bfccomputing.com/ Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf
Bill McGonigle wrote:
On Sep 28, 2008, at 18:45, Christian Koch wrote:
having issues puling up via a browser though...
I tried the same and it took a long time to return - perhaps exceeding a browser timeout.
I think virendra called it - load problems.
They can call me for an LVS cluster. ;)
I guess there is some comfort that there are a few people interested in the $1.2T Giveaway Bill. Seems like there is a message in the readiness to serve area tho. I expect Obama's office to announce a solution momentarily. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs
Laurence F. Sheldon, Jr. wrote:
I guess there is some comfort that there are a few people interested in the $1.2T Giveaway Bill.
Seems like there is a message in the readiness to serve area tho. Comments to blog entry at http://gatewaypundit.blogspot.com/2008/09/pelosi-reid-corruptocrats-face-nat... says every site carrying the save-the-bankers-beemer bill is down.
I heard they posted the 700 Bn bail out bill online... -- Steve Equal bytes for women. On Sun, 28 Sep 2008, Laurence F. Sheldon, Jr. wrote:
Bill McGonigle wrote:
On Sep 28, 2008, at 18:45, Christian Koch wrote:
having issues puling up via a browser though...
I tried the same and it took a long time to return - perhaps exceeding a browser timeout.
I think virendra called it - load problems.
They can call me for an LVS cluster. ;)
I guess there is some comfort that there are a few people interested in the $1.2T Giveaway Bill.
Seems like there is a message in the readiness to serve area tho.
I expect Obama's office to announce a solution momentarily. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. Eppure si rinfresca
ICBM Targeting Information: http://tinyurl.com/4sqczs _______________________________________________ outages mailing list outages@outages.org https://puck.nether.net/mailman/listinfo/outages
On Sun, Sep 28, 2008 at 18:49, Bill McGonigle <flowerpt@gmail.com> wrote:
I think virendra called it - load problems.
I wonder if it's load or config issues. I get: "Bad Gateway" "The proxy server received an invalid response from an upstream server." when visiting speaker.house.gov. However judiciary.house.gov and clerk.house.gov come up fine. -Jim P.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Just found out, congress released their draft rescue plan on their website. Just wondering if the bill includes any $$$$ for load-balancers :-) regards, /virendra Christian Koch wrote:
Trying 143.228.144.184... Connected to www.house.gov. Escape character is '^]'. GET / HTTP/1.0
.
HTTP/1.1 200 OK Server: "USHR Webserver Ver 5.4.1" Date: Sun, 28 Sep 2008 22:43:33 GMT Content-type: text/html Connection: close
<?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head> <title>United States House of Representatives, 110th Congress, 2nd Session</title>
having issues puling up via a browser though...
On Sun, Sep 28, 2008 at 6:43 PM, Laurence F. Sheldon, Jr. <LarrySheldon@cox.net> wrote:
virendra rode wrote:
Appears to be slashdot effect. Is anyone able to reach it? I don't have full diagnostic skills--it seems to server up a blank page.
They apparently block ICMP as current best practice seems to require.
_______________________________________________ outages mailing list outages@outages.org https://puck.nether.net/mailman/listinfo/outages
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFI4AtdpbZvCIJx1bcRAkT+AJ4nY7zUprLeUTHHdGKKJiQ3uYOuMwCgqbFa hJlT0knbWF6XtGd+0a6byVA= =z/1S -----END PGP SIGNATURE-----
It's fine for me here ? [root@ipv6 /home/risnaini]# tcptraceroute -n www.house.gov Selected device rl0, address 202.159.33.33, port 51633 for outgoing packets Tracing the path to www.house.gov (143.228.144.184) on TCP port 80, 30 hops max 1 202.159.33.32 (202.159.33.32) 5.703 ms 9.893 ms 9.962 ms 2 202.53.251.145 (202.53.251.145) 9.961 ms 9.967 ms 9.990 ms 3 202.53.234.98 (202.53.234.98) 9.960 ms 9.976 ms 9.963 ms 4 118.91.224.226 (118.91.224.226) 9.977 ms 9.975 ms 9.986 ms 5 202.93.46.212 (202.93.46.212) 98.309 ms 124.895 ms 6.690 ms 6 157.130.195.13 (157.130.195.13) 189.902 ms 189.454 ms 188.222 ms 7 152.63.54.114 (152.63.54.114) 189.407 ms 188.027 ms 190.503 ms 8 152.63.48.6 (152.63.48.6) 190.383 ms 190.442 ms 191.152 ms 9 152.63.48.249 (152.63.48.249) 191.514 ms 191.047 ms 234.658 ms 10 192.205.34.185 (192.205.34.185) 264.976 ms 259.146 ms 355.663 ms 11 12.123.13.189 (12.123.13.189) 270.224 ms 270.228 ms 269.604 ms 12 12.122.19.17 (12.122.19.17) 270.191 ms 268.271 ms 270.759 ms 13 12.122.4.122 (12.122.4.122) 269.254 ms 269.937 ms 269.370 ms 14 12.122.2.206 (12.122.2.206) 268.567 ms 270.028 ms 271.254 ms 15 12.122.2.126 (12.122.2.126) 266.867 ms 269.245 ms 266.970 ms 16 12.122.2.210 (12.122.2.210) 269.768 ms 270.364 ms 270.227 ms 17 12.122.4.54 (12.122.4.54) 269.442 ms 269.510 ms 269.872 ms 18 12.123.10.1 (12.123.10.1) 268.465 ms 268.095 ms 269.004 ms 19 * * * 20 * * * 21 143.228.129.13 (143.228.129.13) 277.405 ms 277.642 ms 279.836 ms 22 * 143.228.130.2 (143.228.130.2) 279.245 ms 279.561 ms 23 * * * 24 * * * 25 143.228.144.184 (143.228.144.184) [open] 278.100 ms 278.582 ms 288.544 ms Christian Koch wrote:
Trying 143.228.144.184... Connected to www.house.gov. Escape character is '^]'. GET / HTTP/1.0
.
HTTP/1.1 200 OK Server: "USHR Webserver Ver 5.4.1" Date: Sun, 28 Sep 2008 22:43:33 GMT Content-type: text/html Connection: close
<?xml version="1.0" encoding="iso-8859-1"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head> <title>United States House of Representatives, 110th Congress, 2nd Session</title>
having issues puling up via a browser though...
On Sun, Sep 28, 2008 at 6:43 PM, Laurence F. Sheldon, Jr. <LarrySheldon@cox.net> wrote:
virendra rode wrote:
Appears to be slashdot effect. Is anyone able to reach it? I don't have full diagnostic skills--it seems to server up a blank page.
They apparently block ICMP as current best practice seems to require.
_______________________________________________ outages mailing list outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ outages mailing list outages@outages.org https://puck.nether.net/mailman/listinfo/outages
I heard Al Gore had to be called in. :) Robert D. Scott Robert@ufl.edu Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Receptionist University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -----Original Message----- From: outages-bounces@outages.org [mailto:outages-bounces@outages.org] On Behalf Of Laurence F. Sheldon, Jr. Sent: Sunday, September 28, 2008 8:44 PM Cc: outages@outages.org Subject: Re: [outages] www.house.gov not reachable. a. rahman isnaini r.sutan wrote:
It's fine for me here ?
Obama must have fixed it. The page loads here now. _______________________________________________ outages mailing list outages@outages.org https://puck.nether.net/mailman/listinfo/outages
On Sun, 28 Sep 2008 17:43:00 CDT, "Laurence F. Sheldon, Jr." said:
They apparently block ICMP as current best practice seems to require.
Ahem. Who said "block ICMP' is BCP? Yes, there's some ICMP things that you probably *should* block if they're to/from untrusted sources, but in particular, host/net unreachable ICMP shouldn't be blocked, and the next site I catch blocking 'Frag Needed' I'm gonna get on a plane and re-educate them with a clue-by-four regarding what they're doing to PMTUD.
----- "Valdis Kletnieks" <Valdis.Kletnieks@vt.edu> wrote:
On Sun, 28 Sep 2008 17:43:00 CDT, "Laurence F. Sheldon, Jr." said:
They apparently block ICMP as current best practice seems to require.
Ahem. Who said "block ICMP' is BCP? Yes, there's some ICMP thingsthat you probably *should* block if they're to/from untrusted sources, butin particular, host/net unreachable ICMP shouldn't be blocked, and thenext site I catch blocking 'Frag Needed' I'm gonna get on a plane and re-educate them with a clue-by-four regarding what they're doing to PMTUD.
The Department Of Homeland Insecurity will put you on their no-route list if they catch you trying to sneak a clue-by-four onto a plane, Valdis. Cheers, -- jra -- Jay R. Ashworth Baylink jra@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)
Valdis.Kletnieks@vt.edu wrote:
On Sun, 28 Sep 2008 17:43:00 CDT, "Laurence F. Sheldon, Jr." said:
They apparently block ICMP as current best practice seems to require.
Ahem. Who said "block ICMP' is BCP? Yes, there's some ICMP things that you probably *should* block if they're to/from untrusted sources, but in particular, host/net unreachable ICMP shouldn't be blocked, and the next site I catch blocking 'Frag Needed' I'm gonna get on a plane and re-educate them with a clue-by-four regarding what they're doing to PMTUD.
I wouldn't say it's "best" practice, but it's "common" practice to drop all ICMP traffic. When I worked for a government contractor a few years ago, we had to fight tooth and nail for them to enable 'Frag Needed' and 'Destination Unreachable' on as many routers/firewalls as possible. Those changes were needed just so we could get to the point of figuring out _why_ the network was broken. Almost every cisco router or firewall I saw on a government network control started with "any any drop" rule, and ICMP never had an "accept" rule. Best practice says drop everything and permit what you need, most people don't realize how critical ICMP is. It's been a few years since the "ping death" scares of 1997, do we really need to stop dropping any ICMP traffic anymore? My home internet connection (AT&T DSL) drops not only ICMP Echo, but traceroute requests as well. I understand that some saturated connections don't want ICMP Echo requests going through, but in this age of fast processors in routers we could rate limit instead of drop. It's hard to determine an outage is an outage when you can't perform basic connectivity tests. -Carl
Carl Perry <caperry@edolnx.net> writes:
It's been a few years since the "ping death" scares of 1997, do we really need to stop dropping any ICMP traffic anymore?
I used to routinely drop ICMP from outside (at a different employer) because of the use at the time of ICMP as a covert communications channel by Loki and similar malware. ICMP messages were (are) also very useful for mapping services on a network. This was before "stateful" packet inspection on ICMP was commonplace, and before ICMP traffic could be selectively blocked by type. -- Jim Goltz <jgoltz@mail.nih.gov>
On Sep 29, 2008, at 13:36, Carl Perry wrote:
I understand that some saturated connections don't want ICMP Echo requests going through
Wouldn't you specifically want source quenches to go through in this case?
It's hard to determine an outage is an outage when you can't perform basic connectivity tests.
The choir concurs. :) -Bill ----- Bill McGonigle, Owner Work: 603.448.4440 BFC Computing, LLC Home: 603.448.1668 bill@bfccomputing.com Cell: 603.252.2606 http://www.bfccomputing.com/ Page: 603.442.1833 Blog: http://blog.bfccomputing.com/ VCard: http://bfccomputing.com/vcard/bill.vcf
Valdis.Kletnieks@vt.edu wrote:
On Sun, 28 Sep 2008 17:43:00 CDT, "Laurence F. Sheldon, Jr." said:
They apparently block ICMP as current best practice seems to require.
Ahem. Who said "block ICMP' is BCP? Yes, there's some ICMP things that you probably *should* block if they're to/from untrusted sources, but in particular, host/net unreachable ICMP shouldn't be blocked, and the next site I catch blocking 'Frag Needed' I'm gonna get on a plane and re-educate them with a clue-by-four regarding what they're doing to PMTUD.
I've been inactive in the racket for a while but personally think blocking any ICMP from or to people you want to talk to is a mistake, but last I heard just about everybody was telling me to block _some_ ICMP or other for some mythical reason o other. And the more expensive consultants (considering TCO) and most of the "firewall" experts were telling me to block them all. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs
Laurence F. Sheldon, Jr. wrote:
I've been inactive in the racket for a while but personally think blocking any ICMP from or to people you want to talk to is a mistake, but last I heard just about everybody was telling me to block _some_ ICMP or other for some mythical reason o other.
And the more expensive consultants (considering TCO) and most of the "firewall" experts were telling me to block them all.
And occurs to me now that there are one or two places that operate routers in RFC 1918 space and some that will not pass traffic that is sourced in RFC1918 space. -- Requiescas in pace o email Two identifying characteristics of System Administrators: Ex turpi causa non oritur actio Infallibility, and the ability to learn from their mistakes. Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs
participants (12)
-
a. rahman isnaini r.sutan -
Bill McGonigle -
Carl Perry -
Christian Koch -
Goltz, Jim (NIH/CIT) [E] -
Jay R. Ashworth -
Jim Popovitch -
Laurence F. Sheldon, Jr. -
Robert D. Scott -
Steve Pirk -
Valdis.Kletnieks@vt.edu -
virendra rode