Jump to content
DOSBODS
  • Welcome to DOSBODS

     

    DOSBODS is free of any advertising.

    Ads are annoying, and - increasingly - advertising companies limit free speech online. DOSBODS Forums are completely free to use. Please create a free account to be able to access all the features of the DOSBODS community. It only takes 20 seconds!

     

  • 0

Technical - intermittent networking problem


DTMark
 Share

Question

DTMark

Just looking for some suggestions as this has me stumped. Actually, I don't do this sort of support, because it's a nightmare, but I seem to have got sucked in to this and I'm intrigued..

Client in London. Their website is hosted in a DC in Manchester.

Periodically they can't access their own website. They can access everything else. Theirs just times out - it's a connection timeout rather than a website bug or database deadlock.

It's not DNS. A traceroute looks normal. The internet connectivity is not sporadic. Still nothing. For about half an hour, then it just starts working again.

Seemingly everyone else can access the site, just not the client. Throughout, it loads perfectly for me. I'm not in their office. All the machines in their office develop the same problem at the same time.

There's nothing like Active Directory involved here. Just a bunch of machines on one internet connection that cannot load one site and only that one (though I haven't tried every single website in the world to prove that).

The server does have active threat monitoring. Maybe it's that - their admin area is part of the same site. Maybe it thinks their access is suspect and locks them out for a while. This is my best theory. However the DC says not. Their fixed IP is whitelisted.

Turning the modem off and on again achieves nothing.

Next step is to disable the active threat monitoring however this only happens about 4 times a month and I don't want to leave that disabled in perpetuity to "see if that's probably what it was".

Any ideas..

 

Link to comment
Share on other sites

9 answers to this question

Recommended Posts

  • 0
DTMark

The DC have - finally - confirmed that this is indeed being caused by the active threat monitoring software and will whitelist the IP address.

  • Agree 1
Link to comment
Share on other sites

  • 0
DTMark

There's no VPN involved, the ISP connection has a fixed IP which is permissioned to access the back-end but which isn't needed for the customer site and that fails too at the same time. For them. Actually I did think to try configuring a VPN on one machine and accessing the site through that but the PC has had the Windows update which breaks VPNs, so no joy there.

It seems to be some sort of active block but where is a mystery.

Link to comment
Share on other sites

  • 0
spunko
Posted (edited)

@DTMark

Do they ever connect via SSH, is it via something simple like putty or some sort of proprietary software? If not the former, get them to try that first. Better to see if this issue affects only http/80 port or entire server. Try :21 or :22?

What is their server running? In 90% of cases like that from my experience if it's a LAMP server then their IP has been blocked by the firewall. You said it's been whitelisted, but if it's CSF for example then that'll only last for a bit I (which you mention). It needs to be added to ignore.csf which is permanent. I don't know about firewalld or any of the others but they all seem similar.

Edited by spunko
Link to comment
Share on other sites

  • 0
spunko

Also are you sure they're not using Cloudflare for DNS? You said it's not a DNS issue but just to be sure, they need to connect via a non-orange cloud address (ie skip out Cloudflare completely). It's amazing how OTT cloudflare can be sometimes. Could be if they're all repeatedly trying to connect, the DDOS stuff is kicking in.

Admittedly if that's the case it should show a Cloudflare error code, but worth checking anyway.

Link to comment
Share on other sites

  • 0
nirvana
Posted (edited)

What he said, I've seen issues like this before, it's nearly always DNS or a 'routing issue'......that's why I mentioned the VPN angle

have you compared the traceroute between working and non?

Last time I saw a similar issue was a mate using some VPN software on his tablet cos someone told him he should always use a VPN, but then he couldn't access his web cam or something on on his local LAN

Edited by nirvana
Link to comment
Share on other sites

  • 0
DTMark

No Cloudfare. Tracert is normal from client premises - ICMP is blocked so the last hop is the one before the server, at the DC.

When this last happened I temporarily opened up the access to all IPs on the server, and they were able to connect normally.

My suspicion still lies with the active threat monitoring on the web server itself. The DC does have some form here in that there have been two instances of problems with that in the past - the servers are 'managed' so they installed it.

Link to comment
Share on other sites

  • 0
DTMark

.. or some weird form of NAT that means that, randomly, the IP presented is not their fixed IP. Yet, whenever I've checked whatsmyip from a desktop there, it shows that the correct fixed IP is being presented. Something to do with IPv6 and NAT perhaps?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

  • 180 Best "Classic" Bond Film

    You do not have permission to vote in this poll, or see the poll results. Please sign in or register to vote in this poll.
  • Latest threads

×
×
  • Create New...