alphaomega Posted March 26, 2015 Share Posted March 26, 2015 Something on my network seems miscofigured? And I can't seem to find out what the issue is. My ISP recently doubled my speed and all appeared well until I attempted to access forums(dot)androidcentral(dot)com. I can't ping the site and a traceroute does not complete sucessfully. In order to accomodate the new speeds I was supposed to upgrade my cable modem. I had just swapped out my old cable modem with a newer one a few days before I got the notice so I called the number to order the new cable modem and asked if I still needed to order yet another new cable modem and was told yes. Did some research on the new cable modem I just got and it is supposed to be able to accomodate the new speeds (50 Mbps down). The new cable modem is a Surfboard Model Name: SB6141 which has a built in dhcp server with no option to disable. I then contacted tech support to double check if I actually needed to upgrade the modem yet again seeing is the new cable modem I just got was supposed to be able to handle the new speeds. Was told that I did not actually need to order yet another cable modem since the one I have now can handle the new speeds. The cable modem was provisioned for the new speeds and all was well except when I tried to access that one site (was wanting to read a thread there). network setup is like this: coax-cable-in --> surfboard-cable-modem --> belkin-n300-router --> wired-machine. I checked if the site was down for everyone or just me and it said the site was up and it was just me. I can get to the site if I go to it using a site like anonymouse.org. temporarily changed my network setup like this: coax-cable-in --> surfboard-cable-modem --> wired-machine. and I could get to the site without a problem. switched back to my original setup and started looking through the router settings and noticed this in the security log. **Smurf** 192.168.1.118->> 192.230.66.0, Type:8, Code:0 (from LAN Inbound) This happens when I try to ping the site. **Smurf** 192.230.66.0, 80->> 192.168.1.118, 54246 (from WAN Inbound) This happens when I try to go to the site in the browser. 192(dot)230(dot)66(dot)0 is the ip address I get for forums(dot)androidcentral(dot)com. If I turn off the firewall in the router I can get to the site but that is not something I want to do. Does anyone have any ideas what might possibly be the problem? If there is any other information I can provide to help isolate the issue just ask and will try to provide it. All I know is I don't know what the problem is exactly. Thanks in advance for reading all this mumbo jumbo. Quote Link to comment Share on other sites More sharing options...
abarbarian Posted March 26, 2015 Share Posted March 26, 2015 (edited) I'd tell the smurfs mother to keep her child under control. Sorry I could not resist.Afraid I can offer no good advice, best of luck.Impressed with your bug tracking though. Edited March 26, 2015 by abarbarian Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 26, 2015 Share Posted March 26, 2015 Yes, your modem is just fine since it is DOCSIS 3.0 and "capable of up to 343 Mbps and upload speeds up to 131 Mbps based on Cable provider service" http://www.amazon.co...d/dp/B007IMPMW4 Oddly enough, smurf is the name of DDOS attack https://en.wikipedia...ki/Smurf_attack Type 8 Code 0 Echo Request (ping) - means the site sends you a packet, which should be directly replied with an echo reply http://www.networkso...otocol/icmp.htm Make sure you are not blocking ping requests in you router's NAT firewall. Usually this isn't a problem but http://forums.androidcentral.com/ is trying to ping you back when you visit. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted March 26, 2015 Author Share Posted March 26, 2015 Yes, your modem is just fine since it is DOCSIS 3.0 and "capable of up to 343 Mbps and upload speeds up to 131 Mbps based on Cable provider service" http://www.amazon.co...d/dp/B007IMPMW4 Oddly enough, smurf is the name of DDOS attack https://en.wikipedia...ki/Smurf_attack Type 8 Code 0 Echo Request (ping) - means the site sends you a packet, which should be directly replied with an echo reply http://www.networkso...otocol/icmp.htm Make sure you are not blocking ping requests in you router's NAT firewall. Usually this isn't a problem but http://forums.androidcentral.com/ is trying to ping you back when you visit. The belkin router has an option to block wan pings and when I turn that off I am still seeing the the smurfs in the logs and cannot get to the site. Turned off the firewall on the machine and still could not get to the site. Turned the firewall on the machine back on. Turned off the firewall on the belkin router and I can get the the site with wan pings blocked and not blocked. No smurfs in the logs. So it looks like it is the routers firewall that is blocking the "smurfs" and not allowing me to get to the site with the firewall on. It's probably not a good idea to turn off the firewall in the router. I do not see any options to alter the firewall rules in the router. I'm confused and not sure what else (if anything) I can try. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 26, 2015 Share Posted March 26, 2015 That is pretty odd... sorry I am not for sure why that is happening but it has to be a setting in your nat firewall. Can you take a screenshot of the settings? Quote Link to comment Share on other sites More sharing options...
alphaomega Posted March 26, 2015 Author Share Posted March 26, 2015 with the firewall on the router off, firewall on the computer on, and wan pings blocked. # traceroute forums.androidcentral.com traceroute to forums.androidcentral.com (192.230.66.0), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 0.253 ms 0.258 ms 0.252 ms 2 * * * 3 24.28.133.145 (24.28.133.145) 31.603 ms 31.603 ms 41.615 ms 4 agg50.snavtxuu01r.texas.rr.com (24.175.33.176) 21.911 ms 22.910 ms 23.069 ms 5 agg11.snavtxuu02r.texas.rr.com (24.175.32.214) 22.696 ms agg24.snantxvy01r.texas.rr.com (24.175.32.216) 23.045 ms agg11.snavtxuu02r.texas.rr.com (24.175.32.214) 22.815 ms 6 agg23.dllatxl301r.texas.rr.com (24.175.32.146) 26.870 ms 23.458 ms 22.430 ms 7 bu-ether26.hstqtx0209w-bcr00.tbone.rr.com (66.109.6.54) 23.465 ms 23.364 ms 23.366 ms 8 0.ae4.pr1.dfw10.tbone.rr.com (107.14.19.97) 28.641 ms bu-ether12.dllstx976iw-bcr00.tbone.rr.com (66.109.6.39) 28.662 ms 28.584 ms 9 0.ae1.pr1.dfw10.tbone.rr.com (107.14.17.234) 26.854 ms ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 26.740 ms 26.745 ms 10 ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 25.206 ms 26.589 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 23.017 ms 11 ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 21.238 ms ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 29.019 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 27.954 ms 12 * ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 26.776 ms * 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * # traceroute -T forums.androidcentral.com traceroute to forums.androidcentral.com (192.230.66.0), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 0.250 ms 0.321 ms 0.329 ms 2 * * * 3 24.28.133.145 (24.28.133.145) 28.064 ms 29.077 ms 29.036 ms 4 agg50.snavtxuu01r.texas.rr.com (24.175.33.176) 25.095 ms 26.239 ms 26.257 ms 5 agg24.snantxvy01r.texas.rr.com (24.175.32.216) 26.264 ms agg11.snavtxuu02r.texas.rr.com (24.175.32.214) 25.863 ms 25.960 ms 6 agg23.dllatxl301r.texas.rr.com (24.175.32.146) 33.816 ms agg23.hstqtxl301r.texas.rr.com (24.175.32.156) 17.896 ms 25.318 ms 7 bu-ether26.hstqtx0209w-bcr00.tbone.rr.com (66.109.6.54) 26.700 ms bu-ether44.dllstx976iw-bcr00.tbone.rr.com (107.14.19.92) 28.911 ms 28.943 ms 8 bu-ether22.dllstx976iw-bcr00.tbone.rr.com (107.14.19.216) 30.582 ms 0.ae1.pr1.dfw10.tbone.rr.com (107.14.17.234) 29.051 ms bu-ether12.dllstx976iw-bcr00.tbone.rr.com (66.109.6.39) 30.305 ms 9 0.ae2.pr1.dfw10.tbone.rr.com (107.14.17.236) 28.929 ms ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 28.518 ms 0.ae4.pr1.dfw10.tbone.rr.com (107.14.19.97) 70.794 ms 10 ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 27.407 ms 27.515 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 19.859 ms 11 ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 21.960 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 30.323 ms 29.195 ms 12 ae-0.incapsula.dllstx04.us.bb.gin.ntt.net (129.250.204.182) 28.973 ms ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 29.573 ms 29.387 ms 13 192.230.66.0 (192.230.66.0) 29.266 ms 29.196 ms ae-0.incapsula.dllstx04.us.bb.gin.ntt.net (129.250.204.182) 26.604 ms That is pretty odd... sorry I am not for sure why that is happening but it has to be a setting in your nat firewall. Can you take a screenshot of the settings? The router firewall only has an enable/disable option with the following notes: Your Router is equipped with a firewall that will protect your network from a wide array of common hacker attacks including Ping of Death (PoD) and Denial of Service (DoS) attacks. You can turn the firewall function off if needed. Turning off the firewall protection will not leave your network completely vulnerable to hacker attacks, but it is recommended that you turn the firewall on whenever possible. Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 26, 2015 Share Posted March 26, 2015 Wow, so no Firewall options? Quote Link to comment Share on other sites More sharing options...
alphaomega Posted March 26, 2015 Author Share Posted March 26, 2015 (edited) Wow, so no Firewall options? None that I can see. At one point I tried adding my machine to the DMZ and I could not get any response from a traceroute. Every hop timed out with no response. I have another router (wrt 54g) that I am going to try and see if I have better luck with. Not sure If I'll have time as a family emergency came up. edit: and yet another thing I notice with my download speeds. If the router firewall in on I'm getting around 10-15Mbps down. If the router firewall is off I'm getting around 35-45Mbps down. I'm going to switch routers and see what happens. edit2: another possibility is to see about ordering the cable modem w/built in router they originally said I needed to order for the new speeds and fork over some additional fees to turn on wi-fi access on my account (taking my router out of the equation). Edited March 26, 2015 by alphaomega Quote Link to comment Share on other sites More sharing options...
alphaomega Posted March 26, 2015 Author Share Posted March 26, 2015 (edited) I switched out the belkin n300 for the linksys wrt54g. I am now seeing the download speeds I should be seeing (edit 2: Well that did not last long. I am back to seeing about 1/2 down what I should be) and I can get to the site in question without issue. traceroute from the router: traceroute to forums.androidcentral.com (192.230.66.0) ,30 hops max,40 byte packet 1 173.174.240.1 (173.174.240.1) 20. 0 ms 10. 0 ms 10. 0 ms 2 24.28.134.209 (24.28.134.209) 40. 0 ms 30. 0 ms 20. 0 ms 3 24.175.33.176 (24.175.33.176) 10. 0 ms 10. 0 ms 10. 0 ms 4 24.175.32.214 (24.175.32.214) 10. 0 ms 10. 0 ms 10. 0 ms 5 24.175.32.156 (24.175.32.156) 10. 0 ms 10. 0 ms 20. 0 ms 6 66.109.6.108 (66.109.6.108) 20. 0 ms 20. 0 ms 20. 0 ms 7 107.14.19.218 (107.14.19.218) 20. 0 ms 20. 0 ms 20. 0 ms 8 107.14.19.97 (107.14.19.97) 20. 0 ms 20. 0 ms 20. 0 ms 9 66.110.57.97 (66.110.57.97) 20. 0 ms 20. 0 ms 20. 0 ms 10 129.250.9.193 (129.250.9.193) 20. 0 ms 30. 0 ms 10. 0 ms 11 129.250.2.209 (129.250.2.209) 20. 0 ms 20. 0 ms 20. 0 ms 12 129.250.204.182 (129.250.204.182) 20. 0 ms * 20. 0 ms 13 192.230.66.0 (192.230.66.0) 10. 0 ms 30. 0 ms 20. 0 ms Traceroute Complete. Something tells me there was something wrong in the belkin's firewall settings (which I cannot chage) that is thinking legtimate traffic to/from that site is getting flagged as a smurf attack (belkin router firmware is up to date). Who knows? I'll see how it goes for now... edit: traceroutes from the computer: # traceroute forums.androidcentral.com traceroute to forums.androidcentral.com (192.230.66.0), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 3.480 ms 3.668 ms 3.917 ms 2 * * * 3 tge1-0-0.snantx3500-10k1.satx.rr.com (24.28.134.209) 35.226 ms 36.201 ms 36.562 ms 4 agg50.snavtxuu01r.texas.rr.com (24.175.33.176) 23.582 ms 24.920 ms 25.125 ms 5 agg24.snantxvy01r.texas.rr.com (24.175.32.216) 24.462 ms 30.497 ms agg11.snavtxuu02r.texas.rr.com (24.175.32.214) 29.288 ms 6 agg23.hstqtxl301r.texas.rr.com (24.175.32.156) 36.579 ms agg23.dllatxl301r.texas.rr.com (24.175.32.146) 25.044 ms 35.073 ms 7 bu-ether16.hstqtx0209w-bcr00.tbone.rr.com (66.109.6.108) 27.587 ms bu-ether14.dllstx976iw-bcr00.tbone.rr.com (66.109.6.88) 35.437 ms 35.185 ms 8 0.ae4.pr1.dfw10.tbone.rr.com (107.14.19.97) 33.178 ms 33.355 ms 33.554 ms 9 ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 34.205 ms 33.714 ms 0.ae2.pr1.dfw10.tbone.rr.com (107.14.17.236) 32.795 ms 10 ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 30.920 ms 33.851 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 19.797 ms 11 ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 25.945 ms ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 31.707 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 27.833 ms 12 ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 29.502 ms * 29.765 ms 13 * * * 14 * * * 15 * * * 16 * * * 17 * * * 18 * * * 19 * * * 20 * * * 21 * * * 22 * * * 23 * * * 24 * * * 25 * * * 26 * * * 27 * * * 28 * * * 29 * * * 30 * * * # traceroute -T forums.androidcentral.com traceroute to forums.androidcentral.com (192.230.66.0), 30 hops max, 60 byte packets 1 gateway (192.168.1.1) 5.961 ms 5.595 ms 5.468 ms 2 * * * 3 tge1-0-0.snantx3500-10k1.satx.rr.com (24.28.134.209) 36.516 ms 36.250 ms 35.283 ms 4 agg50.snavtxuu01r.texas.rr.com (24.175.33.176) 25.604 ms 25.352 ms 25.109 ms 5 agg11.snavtxuu02r.texas.rr.com (24.175.32.214) 24.918 ms agg24.snantxvy01r.texas.rr.com (24.175.32.216) 37.287 ms 37.025 ms 6 agg23.hstqtxl301r.texas.rr.com (24.175.32.156) 41.739 ms 35.521 ms agg23.dllatxl301r.texas.rr.com (24.175.32.146) 38.729 ms 7 bu-ether14.dllstx976iw-bcr00.tbone.rr.com (66.109.6.88) 35.378 ms 22.567 ms 42.288 ms 8 bu-ether12.dllstx976iw-bcr00.tbone.rr.com (66.109.6.39) 39.987 ms 0.ae2.pr1.dfw10.tbone.rr.com (107.14.17.236) 41.761 ms bu-ether12.dllstx976iw-bcr00.tbone.rr.com (66.109.6.39) 34.846 ms 9 ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 31.715 ms 0.ae1.pr1.dfw10.tbone.rr.com (107.14.17.234) 36.694 ms ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 31.394 ms 10 ix-23-0.tcore2.DT8-Dallas.as6453.net (66.110.57.97) 31.163 ms 29.014 ms ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 42.201 ms 11 ae-7.r07.dllstx09.us.bb.gin.ntt.net (129.250.9.193) 41.593 ms 27.291 ms 23.899 ms 12 ae-3.r01.dllstx04.us.bb.gin.ntt.net (129.250.2.209) 29.314 ms 28.806 ms ae-0.incapsula.dllstx04.us.bb.gin.ntt.net (129.250.204.182) 28.222 ms 13 192.230.66.0 (192.230.66.0) 23.722 ms 24.591 ms 30.562 ms Running speedtests from the tablet: The app I use for speedtests gives me around 12Mbps down. Running a speedtest from Ookla gives me around 180Mbps down. Running a speedtest from Speakeasy gives me around 80Mbps up/down. LOL I should be getting 50Mbps down / 5 Mbps up. Arrgh. What is going on? Edited March 27, 2015 by alphaomega Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted March 27, 2015 Share Posted March 27, 2015 The first thing I see right away here is that you're NOT leaving your own local network when you attempt to ping/traceroute the android site. An IP addy of 192.x.x.x is a local address on your own network. It is NOT the IP of the forums.androidcentral.com, which is actually... [size=4]vtel57@ericsbane06~:$ ping -c3 forums.androidcentral.com[/size] PING iolqy.x.incapdns.net (199.83.135.0) 56(84) bytes of data. 64 bytes from 199.83.135.0: icmp_seq=1 ttl=57 time=39.2 ms 64 bytes from 199.83.135.0: icmp_seq=2 ttl=57 time=40.0 ms 64 bytes from 199.83.135.0: icmp_seq=3 ttl=57 time=38.8 ms [size=4]vtel57@ericsbane06~:$ whois 199.83.135.0[/size] # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # http://www.arin.net/public/whoisinaccuracy/index.xhtml # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=199.83.135.0?showDetails=true&showARIN=false&ext=netref2 # NetRange: 199.83.128.0 - 199.83.135.255 CIDR: 199.83.128.0/21 NetName: INCAPSULA NetHandle: NET-199-83-128-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Assignment OriginAS: AS19551 Organization: Incapsula Inc (INCAP-5) RegDate: 2011-01-14 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-199-83-128-0-1 OrgName: Incapsula Inc OrgId: INCAP-5 Address: 3500 SOUTH DUPONT HIGHWAY City: Dover StateProv: DE PostalCode: 19901 Country: US RegDate: 2010-09-15 Updated: 2014-06-12 Ref: http://whois.arin.net/rest/org/INCAP-5 OrgNOCHandle: INCAP2-ARIN OrgNOCName: Incapsula Operations OrgNOCPhone: +1-866-250-7659 OrgNOCEmail: ip@incapsula.com OrgNOCRef: http://whois.arin.net/rest/poc/INCAP2-ARIN OrgAbuseHandle: INCAP1-ARIN OrgAbuseName: Incapsula AbuseDesk OrgAbusePhone: +1-866-250-7659 OrgAbuseEmail: abuse@incapsula.com OrgAbuseRef: http://whois.arin.net/rest/poc/INCAP1-ARIN OrgTechHandle: INCAP2-ARIN OrgTechName: Incapsula Operations OrgTechPhone: +1-866-250-7659 OrgTechEmail: ip@incapsula.com OrgTechRef: http://whois.arin.net/rest/poc/INCAP2-ARIN OrgTechHandle: BRONS9-ARIN OrgTechName: Bronstein, Tomer OrgTechPhone: +1-866-250-7659 OrgTechEmail: tomer@incapsula.com OrgTechRef: http://whois.arin.net/rest/poc/BRONS9-ARIN Your issue is with that Belkin router, I believe. 2 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted March 27, 2015 Share Posted March 27, 2015 Well you have to understand that speed tests will be different depending on the server you select to test on. That and not all files will download at the same speed as this not only depends on your speed but also the speed of the server/website you are downloading from. For instance, I get 120mbps download on speedtest sites when I choose a close server but I rarely get anywhere close to that speed on actual downloads. Also I agree with Eric, your traceroute shows your not even leaving your own network (192.168.x.x) and it sounds like the problem may be your router. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted March 27, 2015 Author Share Posted March 27, 2015 [quote name='V.T. Eric Layton' timestamp='1427417117' post='419155'] The first thing I see right away here is that you're NOT leaving your own local network when you attempt to ping/traceroute the android site. An IP addy of 192.x.x.x is a local address on your own network. It is NOT the IP of the forums.androidcentral.com, which is actually... [code][size=4]vtel57@ericsbane06~:$ ping -c3 forums.androidcentral.com[/size] PING iolqy.x.incapdns.net (199.83.135.0) 56(84) bytes of data. 64 bytes from 199.83.135.0: icmp_seq=1 ttl=57 time=39.2 ms 64 bytes from 199.83.135.0: icmp_seq=2 ttl=57 time=40.0 ms 64 bytes from 199.83.135.0: icmp_seq=3 ttl=57 time=38.8 ms [/code] [code][size=4]vtel57@ericsbane06~:$ whois 199.83.135.0[/size] # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # http://www.arin.net/public/whoisinaccuracy/index.xhtml # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=199.83.135.0?showDetails=true&showARIN=false&ext=netref2 # NetRange: 199.83.128.0 - 199.83.135.255 CIDR: 199.83.128.0/21 NetName: INCAPSULA NetHandle: NET-199-83-128-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Assignment OriginAS: AS19551 Organization: Incapsula Inc (INCAP-5) RegDate: 2011-01-14 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-199-83-128-0-1 OrgName: Incapsula Inc OrgId: INCAP-5 Address: 3500 SOUTH DUPONT HIGHWAY City: Dover StateProv: DE PostalCode: 19901 Country: US RegDate: 2010-09-15 Updated: 2014-06-12 Ref: http://whois.arin.net/rest/org/INCAP-5 OrgNOCHandle: INCAP2-ARIN OrgNOCName: Incapsula Operations OrgNOCPhone: +1-866-250-7659 OrgNOCEmail: ip@incapsula.com OrgNOCRef: http://whois.arin.net/rest/poc/INCAP2-ARIN OrgAbuseHandle: INCAP1-ARIN OrgAbuseName: Incapsula AbuseDesk OrgAbusePhone: +1-866-250-7659 OrgAbuseEmail: abuse@incapsula.com OrgAbuseRef: http://whois.arin.net/rest/poc/INCAP1-ARIN OrgTechHandle: INCAP2-ARIN OrgTechName: Incapsula Operations OrgTechPhone: +1-866-250-7659 OrgTechEmail: ip@incapsula.com OrgTechRef: http://whois.arin.net/rest/poc/INCAP2-ARIN OrgTechHandle: BRONS9-ARIN OrgTechName: Bronstein, Tomer OrgTechPhone: +1-866-250-7659 OrgTechEmail: tomer@incapsula.com OrgTechRef: http://whois.arin.net/rest/poc/BRONS9-ARIN [/code] Your issue is with that Belkin router, I believe. [/quote] this is what I get: [code] $ ping -c3 forums.androidcentral.com PING iolqy.x.incapdns.net (192.230.66.0) 56(84) bytes of data. 64 bytes from 192.230.66.0: icmp_seq=1 ttl=52 time=24.8 ms 64 bytes from 192.230.66.0: icmp_seq=2 ttl=52 time=20.8 ms 64 bytes from 192.230.66.0: icmp_seq=3 ttl=52 time=24.3 ms --- iolqy.x.incapdns.net ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 20.858/23.353/24.898/1.789 ms [/code] [code] # whois 192.230.66.0 # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # http://www.arin.net/public/whoisinaccuracy/index.xhtml # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=192.230.66.0?showDetails=true&showARIN=false&ext=netref2 # NetRange: 192.230.64.0 - 192.230.127.255 CIDR: 192.230.64.0/18 NetName: INCAPSULA-NETWORK NetHandle: NET-192-230-64-0-1 Parent: NET192 (NET-192-0-0-0-0) NetType: Direct Assignment OriginAS: AS19551 Organization: Incapsula Inc (INCAP-5) RegDate: 2013-05-08 Updated: 2013-05-08 Ref: http://whois.arin.net/rest/net/NET-192-230-64-0-1 OrgName: Incapsula Inc OrgId: INCAP-5 Address: 3500 SOUTH DUPONT HIGHWAY City: Dover StateProv: DE PostalCode: 19901 Country: US RegDate: 2010-09-15 Updated: 2014-06-12 Ref: http://whois.arin.net/rest/org/INCAP-5 OrgNOCHandle: INCAP2-ARIN OrgNOCName: Incapsula Operations OrgNOCPhone: +1-866-250-7659 OrgNOCEmail: ip@incapsula.com OrgNOCRef: http://whois.arin.net/rest/poc/INCAP2-ARIN OrgAbuseHandle: INCAP1-ARIN OrgAbuseName: Incapsula AbuseDesk OrgAbusePhone: +1-866-250-7659 OrgAbuseEmail: abuse@incapsula.com OrgAbuseRef: http://whois.arin.net/rest/poc/INCAP1-ARIN OrgTechHandle: INCAP2-ARIN OrgTechName: Incapsula Operations OrgTechPhone: +1-866-250-7659 OrgTechEmail: ip@incapsula.com OrgTechRef: http://whois.arin.net/rest/poc/INCAP2-ARIN OrgTechHandle: BRONS9-ARIN OrgTechName: Bronstein, Tomer OrgTechPhone: +1-866-250-7659 OrgTechEmail: tomer@incapsula.com OrgTechRef: http://whois.arin.net/rest/poc/BRONS9-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # # If you see inaccuracies in the results, please report at # http://www.arin.net/public/whoisinaccuracy/index.xhtml # [/code] [code] # nslookup - 8.8.8.8 > forums.androidcentral.com Server: 8.8.8.8 Address: 8.8.8.8#53 Non-authoritative answer: forums.androidcentral.com canonical name = iolqy.x.incapdns.net. Name: iolqy.x.incapdns.net Address: 192.230.66.0 > exit [/code] I thought it was 192.168.x.x that was reserved and not routable. From the results I get they are on 192.230.x.x. I also beleive the issue is with the belkin router. If this is them pinging me back [code] **Smurf** 192.168.1.118->> 192.230.66.0, Type:8, Code:0 (from LAN Inbound) [/code] wouldn't turning off the blocking of wan pings allow that in? I shouldn't have to turn the firewall off completely to allow that through. and I wouldn't want to forward port 80 in. Quote Link to comment Share on other sites More sharing options...
alphaomega Posted March 27, 2015 Author Share Posted March 27, 2015 Well you have to understand that speed tests will be different depending on the server you select to test on. That and not all files will download at the same speed as this not only depends on your speed but also the speed of the server/website you are downloading from. For instance, I get 120mbps download on speedtest sites when I choose a close server but I rarely get anywhere close to that speed on actual downloads. Also I agree with Eric, your traceroute shows your not even leaving your own network (192.168.x.x) and it sounds like the problem may be your router. Because the tests aren't exactly that accurate I tend to clear my cache and run multiple tests using various locations and just average it in my head as a baseline. Quote Link to comment Share on other sites More sharing options...
crp Posted March 27, 2015 Share Posted March 27, 2015 hi OP, you are correct 192.168.x.x is non-routable . 10.x.x.x is the only classA that is non-routable my tracert shows d:\>tracert forums.androidcentral.com Tracing route to iolqy.x.incapdns.net [192.230.66.0] over a maximum of 30 hops: 1 1 ms <1 ms <1 ms 192.168.11.11 2 1 ms 1 ms 1 ms qwestmodem.Home [192.168.0.1] 3 26 ms 26 ms 25 ms tukw-dsl-gw68.tukw.qwest.net [63.231.10.68] 4 27 ms 26 ms 28 ms tukw-agw1.inet.qwest.net [71.217.186.25] 5 27 ms 28 ms 27 ms sea-brdr-02.inet.qwest.net [67.14.41.18] 6 27 ms 27 ms 27 ms ae1.sea23.ip4.gtt.net [199.229.230.213] 7 98 ms 125 ms 104 ms xe-1-0-3.dal33.ip4.gtt.net [141.136.109.150] 8 96 ms 97 ms 97 ms gtt-gw.ip4.gtt.net [173.241.130.154] 9 96 ms 95 ms 96 ms ae-0.incapsula.dllstx04.us.bb.gin.ntt.net [129.250.204.182] 10 95 ms 96 ms 95 ms 192.230.66.0 Trace complete. comparing to yours and considering that using a proxy server got you to the target web page, I am wondering if there was a switching office between you and that site which was having problems.The Belkin interpreted it as a smurf attack and the other firewalls as just static noise. Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted March 27, 2015 Share Posted March 27, 2015 Yup. My mistake... https://en.wikipedia.org/wiki/Private_network#Private_IPv4_address_space --- My nslookup for forums.androidcentral.com: forums.androidcentral.com canonical name = iolqy.x.incapdns.net. Name: iolqy.x.incapdns.net Address: 199.83.135.0 There's still something fishy going on with your router/dns. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.