black listing of web traffic

Jim Shankland nanog at shankland.org
Tue Feb 9 21:55:59 UTC 2010


Andrey Gordon wrote:
> Can't find my IP on any of the black lists. Don't have any proxies. Sites
> that behave poorly are consistent. That is to say that facebook.com,
> apple.com would always come up without an issue, but cnn.com,
> forever21.com(i know, don't ask, students),
> store.apple.com would consistently take forever to come up.
> 
> Just wanted to check of rate-limiting web clients is a common practice
> nowdays in the industry. If it's not, it's probably an unlikely cause of my
> troubles...

Other things you might want to check out include whether your NAT
gateway is well-behaved in the presence of PMTU discovery, TCP
timestamps, and ECN.  The web sites your students are having trouble
with may share some property that, correctly or not, is interacting
poorly with your NAT implementation.

(I remain astonished at the number of "big name" web sites out there
that send out their content with the DF bit set, then drop the
"fragmentation required" ICMP packets they get back on the floor.)

Jim Shankland




More information about the NANOG mailing list