black listing of web traffic

gordon b slater gordslater at ieee.org
Wed Feb 10 01:42:48 UTC 2010


On Tue, 2010-02-09 at 17:04 -0500, Andrey Gordon wrote:
> Thx to all the folks replying off the list.
> 
> The more I trouble shoot the more I'm convinced that it's not the sites that
> are doing rate-limiting. I went to a website of one of my previous employers
> (a small company). Chances of them having a fancy reverse proxy with some
> sort of black list filtering are slim to none, yet their site barely opens
> up as well.
> 
> Must be something that either my firewall device is doing (which is what is
> doing the NATting) or I don't' know what else. I'm working with my firewall
> guy since f/w is his domain and I have no clue about that vendor of the
> firewalls (PaloAlto).
> 
> Thanks all for the suggestions. I'll keep digging.
> 

A few months ago I was involved in a hard-to-troubleshoot intermittent
problems similar to yours. I finally diagnosed a faulty or overloaded
state table somewhere in one of the cheap plastic routers they were
using. All problems ended when I replaced the cheap plastic stuff with a
x86 hardware running pf or iptables, I forget exactly which
(irrelevant).

Could it be that you have some arp-poisoning going on? That was my first
thought in the above situation, but Wireshark showed otherwise. 
The clue to the state tables - it was mainly SSL/TLS that was getting
expired/dropped. 

Gord





More information about the NANOG mailing list