Re: "connection timed out" problem

On Sat, 01 Apr 2006, in the Usenet newsgroup comp.security.firewalls, in article
<122rooej8hv7a8b@corp.supernews.com>, Skywise wrote:

>I am having a problem with "connection timed out" and it's
>driving me nutz! I tried asking over in the w2k group but
>didn't get much help.

The clue is shown - don't know why no one is wagging the finger at it.

>It's a new win2k setup with dialup access to the net.

>I've used ethereal to examine traffic and I'm noticing two things.
>
>One is that when this happens there's a lot of "ICMP destination
>unreachable". This always comes on the heals of a "DNS query
>response" and is being sent by my machine to the DNS server.

OK - let's stop RIGHT THERE. The normal sequence is you send a UDP
query to "a" name server - usually the first one listed in "ipconfig /all".
The source port number on _your_ system will be some number above 1025, and
the destination port number on the server will be 53. Anywhere from a few
milliseconds to ten or twenty seconds later, that server should respond
from it's UDP 53 to the UDP port number you used to initiate the exchange.
If the first server listed did not respond in a short period (the UNIX
standard is five seconds), your system may send a similar query from a
different port number to the "second" name server listed repeating the
try. If there is a third name server listed (generally the maximum
allowed), a query may go out to it five seconds after the one to the second
server. All of this assumes there is a network path to those name servers.

What appears to be happening here is that you have some firewall function
running that is blocking these responses, and telling the name server to go
fsck off. This could be because you have an explicit rule somewhere that
identifies the name servers as bad guys. A more common problem with the
typical "personal firewall" is that it's set with tight timing - such that
if the response from the name server is delayed for more than a small amount
of time (perhaps a second or two), the "personal firewall" forgets about the
request, and assumes the response when it finally comes is unsolicited.
There might be a tuning parameter in the firewall - I wouldn't know as I
don't use windoze, never mind these so-called "personal firewalls".

>Second, using the above example of downloading a file and then
>trying to load a webpage, it appears the request doesn't even
>go out. The GET commands never show up in the packets. The web
>page times out instantly.

Yes - because your O/S doesn't know where to send the GET command - it
can't find the IP address of the remote web server. (Hostnames are for
the convenience of humans - computers use IP addresses.)

>I was having problems with my modem anyway, so I changed to my
>old tried and true USR 56k sportster. No change.

Not a hardware problem.

>I have tried different modem drivers. No change. (btw, the modem
>is known good, having been used on several computers previously)

Real modems don't use drivers - but this isn't a modem problem.

>I did find I forgot to set my DNS servers, but setting this had
>no effect.

Sounds as if your ISP is setting them for you over the modem line using
RFC2153.

>I thought it might be my antivirus, so I uninstalled it. No change.

Unlikely in the extreme

>I thought it might be my firewall (Kerio 4.0). I reluctantly
>disabled it for a minute and still had the problem.

None the less, that's probably the problem.

>I've even looked around the registry but nothing obvious seemed
>to pop up.

I don't do windoze. However, are you also using some OTHER anti-malware
such as anti-trojans, anti-spyware, etc - all the extra crap I don't need
to worry about?

>This is affecting everything, so it's got to be something system
>level. Heck, it even affects PINGing from a command prompt.

It's actually only at the network level - but that is so blurred in
windoze you can't tell the difference.

        Old guy
Received on Mon May 1 01:03:59 2006