Re: "connection timed out" problem
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: "connection timed out" problem

From: Moe Trin <ibuprofin@painkiller.example.tld>
Date: Sun Apr 02 2006 - 05:55:15 CEST



On Sun, 02 Apr 2006, in the Usenet newsgroup comp.security.firewalls, in article


<122uaed4lg2r83c@corp.supernews.com>, Skywise wrote:


>Skywise <into@oblivion.nothing.com> wrote in


>news:122tth42j2ijv1c@corp.supernews.com: 



>> <Snipola of excellent info>



Yeah, I'm a *nix network administrator - I work with this stuff all the


time. Hope it made sense to you.



>> I've used this firewall on other machines with no problem. Being


>> on a new machine there's not many rules setup yet. I've looked


>> aroudn in it's settings but didn't notice anything that might do


>> this.



None the less, your description of the failure does indicate a firewall


problem of some kind.  Re- the description I gave up-thread: Your system


asked the DNS server to translate name to IP. Note the exact time this


occurs. Then note the exact time that that server replies (match up port


numbers to see which reply is which). Then note the exact time of the


ICMP Port Unreachable. If you can see inside that ICMP packet, it has the


addresses and port numbers (it actually has at least the IP header of 20+


bytes and the first 8 bytes of the datagram which would in this case be


the entire UDP header).  What I'm guessing is that the name server is


slow (say more than a second - perhaps more than five seconds), and the


firewall code is rejecting it.



>> I suppose it could just be a flakey install, to which reinstalling


>> may fix.


>


>OK...uninstalled the firewall and went online. Still had the same


>problems.



I don't do windoze, but my understanding is that should have made things


work. Reinstall the firewall - I don't want you getting cracked because it's


missing now.



I'm making an assumption by your use of ethereal that you would have noticed


that the packets are actually using the right interface. Some of the


anti-malware stuff has been known to stick hostnames into the hosts file


(I dunno - c:\windoze\hosts or c:\winnt\system32\drivers\hosts) with a


127.0.0.1 address to block access to those remote systems.



>I'm really thinking there's some sort of "system level" problem.


>Something in Windows' networking settings. Oh, and in case it


>wasn't clear before, this is a dial up connection.



OK - a dialup means you'll get a new IP address every time you dial in, so


your posting the output of "ipconfig /all" isn't going to expose you to


anything - you won't be using that address for a while. What I'd be looking


at is that the name servers (at least one, maybe up to three IP addresses)


are real name servers. (I just hope your ISP isn't using RFC1918 addresses,


as noone but them can make sense of them in that case.)  As far as the


difference between dialup verses cable or a hardwired Ethernet in the office


- the name server assignment mechanism _may_ be slightly different, but once


you have the addresses where your O/S can use them (either by setting them


manually or through some automagic means) there is absolutely no differences.



        Old guy


Received on Mon May  1 01:04:07 2006