Failure with single web site (detailed)

  • Thread starter Thread starter Kevin Underriner
  • Start date Start date
K

Kevin Underriner

Problem: unable to connect to a single web site (www.linkedin.com;
69.25.56.150).

Summary: I have no idea if this is at all possible ... it seems as if there
is something preventing HTTP traffic to and from IP address 69.25.56.150 on
only the afflicted machine.

Details:

System is Windows XP with all current service packs and updates.

Browser failure is with both ie7 and firefox (both updated with all current
packs/patches).

Problem has started very recently - web site was actively used up to three
days ago.

No changes were (consciously) made to the machine.

DNS resolution is fine. nslookup www.linkedin.com responds with
69.25.56.150.

ping works fine (ping www.linkedin.com or ping 69.25.56.150).

Site is accessible from another machine on the same network (this eliminates
any weird route caching on the network hardware).

Hosts file has nothing of interest.

Other linkedin ip addresses work (http://69.25.56.151), but any redirection
to a link with www.linkedin.com in the address fail as this of course goes
back to 69.25.56.150.

No proxies exist - direct network connection.

Problem is unaffected by the use of firewall (sygate), or any of the Norton
security stuff.

Spyware - clean. Adware - clean. Hijackthis - clean.

ipconfig /release, /renew, /fushdns, /registerdns - no affect.

Of course there were many (many) reboots during the diagnostics and testing
issued above.
 
Kevin said:
Problem: unable to connect to a single web site (www.linkedin.com;
69.25.56.150).

Summary: I have no idea if this is at all possible ... it seems as if there
is something preventing HTTP traffic to and from IP address 69.25.56.150 on
only the afflicted machine.

Details:

System is Windows XP with all current service packs and updates.

Browser failure is with both ie7 and firefox (both updated with all current
packs/patches).

Problem has started very recently - web site was actively used up to three
days ago.

No changes were (consciously) made to the machine.

DNS resolution is fine. nslookup www.linkedin.com responds with
69.25.56.150.

ping works fine (ping www.linkedin.com or ping 69.25.56.150).

Site is accessible from another machine on the same network (this eliminates
any weird route caching on the network hardware).

Hosts file has nothing of interest.

Other linkedin ip addresses work (http://69.25.56.151), but any redirection
to a link with www.linkedin.com in the address fail as this of course goes
back to 69.25.56.150.

No proxies exist - direct network connection.

Problem is unaffected by the use of firewall (sygate), or any of the Norton
security stuff.

Spyware - clean. Adware - clean. Hijackthis - clean.

ipconfig /release, /renew, /fushdns, /registerdns - no affect.

Of course there were many (many) reboots during the diagnostics and testing
issued above.
Click to expand...

Do you have any antispam type of software running? I see you have a
Norton product and I believe they have an antispam function in some of
their software. It may be that a recent update to an antispam type of
program is identifying this website as spam. SpywareBlaster also does
this sort of thing and Spybot Search & Destroy has an "immunization"
feature but IIRC only for IE.


Malke
 
Malke said:
Do you have any antispam type of software running? I see you have a Norton
product and I believe they have an antispam function in some of their
software. It may be that a recent update to an antispam type of program is
identifying this website as spam. SpywareBlaster also does this sort of
thing and Spybot Search & Destroy has an "immunization" feature but IIRC
only for IE.
Click to expand...

I ran tests with and without antispam, firewalls, security, etc. So, to
answer your question, no, I do not have any antispam software running.

Also, on rereading my original post, there may be some confusion - all web
sites that I've tried succeed perfectly. Only 69.25.56.150
(www.linkedin.com) fails.

Additional Diagnostics:

69.25.56.150 is www.linkedin.com
69.25.56.151 is another ip address for some part of the linked in pages, but
not the regular site

telnet 69.25.56.150 80 - this fails (times out)
telnet 69.25.56.151 80 - this succeeds

The telnet test isn't that surprising - same results can be seen from a
browser. The telnet test does however eliminate the problem being specific
to ie7 or firefox.

We also know that not everything is blocked to/from 69.25.56.150. Both ping
and "telnet 69.25.56.150 25" succeed. Port 25 is SMTP.

BTW - all command line tests are run from cygwin.
 
Longshot, but; have you tried using http://69.25.56.150/ to access the
site?

Internap Network Services PNAP-12-2002 (NET-69-25-0-0-1)
69.25.0.0 - 69.25.255.255
LinkedIN INAP-SJE-LINKEDIN-1404 (NET-69-25-56-128-1)
69.25.56.128 - 69.25.56.255

# ARIN WHOIS database, last updated 2007-04-08 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Any chance it got added to your HOSTS file somehow? Just ramble-thinking;
probably njothing helpful there, but ... Pop`
 
Yes, I've tried IP addresses as well as hostnames. Nothing in hosts, no
problem with DNS.

Recent test is interesting:
- telnet 69.25.56.150 80 fails
- telnet 69.25.56.151 80 succeeds

The above isn't so surprising as this duplicates the test using IP
addresses as a URL in browser.

- telnet 69.25.56.150 25 succeeds

Port 25 is SMTP. So it seems that I can successfully communicate with
69.25.56.150 with anything except port 80.

Another test:

I use sygate firewall, and yes, I've run tests with and without it running,
same result. I did a packet check with sygate: everything appears normal
when using http://www.linkedin.com as a URL in ie7 - meaning, that the
sygate firewall is receiving the information from the browser, so the
problem occurs after sygate.

Next test: power cycle router, hub, etc and force system to get a different
IP address.
 
Problem recap:
- all web sites except one worked fine
- failing web site worked fine from other machine on same network
- from command line, able to ping and telnet to failing web site
- many tests seemed to indicate that problem was isolated to specific
site and only HTTP (port 80)

Solution:
- problem was with the router
- forced new IP address for failing machine and rebooted router

Notes:
- prior to router "fix" there was nothing in the router that suggested
reason for problem
- not sure if it was the router reboot or new IP address that fixed
problem
- router is a D-Link AirPlus XtremeG
 
Back
Top