dslreports logo
 
    All Forums Hot Topics Gallery
spc

spacer

Search Topic:
uniqs
2165
share rss forum feed


UCOZ

@supernews.net

[Connectivity] UCOZ server blocked by Comcast

Comcast is blocking access to one of our servers [193.109.247.157]

The issues has been reported to us by numerous users from different States, all of them with Comcast.

We would appreciate your help in this matter.

Here are a couple tracert:

Tracing route to ladieschoice.ucoz.com [193.109.247.157]
over a maximum of 30 hops:

1 * * * Request timed out.
2 * * * Request timed out.
3 40 ms 23 ms 16 ms te-2-1-ur02.rollingmdws.il.chicago.comcast.net [
68.86.118.173]
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Tracing route to progressivemind.ucoz.com [193.109.247.157]
over a maximum of 30 hops:

1 1ms 1ms 2ms 192.168.1.1
2 2 43ms 16ms 20ms c-98.220.192.1.hsd1.il.comcast.net [98.220.192.1]
3 11ms 12ms 12ms te-6-2-ur04.wchicagoil.il.chicago.comcast.net [68.77.229.149]
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA

2 recommendations

My guess is that they are not blocking it. I would say it is more of a routing issue.

Here is a traceroute from one of Comcast's Looking Glass sites:


1 te-1-4-0-6-102-cr01.newyork.ny.ibone.comcast.net (66.208.229.6) 4 msec 4 msec 4 msec

2 tengigabitethernet2-3.ar5.NYC1.gblx.net (64.211.60.129) [AS 3549] 0 msec 0 msec 0 msec

3 ae5-40G.scr4.NYC1.gblx.net (67.17.105.237) [AS 3549] 0 msec 0 msec 20 msec

4 ae14-0-20G.scr4.FRA4.gblx.net (67.16.166.45) [AS 3549] 136 msec 84 msec 84 msec

5 lag2.ar4.fra4.gblx.net (67.16.145.242) [AS 3549] 88 msec 84 msec 88 msec

6 rostelecom-ojsc.ethernet10-3.ar4.fra4.gblx.net (64.211.193.170) [AS 3549] 84 msec 84 msec 84 msec

7 46.61.141.134 [AS 12389] 136 msec
46.61.141.218 [AS 12389] 136 msec
46.61.141.134 [AS 12389] 136 msec

8 msk-bgw1-ae0-21.rt-comm.ru (213.59.5.109) [AS 8342] 124 msec 120 msec
msk-bgw1-ae0-83.rt-comm.ru (195.161.4.137) [AS 8342] 124 msec

9 mnogobyte.c.rt-comm.ru (217.106.2.30) [AS 8342] 124 msec 120 msec 124 msec

10 ix.quickline-gw.cust.mnogobyte.net (77.220.168.98) [AS 42632] 120 msec
quickline-gw.cust.mnogobyte.net (77.220.168.22) [AS 42632] 124 msec
ix.quickline-gw.cust.mnogobyte.net (77.220.168.98) [AS 42632] 120 msec

Kearnstd
Space Elf
Premium
join:2002-01-22
Mullica Hill, NJ
kudos:1

1 recommendation

reply to UCOZ
it could be those specific sites are having a problem because I can access the home page www.ucoz.com
--
[65 Arcanist]Filan(High Elf) Zone: Broadband Reports


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

1 recommendation

reply to ropeguru
I'm in agreement with ropeguru See Profile, this looks like a route announcement problem. It may not be with Comcast at all, but with an uplink provider on Comcast's side, or an uplink provider on UCOZ's side (I believe there are a couple). This could all be the case of BGP filtering somewhere; someone may have forgotten to permit a route announcement for a certain prefix or AS on some routers but allowed it on others. It could also be a prefix length limit being reached somewhere.

Before I get started: why is this being posted on DSLR/BBR? Why hasn't UCOZ used peeringdb to reach out to the official Comcast folks? All their contact info is available, including a phone number:

»www.peeringdb.com/private/partic ··· p?id=822

(If asked for a login/pass, use guest/guest)

Please reach out to Comcast via official means and not some public forum! This is what the peeringdb is for!

193.109.247.157 is part of 193.109.247.0/24, which is AS29076.

Furthermore, when did this issue begin? Using BGPlay I can see there were some route changes recently but that doesn't necessarily indicate anything (and the BGPlay instance I'm looking at is not Comcast-peered).
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless
reply to UCOZ
Well, FWIW, I can't do a traceroute from my Comcast connection either, but it seems to work from my AT&T Mobility connection using a tethered cell phone, and using my backup AT&T DSL connection.






Possibly a similar cause as in several recent threads in this forum regarding accessing hosting sites on the other side of the big pond (although those sites were in the UK, France, and Germany, not in Russia).

FWIW, this forum is a user helping other users forum, not a direct help forum for Comcast. If you register with this site, you can officially ask for help from Comcast using this site's http://www.dslreports.com/forum/comcastdirect forum.

--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


C_Chipperson
Monster Rain
Premium
join:2009-01-17
00000
kudos:3
reply to UCOZ
I am unable to access that site on my Comcast Business connection, but it loads just fine on my VZW android phone


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23
reply to koitsu
Note for Comcast customers reading this thread: there is no point in doing traceroutes, trying to visit websites, or pinging the site from your Comcast connection. It's not going to work -- Comcast's routers do not see the route for the netblock in question. That is what ropeguru See Profile and I are talking about. :-)

From Comcast's route server (route-server.newyork.ny.ibone.comcast.net; you can telnet there):


Two things to note:

1. The BGP routing table entry is for the /32, not the /24 which is supposedly advertised. That's already an indicator something is amiss.

2. The AS pathing for this /32 goes straight to AS64650, which is an internal AS (non-public). This could be a blackhole AS for Comcast, or it could be an AS used as a dumping ground for prefixes which aren't seen.

Using my own VPS box IP purely as a comparison model, you can see what things "should" look like:


So yes, I would say this is definitely a BGP-related issue. Someone isn't picking up a route announcement or isn't announcing a route somewhere in the mix.

--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.


tshirt
Premium
join:2004-07-11
Snohomish, WA
kudos:5
Reviews:
·Comcast

2 recommendations

reply to UCOZ
The last time ucoz reported comcast as blocking them, »[Connectivity] uCoz server blocked by Comcast it turn out to be due to malware/phishing schemes being run off those servers.
Strangely enough it's the same IP again.

Perhaps ucoz should investigate the sites FIRST rather than rushing over here to blame comcast.


koitsu
Premium,MVM
join:2002-07-16
Mountain View, CA
kudos:23

2 recommendations

said by tshirt:

The last time ucoz reported comcast as blocking them, »[Connectivity] uCoz server blocked by Comcast it turn out to be due to malware/phishing schemes being run off those servers.
Strangely enough it's the same IP again.

Perhaps ucoz should investigate the sites FIRST rather than rushing over here to blame comcast.

I had no idea of that issue/history -- thank you very much!

Yes, Comcast could indeed be null-routing their prefix then, to keep Comcast customers from getting infected by something. Can't say I blame them if that's the case.

UCOZ will need to talk directly to Comcast's NOC (see my previous post for details, re: peeringdb has the necessary stuff) to work this out. There's nothing the rest of us can do. UCOZ going forward should be able to determine if they're null routed or not (see previous post of mine for using their route views srever), and then contact Comcast.

Using DSLR/BBR as a "communication gateway" for this sort of thing is depressing and sad, especially if it keeps recurring. This isn't the place for "disputes" of this nature to get worked out. :/
--
Making life hard for others since 1977.
I speak for myself and not my employer/affiliates of my employer.


Caddyroger
Premium
join:2001-06-11
To the west

1 edit
reply to UCOZ
I am able to connect to the site from the west coast. I am using Comcast
--
Caddy


UCOZ

@supernews.net
OK .. as for the malware/phishing angle, are we to assume that Comcast is correct and all the other ISPs are just clueless??

Now, assuming that the issue is with something other than Comcast, somebody must explain, in definitive terms possibly, why customers with any ISP other than Comcast has no problems reaching our server.

Not looking for a dispute, but this needs to be resolved.

Thank you for your feedback and help guys!


ropeguru
Premium
join:2001-01-25
Mechanicsville, VA
I would not venture to say that all other ISP's are clueless but more like Comcast is more pro active against these types of sites when customers complain.

I will let someone else like Koitsu or Netfixer chime in on the other explanation.


NetFixer
Bah Humbug
Premium
join:2004-06-24
The Boro
Reviews:
·Vonage
·Comcast Business..
·Cingular Wireless

1 recommendation

said by ropeguru:

I would not venture to say that all other ISP's are clueless but more like Comcast is more pro active against these types of sites when customers complain.

I will let someone else like Koitsu or Netfixer chime in on the other explanation.

Actually, I already provided a possible solution. The OP could register on this site and open a thread in the »Comcast Direct forum. Whether this is actually a case of Comcast doing malware site blocking, or just a run of the mill router misconfiguration problem (which seems to be more likely), that would at least get someone at Comcast to look at the problem.
--
We can never have enough of nature.
We need to witness our own limits transgressed, and some life pasturing freely where we never wander.


UCOZ

@cox.net
Thanks!

will do


C_Chipperson
Monster Rain
Premium
join:2009-01-17
00000
kudos:3
reply to koitsu
10-4


JohnInSJ
Premium
join:2003-09-22
Aptos, CA
reply to UCOZ
Wow that IP address is all kinda bad - listed in multiple sites as malware/phising source.

I'd block it.
--
My place : »www.schettino.us

UCOZ

join:2012-10-24
Beverly Hills, CA
reply to NetFixer
Thanks ... I did that


jlivingood
Premium,VIP
join:2007-10-28
Philadelphia, PA
kudos:3
reply to JohnInSJ
said by JohnInSJ:

Wow that IP address is all kinda bad - listed in multiple sites as malware/phising source.

I'd block it.

I believe that is the issue - it is a source for (at least) phishing. Hopefully the hosting company can clean it up.
--
JL
Comcast