Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cisco 3845 Integrated Services Router -- Browsing problem

from [Jiju Susmer] Network Security [Permanent Link]
Subject: Re: Cisco 3845 Integrated Services Router -- Browsing problem
Date: Tue, 20 Sep 2005 03:33:05 -0700 (PDT) 
Hi,

I have attached the dump of the trace what lead to the
fix of this problem. I had to recreate this
environment to show what all things might go wrong in
networking.

The environment here has two ISPs connected via Linux
Box as Firewall. The connction was tried to a sql
server called examplehost.

-- JS

--- Jiju Susmer <jijususmer@yahoo.com> wrote:


At last it has been confirmed as:

Its  a typical cisco ios bug..the solution is to
enforce the router to handshake at 1400(mss
value).if
the mss value is set to default , the packets were
getting  dropped (coz of the bug)on the internet
(and
there is no way we can trace it..a bit simple but
complicated one.|:)

-- JS

--- Sasa Rasovic <sasarasovic@hotmail.com> wrote:


I suppose you should try adjusting your MTU and

mss

of transit packets on 
the public interface.
for example: ip tcp adjust-mss 1400


----- Original Message ----- 
From: "Jiju Susmer" <jijususmer@yahoo.com>
To: <firewalls@securityfocus.com>
Sent: Tuesday, August 30, 2005 6:30 AM
Subject: Cisco 3845 Integrated Services Router --
Browsing problem



Hi,

I have a client who installed CISCO 3845 ISR to
connect to the internet via a leading ISP. But

he

has

problem in accessing Certain sites, say

Google.com

comes fast and works fine, but yahoo, rediff etc
hangs.

One of the major features of this series router

is

Network Admission Control, but its turned off.

Content

filter is also off.

To see is not ISP problem we replaced the router

with

a lower series (2500), it worked fine with no

changes

in Workstation settings.

I know that this request doesn't belong here in

this

list, but as the members of this group are

dealing

with network, I suppose some one may have had

this

problem and can help me solving it.

Any luck?

Thanks

-- JS







____________________________________________________

Start your day with Yahoo! - make it your home

page

http://www.yahoo.com/r/hs







__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam
protection around 
http://mail.yahoo.com 




                
__________________________________ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com
ISP1 ISP2
[root@lnxfw1 root]# traceroute 217.33.37.234 [root@lnxfw2 root]# traceroute 217.33.37.234
traceroute to 217.33.37.234 (217.33.37.234), 30 hops max, 38 byte packets traceroute to 217.33.37.234 (217.33.37.234), 30 hops max, 38 byte packets
 1  10.2.71.1 (10.2.71.1)  7.122 ms  13.405 ms  10.457 ms  1  210.18.59.25.ISP2.net (210.18.59.25)  0.639 ms  0.419 ms  0.500 ms
 2  24.231.88.202.asianet.co.in (202.88.231.24)  8.397 ms  11.919 ms  11.966 ms  2  lan-202-144-2-65.maa.ISP2.net (202.144.2.65)  2.357 ms * *
 3  1.231.88.202.asianet.co.in (202.88.231.1)  18.926 ms  10.934 ms  9.961 ms  3  lan-202-144-18-113.maa.ISP2.net (202.144.18.113)  2.223 ms  2.643 ms  3.439 ms
 4  4.231.88.202.asianet.co.in (202.88.231.4)  153.714 ms  181.694 ms  185.738 ms  4  * * lan-202-144-2-158.maa.ISP2.net (202.144.2.158)  14.124 ms
 5  61.246.224.209 (61.246.224.209)  166.181 ms  183.734 ms  184.706 ms  5  lan-202-144-53-6.maa.ISP2.net (202.144.53.6)  90.978 ms  91.866 ms  91.214 ms
 6  202.56.223.229 (202.56.223.229)  182.706 ms  197.769 ms  175.225 ms  6  lan-202-144-2-250.maa.ISP2.net (202.144.2.250)  268.595 ms  261.343 ms  262.228 ms
 7  59.145.6.38 (59.145.6.38)  151.138 ms  144.159 ms  146.668 ms  7  12.118.130.13 (12.118.130.13)  265.705 ms  261.798 ms  261.735 ms
 8  203.208.147.81 (203.208.147.81)  364.505 ms  402.583 ms  380.043 ms  8  tbr1-p010602.la2ca.ip.att.net (12.123.199.118)  326.238 ms  325.288 ms  326.666 ms
 9  208.50.13.185 (208.50.13.185)  355.952 ms  437.660 ms so4-1-0-622M.ar2.PAO2.gblx.net (208.50.13.165)  415.155 ms  9  tbr1-cl2.dlstx.ip.att.net (12.122.10.49)  334.968 ms  325.707 ms  324.149 ms
10  so1-0-0-2488M.ar3.LON3.gblx.net (67.17.73.93)  457.188 ms  481.771 ms  462.620 ms 10  tbr2-cl1.attga.ip.att.net (12.122.2.90)  325.656 ms  325.147 ms  324.487 ms
11  ip-208.49.147.82.gblx.net (208.49.147.82)  915.946 ms  1010.026 ms  991.554 ms 11  tbr1-cl1.attga.ip.att.net (12.122.9.157)  319.601 ms  319.408 ms  318.596 ms
12  t2c1-ge6-0.uk-glo.eu.bt.net (166.49.135.139)  994.575 ms  972.485 ms  1020.088 ms 12  tbr2-cl1.wswdc.ip.att.net (12.122.10.69)  318.489 ms  328.828 ms  319.920 ms
13  t2c1-p4-2.uk-eal.eu.bt.net (166.49.208.9)  956.997 ms  935.924 ms  982.020 ms 13  12.122.81.249 (12.122.81.249)  324.407 ms  324.567 ms  324.178 ms
14  166-49-168-6.eu.bt.net (166.49.168.6)  1006.571 ms  1042.066 ms  999.584 ms 14  12.118.44.38 (12.118.44.38)  317.262 ms  317.355 ms  318.742 ms
15  core2-pos7-1.ealing.ukcore.bt.net (194.72.17.125)  972.012 ms  1096.187 ms  1207.381 ms 15  t2c1-p4-0.uk-eal.eu.bt.net (166.49.164.73)  424.409 ms  424.651 ms  423.807 ms
16  core2-pos13-1.reading.ukcore.bt.net (62.6.196.241)  1055.129 ms  1088.048 ms  1034.560 ms 16  166-49-168-14.eu.bt.net (166.49.168.14)  430.190 ms  430.714 ms  425.303 ms
17  core2-pos15-3.birmingham.ukcore.bt.net (194.74.16.249)  1032.717 ms  1085.660 ms  1086.722 ms 17  core1-pos4-2.ealing.ukcore.bt.net (194.72.9.233)  425.259 ms  425.698 ms  428.212 ms
18  core2-pos7-0.edinburgh.ukcore.bt.net (194.74.16.238)  1101.692 ms  1130.236 ms  1161.835 ms 18  core1-pos13-1.reading.ukcore.bt.net (62.6.196.237)  434.074 ms  510.316 ms  432.435 ms
19  mspaccess1-gig0-0-0.edinburgh.fixed.bt.net (62.6.199.8)  1091.279 ms  1049.641 ms  959.989 ms 19  core1-pos5-2.birmingham.ukcore.bt.net (195.99.120.225)  440.672 ms  440.211 ms  439.336 ms
20  ftip002704852.mspaccess1.edinburgh.fixed-nte.bt.net (62.172.37.46)  954.994 ms  953.996 ms  942.966 ms 20  core1-pos14-2.edinburgh.ukcore.bt.net (62.6.196.94)  439.811 ms  439.339 ms  440.308 ms
21  examplehost (217.33.37.234)  930.935 ms  938.438 ms  986.533 ms 21  mspaccess1-gig0-0-0.edinburgh.fixed.bt.net (62.6.199.8)  442.813 ms  443.181 ms  441.797 ms
22  ftip002704852.mspaccess1.edinburgh.fixed-nte.bt.net (62.172.37.46)  438.782 ms  446.997 ms  438.915 ms
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
Tcpdump for telnet access to 1433 (MSSQL) Tcpdump for telnet access to 1433 (MSSQL)
[root@lnxfw1 root]# telnet 217.33.37.234 1433 [root@lnxfw2 root]# telnet 217.33.37.234 1433
Trying 217.33.37.234... Trying 217.33.37.234...
020765 202.83.45.252.32778 > examplehost.ms-sql-s: S [tcp sum ok] 3667081188:3667081188(0) 000466 210.18.59.27.ISP2.net.37321 > examplehost.ms-sql-s: S [tcp sum ok] 3165015745:3165015745(0)
win 5840 <mss 1460,sackOK,timestamp 6139835 0,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 39007, len 60) win 5840 <mss 1460,sackOK,timestamp 2343955540,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 55651, len 60)
Connected to examplehost (217.33.37.234). 2. 993526 210.18.59.27.ISP2.net.37321 > examplehost.ms-sql-s: S [tcp sum ok] 3165015745:3165015745(0)
Escape character is '^]'. win 5840 <mss 1460,sackOK,timestamp 234395854 0,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 55652, len 60)
007313 examplehost.ms-sql-s > 202.83.45.252.32778: S [tcp sum ok] 3768683988:3768683988(0) 3. 986710 210.18.59.27.ISP2.net.37321 > examplehost.ms-sql-s: S [tcp sum ok] 3165015745:3165015745(0)
ack 3667081189 win 1460 <mss 1460,nop,wscale 0,nop,nop,timestamp 0 0,nop,nop,sackOK> (DF) (ttl 77, id 61843, len 64) win 5840 <mss 1460,sackOK,timestamp 234396454 0,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 55653, len 60)
000020 202.83.45.252.32778 > examplehost.ms-sql-s: . [tcp sum ok] 1:1(0) 2. 601261 210.18.59.27.ISP2.net.37321 > examplehost.ms-sql-s: S [tcp sum ok] 3165015745:3165015745(0)
ack 1 win 5840 <nop,nop,timestamp 6139923 0> (DF) [tos 0x10]  (ttl 64, id 39008, len 52) win 5840 <mss 1460,sackOK,timestamp 234397654 0,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 55654, len 60)
315145 210.18.59.27.ISP2.net.37321 > examplehost.ms-sql-s: S [tcp sum ok] 3165015745:3165015745(0)
win 5840 <mss 1460,sackOK,timestamp 2344000540,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 55655, len 60)
1. 199946 210.18.59.27.ISP2.net.37321 > examplehost.ms-sql-s: S [tcp sum ok] 3165015745:3165015745(0)
win 5840 <mss 1460,sackOK,timestamp 234404854 0,nop,wscale 0> (DF) [tos 0x10]  (ttl 64, id 55656, len 60)
telnet: connect to address 217.33.37.234: Connection timed out
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: RE: Ports for Cisco VPN 3000 Series, lakshaya4u
Next by Date:  re: Trace route query, Robert MacDonald
Previous by Thread:  Re: Cisco 3845 Integrated Services Router -- Browsing problem, Jiju Susmer
Next by Thread:  Re: Cisco 3845 Integrated Services Router -- Browsing problem, Jiju Susmer
Indexes:  [Date] [Thread] [Top] [All Lists]