• This Forum is for adults 18 years of age or over. By continuing to use this Forum you are confirming that you are 18 or older. No content shall be viewed by any person under 18 in California.

Can Only Connect to Forum with Cellular?

Yep, I'm embracing the jd Sun-Spot IP Wave Distortion Theory. Sun just went down here, and I'm golden.

I've been unable to connect with my MacBook all day, and now-- Bingo!!:)

My expertise in this sort of thing has been woefully unappreciated by most of y'all, and for that I'll accept any apologies that might be offered.

I've got a plethora of other scientific theories, as well as brilliant philosophical insight if anyone is interested. jd
 
Given the comments so far and my own problems this morning I suspect a DOS attack.

To me (FWIW) it certainly smells like a DDOS (Distributed Denial of Service) attack. What you are all reporting is exactly that. That is appears intermittent is also another clue. But... I might be wrong! (always a possibility).

When I lost the ability to connect to the forum site (this one) this morning (my time) I was always able to ping. But traceroutes broke half way and still do - but I am now happily logged in. The break in the traces are consistently in the GTT network and I suspect that a gateway somewhere is simply not responding to ICMP packets (the web browser/server uses TCP which is quite different). That my pings (also ICMP) always reached the server indicates to me that the routing and DNS systems are fine.

The behaviour being reported is identical to that I have endured on my own servers for many years - and to this very day.

The Forum Boss is I know working feverishly to get on top of this. It is hard, and soul destroying. It's not like we administrators don't have better things to do than deal with all the crap some people/outfits out there on the internet throw at us! Especially on a Sunday!
 
jds holler said:
Yep, I'm embracing the jd Sun-Spot IP Wave Distortion Theory. Sun just went down here, and I'm golden.

I've been unable to connect with my MacBook all day, and now-- Bingo!!:)

My expertise in this sort of thing has been woefully unappreciated by most of y'all, and for that I'll accept any apologies that might be offered.

I've got a plethora of other scientific theories, as well as brilliant philosophical insight if anyone is interested. jd
Click to expand...

Same for me, I couldn’t connect on I-pad or iPhone during the day but now that the sun is down I can get on both of them. That seems a little far fetched but for whatever reason it’s seems to be....
 
carlsbad said:
Ron,
Can you check forum.accurateshooter.com? I had no problem getting to the website, just the forum. --Jerry
Click to expand...

Yeah, I ran into the same problem. The nslookup, ping and tracert were for forum.accurateshooter.com but it is working now. The results are what it should look like with the exception of the tracert. That should originate at the users machine and follow an appropriate path depending on the state of the AS Paths between the user and the server.

P.S. Forgot that many are not familiar with the command line. The format of the commands on the command line when the DOS VM window is started (cmd.exe) are:
nslookup forum.accurateshooter.com
ping forum.accurateshooter.com
and
tracert forum.accurateshooter.com
 
ddos could be happening but they use a CDN sucuri.net and that would tell them if they were and pretty much protect them unless its a massive one affecting sucuri
 
GeoffR said:
Given the comments so far and my own problems this morning I suspect a DOS attack.

To me (FWIW) it certainly smells like a DDOS (Distributed Denial of Service) attack. What you are all reporting is exactly that. That is appears intermittent is also another clue. But... I might be wrong! (always a possibility).

When I lost the ability to connect to the forum site (this one) this morning (my time) I was always able to ping. But traceroutes broke half way and still do - but I am now happily logged in. The break in the traces are consistently in the GTT network and I suspect that a gateway somewhere is simply not responding to ICMP packets (the web browser/server uses TCP which is quite different). That my pings (also ICMP) always reached the server indicates to me that the routing and DNS systems are fine.

The behaviour being reported is identical to that I have endured on my own servers for many years - and to this very day.

The Forum Boss is I know working feverishly to get on top of this. It is hard, and soul destroying. It's not like we administrators don't have better things to do than deal with all the crap some people/outfits out there on the internet throw at us! Especially on a Sunday!
Click to expand...

Interesting. If the trace route showed that it was making it partway there then I concur. Should be able to tell from the server side if it is a DDOS attack by the number of SYNC packets being received above the norm. I'm sure Jay is on it.
 
Yes, a SYN flood attack is what I'm thinking. Could be something else of course - there are plenty of DOS methods.

In my case over the last month or two I have been dealing with [specifically] random spoofing SYN floods and more recently sustained port scans from multiple concurrent sources. Also spoofed. There is not much that can be done in either case. But it would be nice to know! In my case the SYN floods diminished but the port scans are pretty much all the time.

I host two shooting related websites and one in particular comes under quite vicious and aggressive attack in various forms. But I am not sure if it is because they are shooting related that they are targeted - the other website is not shooting related in any way but still cops its fair share of crap.

A good firewall is absolutely essential. But no-one is immune to some of these types of attack (like SYN floods).
 
"no-one is immune". That seems to be the sad truth these days.

P.S. yes, SYN, not SYNC. I retired 6 months ago and have been attempting to forget all this technology. Seems my efforts are meeting with some success. :)
 
carlsbad said:
I've been fine through all if this. I have 4 computers around the house. All use chrome. Woke up this morning and assumed the site was down. Homepage is fine but forum won't connect. Same on all 4 computers trying 3 different browsers.

Finally decide to turn wifi off on rhe phone and it connected.

I dont like using the phone. Hope this gest resolved soon.
Click to expand...

Im using hotspot wifi on iphone for a cromebook and thats how ive been getting it to work after it quits on me.By turning phone off then back on usually works for a little while then have to repeat process.Just useing the iphone without the wifi on it would go straight to forums from homepage.Makes me think its some kinda security setting that's messing with it:mad:.
 
GeoffR said:
Yes, a SYN flood attack is what I'm thinking. Could be something else of course - there are plenty of DOS methods......
Click to expand...
Then why would my my connection to the forum be, seemingly, unaffected? I've had no issues at all. Normally when a site is under a DOS attack, doesn't it affect all traffic?
 
We have been working hard on this. There is still much to be learned.

But part of this seems to be weird routing patterns done by the service providers... bouncing the Forum access calls out overseas to other countries and back again.

We are trying to figure out why that is occurring.

In the meantime, some people have gotten better access by switching to a VPN service. Again we're not sure why that would work better, but it appears some internet providers have the wrong "road map" to the Forum site. It's like a postal package from CA to NV being sent to Brazil, then Japan, then Wash DC, then Mexico, and finally to NV.
 
So more info. I cannot get to the forum via my computer but I can via my cell phone which is what I'm posting on. The trace route shows that the request is bounced between from one gtt.net box to another and then to another where it fails to make to the next hop. When the tracert works, the next hop is the server. It was working this morning even though I could not get to the site via the browser.
Praveen and I were looking at it earlier and his tracert was failing but he could get to the site with his browser. He was starting to think that it looks like a docker container failure. Whatever it is, it looks like a gtt.net problem.
 
  • Like
Reactions: rwj
ronsatspokane said:
So more info. I cannot get to the forum via my computer but I can via my cell phone which is what I'm posting on. The trace route shows that the request is bounced between from one gtt.net box to another and then to another where it fails to make to the next hop. When the tracert works, the next hop is the server. It was working this morning even though I could not get to the site via the browser.
Praveen and I were looking at it earlier and his tracert was failing but he could get to the site with his browser. He was starting to think that it looks like a docker container failure. Whatever it is, it looks like a gtt.net problem.
Click to expand...

Say what:eek:?!
 
ronsatspokane said:
So more info. I cannot get to the forum via my computer but I can via my cell phone which is what I'm posting on. The trace route shows that the request is bounced between from one gtt.net box to another and then to another where it fails to make to the next hop. When the tracert works, the next hop is the server. It was working this morning even though I could not get to the site via the browser.
Praveen and I were looking at it earlier and his tracert was failing but he could get to the site with his browser. He was starting to think that it looks like a docker container failure. Whatever it is, it looks like a gtt.net problem.
Click to expand...
Yes, when I did traces yesterday it would stop inside GTT. But at the same time pings (also ICMP) were working and I was able to connect to the site (TCP) and even log in.

Today is slightly different. From my house using one ISP everything is fine. I am logged in (obviously) and traces and pings are fine. The last gateway before the site is ip4.gtt.net. The one before that is ae19.cr0-sjc1.ip4.gtt.net

So I log into my office system (using ssl) that uses a different ISP. From the office the trace stops at ip4.gtt.net. Meaning it doesn't quite make it. A ping fails also, as does an attempt to access the website from a browser. The route to ip4.gtt.net is slightly different but after that nothing from one ISP and OK with the other!

Very weird!
 
DRNewcomb said:
Then why would my my connection to the forum be, seemingly, unaffected? I've had no issues at all. Normally when a site is under a DOS attack, doesn't it affect all traffic?
Click to expand...
Not necessarily. It largely depends on the nature/type of the attack. There are many types.

The overall objective of the DOS attack is exactly that - prevent or at least reduce access to the site (or service). In the case of a SYN flood attack where the aim is to exhaust the servers system resources, some legitimate traffic can sneak through from time to time giving the impression of at least intermittent success. How effective the attack is is also dependent on how aggressive the attack is.

Note again that a SYN flood is but only one type of attack, and there are a coule of different types of SYN flood. There are others. I am currently under SYN flood and port scan attacks. In the former case the objective is to starve my system of resources. With the port scan where I am taking 20+ probes per second the objective is to see what TCP ports are open that might offer potential for an different attack. In other words, they are looking for weaknesses in my armour. So not really a DOS attack.

Such is the ugly world of the internet.
 
GeoffR said:
Yes, when I did traces yesterday it would stop inside GTT. But at the same time pings (also ICMP) were working and I was able to connect to the site (TCP) and even log in.

Today is slightly different. From my house using one ISP everything is fine. I am logged in (obviously) and traces and pings are fine. The last gateway before the site is ip4.gtt.net. The one before that is ae19.cr0-sjc1.ip4.gtt.net

So I log into my office system (using ssl) that uses a different ISP. From the office the trace stops at ip4.gtt.net. Meaning it doesn't quite make it. A ping fails also, as does an attempt to access the website from a browser. The route to ip4.gtt.net is slightly different but after that nothing from one ISP and OK with the other!

Very weird!
Click to expand...

Yeah, same thing I'm seeing. Not sure if those gtt.net boxes are real routers though but when it fails the last hop is not just ip4.gtt.net, it is some virtualized host. Pravens tracert fails but browser access works where I've seen the tracert work and fail and browser access fails regardless.
 
You must log in or register to reply here.

Similar threads

Rick300
  • Locked
Q Re Connection Issues to This Forum?
Replies
18
Views
468
Forum Boss
Forum Boss
SSL
Newest "Handgun" Teslong
Replies
8
Views
851
SSL
SSL
Teslong Borescope Info Re: WiFi Unit
Replies
18
Views
1,154
SSL
SSL

Upgrades & Donations

This Forum's expenses are primarily paid by member contributions. You can upgrade your Forum membership in seconds. Gold and Silver members get unlimited FREE classifieds for one year. Gold members can upload custom avatars.


Click Upgrade Membership Button ABOVE to get Gold or Silver Status.

You can also donate any amount, large or small, with the button below. Include your Forum Name in the PayPal Notes field.


To DONATE by CHECK, or make a recurring donation, CLICK HERE to learn how.

Classified Ads

Forum statistics

Threads
168,003
Messages
2,244,945
Members
80,929
Latest member
Hipshot4570

Share This Page

Back
Top