User comments on ISPs
  >> Entanet International Ltd.


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | [2] | (show all)   Print Thread
Standard User RobertoS
(sensei) Wed 09-Jan-13 20:42:10
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: Uilebheist] [link to this post]
 
What's this "RST"? I assume it isn't what I see in the acronym finder - "RST Resolved Sexual Tension".

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet Extra Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User Uilebheist
(legend) Wed 09-Jan-13 20:45:04
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: RobertoS] [link to this post]
 
It's a type of TCP packet (well, a flag in a packet)
Simplifying a bit, to open connection you send a SYN, the other part will send an ACK to accept connection or RST to refuse.
etcetera.
edit - full details in RFC 793 and updates to it if you have problems sleeping.

Edited by Uilebheist (Wed 09-Jan-13 20:50:09)

Standard User RobertoS
(sensei) Wed 09-Jan-13 20:52:17
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: Uilebheist] [link to this post]
 
Thanks smile.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet Extra Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.


Register (or login) on our website and you will not see this ad.

Standard User Uilebheist
(legend) Wed 09-Jan-13 21:02:22
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: RobertoS] [link to this post]
 
Of couse the meaning you found may well apply - meaning your connection is [....]
(fill the blank with word which would get me banned from the forum tongue)
Standard User RobertoS
(sensei) Wed 09-Jan-13 21:19:38
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: Uilebheist] [link to this post]
 
Well there was a list of 20-30 to choose from, and then I thought of the context here and the suppliers involved. But I don't think we are thinking of the same word, as you just mentioned the connection.

My broadband basic info/help site - www.robertos.me.uk | Domains,website and mail hosting - Tsohost.
Connection - Plusnet Extra Fibre (FTTC). Sync ~ 54.0/14.9Mbps @ 600m. - BQM

"Where talent is a dwarf, self-esteem is a giant." - Jean-Antoine Petit-Senn.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Allergy information: This post was manufactured in an environment where nuts are present. It may include traces of understatement, litotes and humour.
Standard User legume
(experienced) Wed 09-Jan-13 21:22:26
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: Uilebheist] [link to this post]
 
Hmm, if you have tcptraceroute (or on Linux "traceroute -T" will do) you can see after which hop you get the RST. If you get the RST from "very near" (after 3 hops for example) then that would help pointing the finger at Enta.


I'll give it ago tomorrow - but I don't really expect it to show anything, as you can see from the dumps it's not an instant RST. In the case of nntp I can actually get the headers and the RST only comes when trying to get the body of a post. Likewise with git there is initial communication and then when the data starts to flow it's only then that the connection gets interrupted.
Standard User Uilebheist
(legend) Wed 09-Jan-13 21:39:01
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: legume] [link to this post]
 
Problem is, unless you can monitor both ends of the connection you'll have a problem showing that the RST is spoofed. Enta will just say that Giganews (or whoever) reset the connection on you.
Of course, if you just happened to have a server listening on port 119... (wouldn't even need to do anything, just say echo whatever you type in it and see how long before you get an RST which you know the server didn't send). Hmmm, I'm sure I could arrange a temporary one in a matter of seconds if that helps (but I'll need to know which IP address you'd be connecting from, as it wouldn't be open to the world).
Standard User legume
(experienced) Wed 09-Jan-13 23:09:15
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: Uilebheist] [link to this post]
 
Thanks for the offer.
I don't think they detect by port though, so it would need to be a real news server - fairly trivial although it's years since I bothered with my own leafnode. I don't think it's really needed though.

Enta have never denied anything in the communications I've had with them - they know what they are doing and I don't think they would try to deny it given I have produced tcpdumps to their own news server showing the issue.
Standard User jrg_uk
(newbie) Fri 22-Mar-13 11:28:41
Print Post

Re: Enta/ukfsn traffic blocking policy.


[re: Uilebheist] [link to this post]
 
(late reply).

there's actually a few clues to look out for, as to RSTs not being legitimate. My top two:

- Does the TTL match with the number of hops, and typical starting TTL values (64,128,255). Any intermediate device issuing them doesn't know what the real TTL value would be
- Do you see a SYN+ACK *and* an RST?

(and, it's possible that it was a misbehaving IDS/IDP device.)
Pages in this thread: 1 | [2] | (show all)   Print Thread

Jump to