Plusnet Firewall won't stay off
I'm sure I haven't missed it, but I don't remember anything being said about the current state of the Plusnet "Broadband Firewall" !
Quote from: Bob Assuming the OP is posting from their Plusnet line then their router is acting as an open resolver...
Seems I might be guilty of a little scaremongering here (sorry!)
Using the same terminal window and the same EE connection, my own static IP is returning similar results, and I know with certainty that my circuit's not open to attack
Quote from: avatastic I'm not getting it from my PN or work connection either.
I suspect EE is intercepting DNS requests rather than there being an open resolver.
Nope, don't think that's it because now I'm on my home network (Plusnet), the same thing happens from here. It's also the same with a Vodafone connection.
I think it's something to do with how I'm performing the lookup.
I was using Android Terminal Emulator/Busybox on a pair of Android devices, and even now, I can seemingly carry out a lookup against any IP of my choosing and I get a response!
I'm probably missing something obvious or I'm overlooking a nuance of nslookup in a *nix environment. I was going to try from my Raspberry Pi but it has a problem with apt at the moment that I'm struggling to solve and I don't have the necessary packages installed.
Anyway, using a Windows command line, mcoops82's connection looks to be OK, and it's actually refusing DNS requests as others have observed:
C:\Windows\System32>nslookup google.com 31.185.xxx.xxx
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 31.185.248.237
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out
Apologies for the confusion/giving people the run-around.
Off topic, but if anyone's an explanation around why I'm seeing what I'm seeing with the Android Terminal emulator then feel free to educate me
Quote from: Bob I was using Android Terminal Emulator/Busybox on a pair of Android devices, and even now, I can seemingly carry out a lookup against any IP of my choosing and I get a response!
I'm probably missing something obvious or I'm overlooking a nuance of nslookup in a *nix environment. I was going to try from my Raspberry Pi but it has a problem with apt at the moment that I'm struggling to solve and I don't have the necessary packages installed.
Fixed the Pi and it doesn't exhibit the same problem so colour me confused!
pi@raspbmc:~$ nslookup google.com 31.185.xxx.xxx
;; connection timed out; no servers could be reached
Quote from: purleigh @'Bob Pullen' when you did the DNS tests just now, did you check whether 'mcoops82' was still on the same IP address ?
No, they had the same address around noon today though. It's kind of irrelevant though, using the Android terminal I seem to be able to get an apparent DNS response from *any* IP I try, mine included. I'm really not sure why it's behaving like that but I'll not make the same mistake again
Quote from: Bob Fixed the Pi and it doesn't exhibit the same problem so colour me confused!
I suspect that the Pi was using busybox before you fixed it, and this is a problem with busybox, possibly falling back to /etc/resolv.conf if it can't reach the desired server.
Do a wireshark and get back to us
Quote from: avatastic Do a wireshark and get back to us
Brilliant !
Quote from: avatastic Do a wireshark and get back to us
I may just do this, to satisfy my curiosity. I've a packet sniffer installed on one of my Android devices so it shouldn't prove too tricky.
Edit:
Quote from: purleigh @'Bob Pullen' - can you explain what are the conditions under which the Plusnet network team override the customer's 'Broadband Firewall' setting ?
I couldn't provide you an exhaustive list. Running an open resolver is one instance, however we've already ruled that out. It does seem odd that there's no human intervention. It's either an automated housekeeping process that I'm unaware of, or it's an issue at the development layer.
Quote from: purleigh What can 'mcoops82' do to identify and eliminate this "untoward" network activity ?
I've escalated a ticket to our Network Operations Team to see if they can offer any clarification.