[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Websurfing trouble to .gov and .il.us

On Mon, 12 Mar 2018 17:44:47 -0000, Sam Kretchmer said:

> I am part of a small ISP based in Chicago. We have several clients
> complaining of an inability to hit a couple specific government websites,
> specifically http://tierii.iema.state.il.us/TIER2MANAGER/Account/Login.aspx and
> https://www.deadiversion.usdoj.gov/. It does seem to be related to the IP's
> they use, specifically parts of 213.159.132/22

First thing that comes to mind:  Fire up wireshark and
see if anything pops out.

Second thing: PMTU black hole or similar - the 3 packet handshake
completes, and TLS fires up, and then comes to a screeching halt
when something large causes a MTU-sized packet to happen.

Double-check the pages, make sure they aren't doing something
squirrelly like fetching CSS from some *other* site that's down
or PMTU black holed.

Oh, and 519 lashes with a wet noodle for the IL state division of IT
for having a Login.aspx on an http: site. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20180313/73d64e5b/attachment.sig>