[SATLUG] gvtc ssl connections

Greg Swift gregswift at gmail.com
Sun Jan 15 15:34:54 CST 2012


they blocked port 80 inbound to the customers.  Infact I specifically setup
the original rules blocking inbound port 0-1024 a very long time ago.  I'm
sure the rules have been adjusted a bit since them, but we did not block
anything from a customer outbound.  I recently addressed this possibility
with their last network engineer (a former co-worker so I'd hope he was
being straight with me) because of my irc connectivity issue and he said
they weren't blocking any outbound ports.

You can request that a technician come out with a laptop and test.  This
provides you with the "see even your laptop has the problem" capability.

-greg

On Sun, Jan 15, 2012 at 01:00, mark <mark at kandm-solutions.com> wrote:

> yeah It seems less ssl directly related and more related to less common
> ports. In the past GVTC has mainly just blocked web servers(port80) and
> mail servers for their internet customers. I don't know what is going on
> with them now. I had been wondering about their packet inspection
> activities and also whether they're doing some kind of transparent
> proxy. I don't have alot of issues getting to the aces log in screen,
> its during and after the log in process where issues come in. I plugged
> directly into the wall to eliminate any configuration issues with my
> router and other networking configurations. The issues are still there
> when plugged directly into the wall and having the 69. address on a
> laptop so I know it is nothing on my end. I may give them another day to
> straighten it out, but classes start on the 17th and I need my class
> pages to work right. I'll be giving them another, this time not so
> pleasant call on Monday if I still can't access sites I need. I am still
> having issues getting to Bank of America also. There main page usually
> loads ok, but when I try to go to the sign in page it falls apart.
>
> On Sat, 2012-01-14 at 23:42 -0600, Greg Swift wrote:
> > also, able to get to aces login screen, but unable to authenticate as i
> > have no account.  So did quick port scan:
> >
> > [root at ehnintre ~]# nmap -P0 -p443,8008,8080,8443 aces.alamo.edu
> >
> > Starting Nmap 5.51 ( http://nmap.org ) at 2012-01-14 23:39 CST
> > Nmap scan report for aces.alamo.edu (209.184.119.202)
> > Host is up (0.0048s latency).
> > PORT     STATE    SERVICE
> > 443/tcp  open     https
> > 8008/tcp open     http
> > 8080/tcp filtered http-proxy
> > 8443/tcp filtered https-alt
> >
> > Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds
> >
> > If GVTC is bthe ones filtering the other ports and you need those for
> > access, then there ya go...
> >
> > 8008 is their tomcat server but its not ssl.. usually tomcat ssl is 8443,
> > which was filtered.
> >
> > http://aces.alamo.edu:8008/ (alamo.edu needs to turn off their default
> page)
> >
> > -greg
> >
> >
> > On Sat, Jan 14, 2012 at 23:29, Greg Swift <gregswift at gmail.com> wrote:
> >
> > > Not that I don't have my own problem with the service (I still can't
> > > connect to IRC) but I just checked, and it appears your IP (love email
> > > headers) is 69.166.70.132.  Mine is 69.166.87.75.  Different subnets..
> but
> > > based on a traceroute we have the same gateway router.  so there is the
> > > possibility that your area has a misconfiguration, but unless they've
> > > gotten extremely advanced with their packet inspection... there might
> be
> > > other causes.  I can get to bank of america's ssl site without any
> issue,
> > > and all the ssl sites I goto on a regular basis are fine.
> > >
> > > -greg
> > >
> > >
> > > On Sat, Jan 14, 2012 at 23:06, mark <mark at kandm-solutions.com> wrote:
> > >
> > >> I was wrong. It it has reverted back to it's prior state. My browser
> has
> > >> timed out applying for jobs, viewing class pages and trying to access
> my
> > >> bank site. GVTC seems to be having a lot of problems lately. This is
> the
> > >> second time in a couple of months that our ability to perform routine
> > >> and necessary activities have been prevented by service failures on
> > >> GVTC's part. Last time I let it slide and I was able to perform needed
> > >> tasks by replacing GVTC's DNS servers with substitutes, but this time
> I
> > >> think a credit is due and I intend to request one.
> > >>
> > >> I had to disable ssl in my email client to send this messages
> > >>
> > >>
> > >>
> > >> --
> > >> _______________________________________________
> > >> SATLUG mailing list
> > >> SATLUG at satlug.org
> > >> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> > >> Powered by Rackspace (www.rackspace.com)
> > >>
> > >
> > >
>
>
> --
> _______________________________________________
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
>


More information about the SATLUG mailing list