Monday, March 29, 2010

Test your ISP

The University of California has an excellent tool for testing your ISP. Visit
http://netalyzr.icsi.berkeley.edu/ to test your ISP. My results were as follows:

Result Summary +/– (expand/collapse)
75-141-193-161.dhcp.reno.nv.charter.com / 75.141.193.161
Recorded at 11:32 EDT (15:32 UTC), Mar 29 2010. Permalink. Client/server transcript.

--------------------------------------------------------------------------------

Summary of Noteworthy Events –
Major Abnormalities •Your DNS resolver returns results even when no such server exists
Minor Aberrations •Certain TCP protocols are blocked in outbound traffic
•Network packet buffering may be excessive
•We received unexpected and possibly dangerous results when looking up important names
Major AbnormalitiesMinor Aberrations
Address-based Tests +
NAT detection (?): NAT DetectedYour global IP address is 75.141.193.161 while your local one is 192.168.1.11. You are behind a NAT. Your local address is in unroutable address space.
Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.

TCP ports are not renumbered by the network.
DNS-based host information (?): OKYou are not a Tor exit node for HTTP traffic. You are listed on the Spamhaus Policy Based Blacklist, meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail. The SORBS DUHL believes you are using a statically assigned IP address.
NAT detection (?): NAT Detected DNS-based host information (?): OK Reachability Tests –
TCP connectivity (?): NoteDirect TCP access to remote FTP servers (port 21) is allowed. Direct TCP access to remote SSH servers (port 22) is allowed. Direct TCP access to remote SMTP servers (port 25) is allowed. Direct TCP access to remote DNS servers (port 53) is allowed. Direct TCP access to remote HTTP servers (port 80) is allowed. Direct TCP access to remote POP3 servers (port 110) is allowed. Direct TCP access to remote RPC servers (port 135) is blocked.

This is probably for security reasons, as this protocol is generally not designed for use outside the local network.
Direct TCP access to remote NetBIOS servers (port 139) is blocked.

This is probably for security reasons, as this protocol is generally not designed for use outside the local network.
Direct TCP access to remote IMAP servers (port 143) is allowed. Direct TCP access to remote SNMP servers (port 161) is allowed. Direct TCP access to remote HTTPS servers (port 443) is allowed. Direct TCP access to remote SMB servers (port 445) is blocked.

This is probably for security reasons, as this protocol is generally not designed for use outside the local network.
Direct TCP access to remote SMTP/SSL servers (port 465) is allowed. Direct TCP access to remote secure IMAP servers (port 585) is allowed. Direct TCP access to remote authenticated SMTP servers (port 587) is allowed. Direct TCP access to remote IMAP/SSL servers (port 993) is allowed. Direct TCP access to remote POP/SSL servers (port 995) is allowed. Direct TCP access to remote OpenVPN servers (port 1194) is allowed. Direct TCP access to remote PPTP Control servers (port 1723) is allowed. Direct TCP access to remote SIP servers (port 5060) is allowed. Direct TCP access to remote BitTorrent servers (port 6881) is allowed. Direct TCP access to remote TOR servers (port 9001) is allowed. UDP connectivity (?): OKBasic UDP access is available.

The applet was able to send fragmented UDP traffic.


The applet was able to receive fragmented UDP traffic.
Direct UDP access to remote DNS servers (port 53) is allowed. Direct UDP access to remote OpenVPN servers (port 1194) is allowed. Direct UDP access to remote MSSQL servers (port 1434) is allowed. Path MTU (?): OKThe path between your network and our system supports an MTU of at least 1500 bytes, and the path between our system and your network has an MTU of 1500 bytes.

TCP connectivity (?): Note UDP connectivity (?): OK Path MTU (?): OK
Network Access Link Properties –
Network latency measurements (?): Latency: 89ms Loss: 0.0%The round-trip time (RTT) between your computer and our server is 89 msec, which is good. We recorded no packet loss between your system and our server. TCP connection setup latency (?): 92msThe time it takes your computer to set up a TCP connection with our server is 92 msec, which is good. Network background health measurement (?): no transient outagesDuring most of Netalyzr's execution, the applet continuously measures the state of the network in the background, looking for short outages. During testing, the applet observed no such outages. Network bandwidth measurements (?): Upload 1.1 Mbit/sec, Download 13 Mbit/secYour Uplink: We measured your uplink's sending bandwidth at 1.1 Mbit/sec. This level of bandwidth works well for many users.
During this test, the applet observed 15 reordered packets.
During this test, the applet observed 52 duplicate packets. Your Downlink: We measured your downlink's receiving bandwidth at 13 Mbit/sec. This level of bandwidth works well for many users. Network buffer measurements (?): Uplink 1200 ms, Downlink is goodWe estimate your uplink as having 1200 msec of buffering. This is quite high, and you may experience substantial disruption to your network performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. With such a buffer, real-time applications such as games or audio chat can work quite poorly when conducting large uploads at the same time. We were not able to produce enough traffic to load the downlink buffer, or the downlink buffer is particularly small. You probably have excellent behavior when downloading files and attempting to do other tasks. Network latency measurements (?): Latency: 89ms Loss: 0.0% TCP connection setup latency (?): 92ms Network background health measurement (?): no transient outages Network bandwidth measurements (?): Upload 1.1 Mbit/sec, Download 13 Mbit/sec Network buffer measurements (?): Uplink 1200 ms, Downlink is good
HTTP Tests +
Address-based HTTP proxy detection (?): OKThere is no explicit sign of HTTP proxy use based on IP address. Header-based HTTP proxy detection (?): OKNo HTTP header or content changes hint at the presence of a proxy. HTTP proxy detection via malformed requests (?): OKDeliberately malformed HTTP requests arrive at our server unchanged. Thus, the proxies along your path are able to transparently forward invalid HTTP traffic. Filetype-based filtering (?): OKWe did not detect file-content filtering. HTTP caching behavior (?): OKThere is no suggestion that a transparent HTTP cache exists in your network. JavaScript-based tests (?): OKThe applet was not run from within a frame. Your web browser reports the following cookies for our web page:netAlizEd = BaR (set by our server)netalyzrStatus = running (set by our server)Your web browser was unable to fetch an image using IPv6.
Address-based HTTP proxy detection (?): OK Header-based HTTP proxy detection (?): OK HTTP proxy detection via malformed requests (?): OK Filetype-based filtering (?): OK HTTP caching behavior (?): OK JavaScript-based tests (?): OK DNS Tests –
Restricted domain DNS lookup (?): OKWe are able to successfully lookup a name which resolves to the same IP address as our webserver. This means we are able to conduct many of the tests on your DNS server. Unrestricted domain DNS lookup (?): OKWe are able to successfully lookup arbitrary names from within the Java applet. This means we are able to conduct all test on your DNS server. Direct EDNS support (?): OKEDNS-enabled requests for small responses are answered successfully. EDNS-enabled requests for medium-sized responses are answered successfully. EDNS-enabled requests for large responses are answered successfully. DNS resolver address (?): OKThe IP address of your ISP's DNS Resolver is 24.205.192.62, which resolves to pxy03renonv.reno.nv.charter.com. Additional nameservers observed for your host: 24.205.192.59 DNS resolver properties (?): Lookup latency: 48msYour ISP's DNS resolver requires 48 msec to conduct an external lookup, and 10 msec to lookup an item in the cache. It takes 38 msec for your ISP's DNS resolver to lookup a name on our server. Your resolver correctly uses TCP requests when necessary. Your resolver is using QTYPE=A for default queries. Your resolver is not automatically performing IPv6 queries. Your DNS resolver requests DNSSEC records. Your DNS resolver advertises the ability to accept DNS packets of up to 4096 bytes. Your DNS resolver can successfully receive a smaller (~1400 byte) DNS response. Your DNS resolver can successfully receive a large (>1500 byte) DNS response. Your DNS resolver can successfully accept large responses. Your resolver does not use 0x20 randomization, but will pass names in a case-sensitive manner. Your ISP's DNS resolver respects a TTL of 0 seconds. Your ISP's DNS resolver respects a TTL of 1 seconds. Your NAT has a built in DNS proxy. The DNS request was received from 24.205.192.59 No transport issues were discovered which could affect the deployment of DNSSEC DNS glue policy (?): OKYour ISP's DNS resolver does not accept generic additional (glue) records — good. Your ISP's DNS resolver accepts additional (glue) records for nameservers located in subdomains of the queried domain. Your ISP's DNS resolver does not follow CNAMEs. DNS resolver port randomization (?): OKYour ISP's DNS resolver properly randomizes its local port number.
The following graph shows DNS requests on the x-axis and the detected source ports on the y-axis.
DNS lookups of popular domains (?): Warning2 popular names have a moderate anomaly: we are unable to find a reverse name associated with the IP address provided by your ISP's DNS server, although we expected to find a name. This is most likely due to a slow responding DNS server. If you rerun Netalyzr and see this condition remain, it could be due to a misconfiguration on the part of the domain owner or your DNS server could be misconfigured or enabling a Man-in-the-Middle attack.

Name IP Address Reverse Name/SOA
www.citibank.com 192.193.219.58 X
online.citibank.com 199.67.181.11 X
77 of 77 popular names were resolved successfully. Show all names.
In the following table reverse lookups that failed but for which a Start Of Authority (SOA) entry indicated correct name associations are shown using an "X", followed by the SOA entry. Absence of both IP address and reverse name indicates failed forward lookups. Name IP Address Reverse Name/SOA
www.abbey.co.uk 165.160.13.20 X (pdns1.cscdns.net)
ad.doubleclick.net 74.125.19.148 nuq04s01-in-f148.1e100.net
www.alliance-leicester.co.uk 194.130.105.121 X (alice.ioko365.com)
www.amazon.com 72.21.207.65 X (dns-external-master.amazon.com)
www.bankofamerica.com 171.161.161.173 www.bankofamerica.com
www.bankofscotland.co.uk 195.171.171.21 X (ns0.bt.net)
www.barclays.co.uk 213.219.1.141 X (dns1.lon7.telecityredbus.net)
bit.ly 168.143.174.29 X (ns1.dn.net)
www.capitalone.com 208.80.48.112 X (chia.arin.net)
www.chase.com 159.53.64.105 X (ns1.jpmorganchase.com)
chaseonline.chase.com 159.53.60.54 resources-cdc1.chase.com
www.citi.com 192.193.103.222 citibank.com
www.citimortgage.com 192.193.218.222 citimortgage.com
www.cnn.com 157.166.226.26 www.cnn.com
www.desjardins.com 142.195.132.100 www.desjardins.com
www.deutsche-bank.de 217.73.49.24 www.deutsche-bank.de
www.e-gold.com 209.200.169.10 unknown.prolexic.com
www.ebay.com 66.211.181.11 hp-core.ebay.com
www.etrade.com 198.93.34.21 www.etrade.com
www.facebook.com 69.63.181.12 www-11-01-snc2.facebook.com
www.fdic.gov 192.147.69.84 www.fdic.gov
www.friendfinder.com 208.88.180.81 X (ii53-30.friendfinderinc.com)
www.google.com 66.102.7.99 lax04s01-in-f99.1e100.net
www.halifax.co.uk 212.140.245.97 halifax.co.uk
www.hsbc.co.uk 193.108.74.126 X (ns3.hsbc.com)
www.jpmorganchase.com 159.53.64.105 X (ns1.jpmorganchase.com)
mail.google.com 66.102.7.83 lax04s01-in-f83.1e100.net
mail.live.com 64.4.20.184 dp3.mail.live.com
mail.yahoo.com 66.163.169.186 l1.login.vip.sp1.yahoo.com
www.mbna.com 209.135.59.10 X (ns1.usi.net)
www.mbna.net 209.135.59.10 X (ns1.usi.net)
www.meebo.com 208.81.191.110 X (ns1.meebo.com)
messenger.yahoo.com 68.142.194.14 myc1.msg.vip.mud.yahoo.com
www.microsoft.com 64.4.31.252 wwwbay3vip.microsoft.com
www.nationwide.co.uk 155.131.31.10 www.nationwide.co.uk
www.networksolutions.com 205.178.187.13 www.networksolutions.com
www.newegg.com 216.52.208.185 X (pdns1.ultradns.net)
online.wellsfargo.com 151.151.88.132 percussion-on.wellsfargo.com
www.orange.fr 193.252.148.241 vip1.dyn.hpo.s1.fti.net
partner.googleadservices.com 74.125.19.167 nuq04s01-in-f167.1e100.net
www.paypal.com 64.4.241.49 node-64-4-241-4[...]orks.paypal.com
www.rbs.co.uk 155.136.80.222 X (ns0-08.dns.pipex.net)
www.schwab.com 162.93.206.80 wwwschwab-vip.schwab.com
search.yahoo.com 74.6.146.119 m1.search.vip.sk1.yahoo.com
www.sears.com 96.16.57.99 a96-16-57-99.de[...]echnologies.com
www.secureworks.com 67.107.53.168 67.107.53.168.ptr.us.xo.net
smartzone.comcast.net 76.96.26.12 webmail3.emeryv[...]ail.comcast.net
www.smithbarney.com 192.193.20.126 X (ns.citicorp.com)
www.sterlingsavingsbank.com 12.19.55.215 sterlingsavingsbank.com
www.ticketmaster.com 96.6.228.199 a96-6-228-199.d[...]echnologies.com
tinyurl.com 85.255.210.134 crp2.tinyurl.com
www.torproject.org 38.229.70.16 vescum.torproject.org
us.etrade.com 198.93.34.50 us.etrade.com
www.usbank.com 170.135.216.181 swiftsend.usbank.com
www.verisign.com 65.205.249.60 www.verisign.net
www.wachovia.com 169.200.89.101 X (sls-ns1.wachovia.com)
www.wamu.com 159.53.84.27 X (ns1.jpmorganchase.com)
www.wellsfargo.com 151.151.88.133 percussion-dd.wellsfargo.com
westernunion.com 206.201.228.250 www.wuagentlink.com
windowsupdate.microsoft.com 207.46.225.221 X (msnhst.microsoft.com)
wireless.att.com 135.209.168.22 origin-b2b-al[...]eless.att.com
www.yahoo.com 72.30.2.43 ir1.fp.vip.sk1.yahoo.com
8 popular names have a mild anomaly. The ownership suggested by the reverse name lookup does not match our understanding of the original name. The most likely cause is the site's use of a Content Delivery Network. Show all names.
Name IP Address Reverse Name/SOA
www.bing.com 67.131.38.17 X (dca-ans-01.inet.qwest.net)
www.f-secure.com 67.131.38.35 X (dca-ans-01.inet.qwest.net)
www.irs.gov 67.131.38.25 X (dca-ans-01.inet.qwest.net)
www.lloydstsb.com 141.92.130.226 X (ns0.bt.net)
www.nordea.fi 193.88.186.178 X (ns01.tdchosting.dk)
www.postbank.de 195.50.155.73 X (ns1.arcor-ip.de)
www.trendmicro.com 67.131.38.48 X (dca-ans-01.inet.qwest.net)
www.visa.com 67.148.71.32 67-148-71-32.d[...]atic.qwest.net
5 popular names have a mild anomaly: we are unable to find a reverse name associated with the IP address provided by your ISP's DNS server. This is most likely due to a slow responding DNS server or misconfiguration on the part of the domain owner. Show all names.
Name IP Address Reverse Name/SOA
www.ameritrade.com 204.58.27.105 X
www.bankofthewest.com 204.44.12.103 X
www.careerbuilder.com 208.88.82.22 X
www.sparkasse.de 212.34.69.3 X
www.tdameritrade.com 204.58.27.113 X
DNS external proxy (?): OKYour host ignores external DNS requests. DNS results wildcarding (?): WarningYour ISP's DNS server returns IP addresses even for domain names which should not resolve. Instead of an error, the DNS server returns an address of 64.158.56.56, which does not resolve. You can inspect the resulting HTML content here.

There are several possible explanations for this behavior. The most likely cause is that the ISP is attempting to profit from customer's typos by presenting advertisements in response to bad requests, but it could also be due to an error or misconfiguration in the DNS server.

The big problem with this behavior is that it can potentially break any network application which relies on DNS properly returning an error when a name does not exist.

The following lists your DNS server's behavior in more detail.

•www.{random}.com is mapped to 64.158.56.56.
•www.{random}.org is mapped to 64.158.56.56.
•fubar.{random}.com is mapped to 64.158.56.56.
•www.yahoo.cmo [sic] is mapped to 64.158.56.56.
•nxdomain.{random}.netalyzr.icsi.berkeley.edu is mapped to 64.158.56.56.
Restricted domain DNS lookup (?): OK Unrestricted domain DNS lookup (?): OK Direct EDNS support (?): OK DNS resolver address (?): OK DNS resolver properties (?): Lookup latency: 48ms DNS glue policy (?): OK DNS resolver port randomization (?): OK DNS lookups of popular domains (?): Warning DNS external proxy (?): OK DNS results wildcarding (?): Warning
Host Properties +
System clock accuracy (?): OKYour computer's clock agrees with our server's clock. Browser properties (?): OKThe following parameters are sent by your web browser to all web sites you visit:•User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)•Accept: application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*•Accept Language: en-US•Accept Encoding: gzip, deflate•Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7Java identifies your operating system as Windows 7. Uploaded Data (?): OKThe following additional data was uploaded by the applet: •nxpage•raw_http_content
System clock accuracy (?): OK Browser properties (?): OK Uploaded Data (?): OK Feedback
Please take a moment to tell us about your network. All fields are optional. If you would like to contact us with questions about your results, please contact us with your session ID, or get in touch on the mailing list.

How is your machine connected to the network?
Wireless Wired


Where are you right now?
At home
At work
In a public setting (wifi hotspot, Internet cafe, etc.)
Other (please describe in comments below)

Feel free to leave additional comments below.



Your email address:

No comments: