Re: Synchronization issues of debian.cs.nycu.edu.tw
Hi,
I'm also not sure why it would fail, but it definitely does seem like
something is filtering the traffic at a packet inspection level.
I've run some traffic dumps while attempting connections in various
ways. Running "ssh" with the wrong username results in a "permission
denied" error, as would be expected, and a small amount of traffic.
Using a non-protocol-aware tool such as telnet or "nc" results in:
16:49:22.206649 enP2p1s0f0 Out IP 140.211.166.200.43766 > 140.113.17.5.22: Flags [S], seq 475671543, win 64240, options [mss 1460,sackOK,TS val 4134193521 ecr 0,nop,wscale 7], length 0
0x0000: 4510 003c 3500 4000 4006 349a 8cd3 a6c8 E..<5.@.@.4.....
0x0010: 8c71 1105 aaf6 0016 1c5a 2bf7 0000 0000 .q.......Z+.....
0x0020: a002 faf0 d140 0000 0204 05b4 0402 080a .....@..........
0x0030: f66a c971 0000 0000 0103 0307 .j.q........
16:49:22.366820 enP2p1s0f0 P IP 140.113.17.5 > 140.211.166.200: ICMP host 140.113.17.5 unreachable - admin prohibited, length 68
0x0000: 45c0 0058 3afa 0000 3001 7dd9 8c71 1105 E..X:...0.}..q..
0x0010: 8cd3 a6c8 030a ce36 0000 0000 4500 003c .......6....E..<
0x0020: 3500 4000 3106 43aa 8cd3 a6c8 8c71 1105 5.@.1.C......q..
0x0030: aaf6 0016 1c5a 2bf7 0000 0000 a002 faf0 .....Z+.........
0x0040: c8c2 0000 0204 05b4 0402 080a f66a c971 .............j.q
0x0050: 0000 0000 0103 0307 ........
Regards,
Adam
On Tue, 2023-10-03 at 18:07 +0800, Shao-Fu Chen wrote:
> Hello,
> I can find two successful login attempts on our server:
> [shfchen@linux ~]$ sudo cat /var/log/secure | grep 140.211.166.217
> Oct 3 00:17:04 linux sshd[10238]: Accepted publickey for debi_adm
> from 140.211.166.217 port 56915 ssh2: RSA
> SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
> Oct 3 02:15:44 linux sshd[10241]: Received disconnect from
> 140.211.166.217 port 56915:11: disconnected by user
> Oct 3 02:15:44 linux sshd[10241]: Disconnected from 140.211.166.217
> port 56915
> Oct 3 16:29:54 linux sshd[22419]: Accepted publickey for debi_adm
> from 140.211.166.217 port 42715 ssh2: RSA
> SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
> P.s. The log timestamp is UTC+8.
> I have no idea why the push attempt would failed.
> Best regards,
> 陳少甫 / Shao-Fu Chen (shfchen)
> 助教 / Teach Assistant
> 國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
> Information Technology Center,
> Department of Computer Science,
> National Yang Ming Chiao Tung University
> Adam D. Barratt 於 2023/10/3 16:47 寫道:
> > On Tue, 2023-10-03 at 07:02 +0100, Adam D. Barratt wrote:
> > > On Mon, 2023-10-02 at 21:24 +0800, Shao-Fu Chen wrote:
> > > > Hello,
> > > > We have already updated the firewall configuration to accept
> > > > the
> > > > two
> > > > IP addresses and sent a response mail back then.
> > > > However, it is sorry that we didn't notice the response mail
> > > > had
> > > > been
> > > > bounced back due to the wrong configurations on our mail
> > > > service.
> > > > I can confirm that 140.211.166.217 can successfully trigger
> > > > pushes
> > > > before September 22nd. If everything is OK, please re-enable
> > > > pushes.
> > > >
> > >
> > > Thanks for confirming.
> > >
> > > I've re-enabled pushes.
> >
> > The first automated push attempt failed:
> >
> > ===
> > bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
> > /bin/sh: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
> > bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
> > Timeout, server debian.cs.nctu.edu.tw not responding.
> > ===
> >
> > Manual attempts to connect to the server also fail currently, but
> > worked yesterday evening:
> >
> > adsb@mirror-osuosl:~$ nc -v debian.cs.nctu.edu.tw 22
> > nc: connect to debian.cs.nctu.edu.tw (140.113.17.5) port 22 (tcp)
> > failed: No route to host
> >
> > An MTR from the same host looks fine. Is it being filtered on your
> > side
> > somewhere?
> >
> > Regards,
> >
> > Adam
> >
Reply to: