Re: Synchronization issues of debian.cs.nycu.edu.tw

[Shao-Fu Chen <shfchen@it.cs.nycu.edu.tw>]

Hi,

I found that the source IP in your tcpdump is 140.211.166.200, which is not the configured whitelisted IP "140.211.166.217"
to access our server's SSH port. Therefore, the traffic is blocked from the firewall.

I don't know whether the outgoing IP from the syncing server would be different base on different circumstances.
If that is true, adding other IP addresses may solve this issues.

Best regards,
陳少甫 / Shao-Fu Chen (shfchen)
助教 / Teach Assistant
國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
Information Technology Center,
Department of Computer Science,
National Yang Ming Chiao Tung University

Adam D. Barratt 於 2023/10/5 01:01 寫道:

> Hi,
>
> I'm also not sure why it would fail, but it definitely does seem like
> something is filtering the traffic at a packet inspection level.
>
> I've run some traffic dumps while attempting connections in various
> ways. Running "ssh" with the wrong username results in a "permission
> denied" error, as would be expected, and a small amount of traffic.
> Using a non-protocol-aware tool such as telnet or "nc" results in:
>
> 16:49:22.206649 enP2p1s0f0 Out IP 140.211.166.200.43766 > 140.113.17.5.22: Flags [S], seq 475671543, win 64240, options [mss 1460,sackOK,TS val 4134193521 ecr 0,nop,wscale 7], length 0
> 	0x0000:  4510 003c 3500 4000 4006 349a 8cd3 a6c8  E..<5.@.@.4.....
> 	0x0010:  8c71 1105 aaf6 0016 1c5a 2bf7 0000 0000  .q.......Z+.....
> 	0x0020:  a002 faf0 d140 0000 0204 05b4 0402 080a  .....@..........
> 	0x0030:  f66a c971 0000 0000 0103 0307            .j.q........
> 16:49:22.366820 enP2p1s0f0 P   IP 140.113.17.5 > 140.211.166.200: ICMP host 140.113.17.5 unreachable - admin prohibited, length 68
> 	0x0000:  45c0 0058 3afa 0000 3001 7dd9 8c71 1105  E..X:...0.}..q..
> 	0x0010:  8cd3 a6c8 030a ce36 0000 0000 4500 003c  .......6....E..<
> 	0x0020:  3500 4000 3106 43aa 8cd3 a6c8 8c71 1105  5.@.1.C......q..
> 	0x0030:  aaf6 0016 1c5a 2bf7 0000 0000 a002 faf0  .....Z+.........
> 	0x0040:  c8c2 0000 0204 05b4 0402 080a f66a c971  .............j.q
> 	0x0050:  0000 0000 0103 0307                      ........
>
> Regards,
>
> Adam
>
>
> On Tue, 2023-10-03 at 18:07 +0800, Shao-Fu Chen wrote:
> > Hello,
> > I can find two successful login attempts on our server:
> > [shfchen@linux ~]$ sudo cat /var/log/secure | grep 140.211.166.217
> > Oct  3 00:17:04 linux sshd[10238]: Accepted publickey for debi_adm
> > from 140.211.166.217 port 56915 ssh2: RSA
> > SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
> > Oct  3 02:15:44 linux sshd[10241]: Received disconnect from
> > 140.211.166.217 port 56915:11: disconnected by user
> > Oct  3 02:15:44 linux sshd[10241]: Disconnected from 140.211.166.217
> > port 56915
> > Oct  3 16:29:54 linux sshd[22419]: Accepted publickey for debi_adm
> > from 140.211.166.217 port 42715 ssh2: RSA
> > SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
> > P.s. The log timestamp is UTC+8.
> > I have no idea why the push attempt would failed.
> > Best regards,
> > 陳少甫 / Shao-Fu Chen (shfchen)
> > 助教 / Teach Assistant
> > 國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
> > Information Technology Center,
> > Department of Computer Science,
> > National Yang Ming Chiao Tung University
> > Adam D. Barratt 於 2023/10/3 16:47 寫道:
> > > On Tue, 2023-10-03 at 07:02 +0100, Adam D. Barratt wrote:
> > > > On Mon, 2023-10-02 at 21:24 +0800, Shao-Fu Chen wrote:
> > > > > Hello,
> > > > > We have already updated the firewall configuration to accept
> > > > > the
> > > > > two
> > > > > IP addresses and sent a response mail back then. 
> > > > > However, it is sorry that we didn't notice the response mail
> > > > > had
> > > > > been
> > > > > bounced back due to the wrong configurations on our mail
> > > > > service.
> > > > > I can confirm that 140.211.166.217 can successfully trigger
> > > > > pushes
> > > > > before September 22nd. If everything is OK, please re-enable
> > > > > pushes.
> > > > >
> > > > >             
> > > > Thanks for confirming.
> > > >
> > > > I've re-enabled pushes.
> > > >           
> > > The first automated push attempt failed:
> > >
> > > ===
> > > bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
> > > /bin/sh: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
> > > bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
> > > Timeout, server debian.cs.nctu.edu.tw not responding.
> > > ===
> > >
> > > Manual attempts to connect to the server also fail currently, but
> > > worked yesterday evening:
> > >
> > > adsb@mirror-osuosl:~$ nc -v debian.cs.nctu.edu.tw 22
> > > nc: connect to debian.cs.nctu.edu.tw (140.113.17.5) port 22 (tcp)
> > > failed: No route to host
> > >
> > > An MTR from the same host looks fine. Is it being filtered on your
> > > side
> > > somewhere?
> > >
> > > Regards,
> > >
> > > Adam
> > >
> > >         
> >       
>
>

Attachment: OpenPGP_0xD7113DB145945352.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature