[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Synchronization issues of debian.cs.nycu.edu.tw



Hi,

I found that the source IP in your tcpdump is 140.211.166.200, which is not the configured whitelisted IP "140.211.166.217"
to access our server's SSH port. Therefore, the traffic is blocked from the firewall.

I don't know whether the outgoing IP from the syncing server would be different base on different circumstances.
If that is true, adding other IP addresses may solve this issues.

Best regards,
陳少甫 / Shao-Fu Chen (shfchen)
助教 / Teach Assistant
國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
Information Technology Center,
Department of Computer Science,
National Yang Ming Chiao Tung University

Adam D. Barratt 於 2023/10/5 01:01 寫道:
Hi,

I'm also not sure why it would fail, but it definitely does seem like
something is filtering the traffic at a packet inspection level.

I've run some traffic dumps while attempting connections in various
ways. Running "ssh" with the wrong username results in a "permission
denied" error, as would be expected, and a small amount of traffic.
Using a non-protocol-aware tool such as telnet or "nc" results in:

16:49:22.206649 enP2p1s0f0 Out IP 140.211.166.200.43766 > 140.113.17.5.22: Flags [S], seq 475671543, win 64240, options [mss 1460,sackOK,TS val 4134193521 ecr 0,nop,wscale 7], length 0
	0x0000:  4510 003c 3500 4000 4006 349a 8cd3 a6c8  E..<5.@.@.4.....
	0x0010:  8c71 1105 aaf6 0016 1c5a 2bf7 0000 0000  .q.......Z+.....
	0x0020:  a002 faf0 d140 0000 0204 05b4 0402 080a  .....@..........
	0x0030:  f66a c971 0000 0000 0103 0307            .j.q........
16:49:22.366820 enP2p1s0f0 P   IP 140.113.17.5 > 140.211.166.200: ICMP host 140.113.17.5 unreachable - admin prohibited, length 68
	0x0000:  45c0 0058 3afa 0000 3001 7dd9 8c71 1105  E..X:...0.}..q..
	0x0010:  8cd3 a6c8 030a ce36 0000 0000 4500 003c  .......6....E..<
	0x0020:  3500 4000 3106 43aa 8cd3 a6c8 8c71 1105  5.@.1.C......q..
	0x0030:  aaf6 0016 1c5a 2bf7 0000 0000 a002 faf0  .....Z+.........
	0x0040:  c8c2 0000 0204 05b4 0402 080a f66a c971  .............j.q
	0x0050:  0000 0000 0103 0307                      ........

Regards,

Adam


On Tue, 2023-10-03 at 18:07 +0800, Shao-Fu Chen wrote:
Hello,
I can find two successful login attempts on our server:
[shfchen@linux ~]$ sudo cat /var/log/secure | grep 140.211.166.217
Oct  3 00:17:04 linux sshd[10238]: Accepted publickey for debi_adm
from 140.211.166.217 port 56915 ssh2: RSA
SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
Oct  3 02:15:44 linux sshd[10241]: Received disconnect from
140.211.166.217 port 56915:11: disconnected by user
Oct  3 02:15:44 linux sshd[10241]: Disconnected from 140.211.166.217
port 56915
Oct  3 16:29:54 linux sshd[22419]: Accepted publickey for debi_adm
from 140.211.166.217 port 42715 ssh2: RSA
SHA256:VzG9tNbWoaaqqsjrW9e6NzlhgIcwz8ZlVkc76fR1q2Y
P.s. The log timestamp is UTC+8.
I have no idea why the push attempt would failed.
Best regards,
陳少甫 / Shao-Fu Chen (shfchen)
助教 / Teach Assistant
國立陽明交通大學 資訊工程學系資訊中心 (NYCU CS IT Center)
Information Technology Center,
Department of Computer Science,
National Yang Ming Chiao Tung University
Adam D. Barratt 於 2023/10/3 16:47 寫道:
On Tue, 2023-10-03 at 07:02 +0100, Adam D. Barratt wrote:
On Mon, 2023-10-02 at 21:24 +0800, Shao-Fu Chen wrote:
Hello,
We have already updated the firewall configuration to accept
the
two
IP addresses and sent a response mail back then. 
However, it is sorry that we didn't notice the response mail
had
been
bounced back due to the wrong configurations on our mail
service.
I can confirm that 140.211.166.217 can successfully trigger
pushes
before September 22nd. If everything is OK, please re-enable
pushes.

Thanks for confirming.

I've re-enabled pushes.
The first automated push attempt failed:

===
bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
/bin/sh: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
bash: warning: setlocale: LC_ALL: cannot change locale (C.UTF-8)
Timeout, server debian.cs.nctu.edu.tw not responding.
===

Manual attempts to connect to the server also fail currently, but
worked yesterday evening:

adsb@mirror-osuosl:~$ nc -v debian.cs.nctu.edu.tw 22
nc: connect to debian.cs.nctu.edu.tw (140.113.17.5) port 22 (tcp)
failed: No route to host

An MTR from the same host looks fine. Is it being filtered on your
side
somewhere?

Regards,

Adam


Attachment: OpenPGP_0xD7113DB145945352.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature


Reply to: