Weird networking problem on home net access to CMU

[Predrag Punosevac]

Robert MacLachlan <robmacl at cmu.edu> wrote:

> I have verizon FIOS and having this weird problem where I can access
> anything in the entire world except the CMU and auton nets.  Is there
> any technical way to diagnose where the problem is, i.e. am I some how
> blocked off of the CMU net by CMU, or is there some choke point in the
> Verizon net, or what?
> 
> Does CMU have an IP address blocklist?
> 
> I am connecting by tethering to my phone (T-moble) which has no
> problem, but this is of course slow.  The problem started this week,
> was there on monday, then stopped for a while and came back maybe
> thursday.  At first I thought that the CMU net was actually down.
> 
>   Rob

Hi Rob,

I have seen and experienced this first hand myself few years ago with
Armstrong cable as my ISP. I went to a great deal of network
troubleshooting (lot of traceroute, dig, tcpdump, taking to CMU network
guys including off site) without getting conclusive evidence pointing to
any particular reason.

For starters you can try to traceroute www.cmu.edu from your machine as
well as from one of content global delivery networks. 

https://tools.keycdn.com/traceroute

You will need to use dig and whois to convert all those IP addresses to
domain names and legal entities.  I can see that at this very moment CMU
network is not reachable from Miami and San Francisco servers.
Unfortunately the breaking points are hidden. You might be surprise to
find out that CMU uses mixture of ISP (Cogent, XO, and KINBER). These
are not normal IPS.  More surprisingly is that a working traceroute will
often show you that signal between your home and CMU goes through
Virginia (NSA). Yap that is right. CMU also uses Managed DNS
authoritative servers which they outsourced few years ago to a company
(I forgot the name but it is one of those companies managing DNS for
Pentagon and alike). At some point I remember finding one of their DNS
servers located in New York misconfigured (of course they denied that).

Anyhow in my experience your problem will eventually magically disappear
and they have nothing to do with FIOS.

Oh and yes CMU does have a black list of IP addresses that they are
blocking. They actually block entire blocks of IP addresses. In your
case the reason for loss of connection could have been simply the fact
that you got a new IP address (dhcp lease) on Monday from your ISP. That
IP address could have been from a block of IP addressed which is
currently being blocked by CMU guys for whatever reason (used recently
for example for DoS attack by an adversarial foreign nation state). The
blocking is typically temporary as those addresses are assigned to U.S.
consumers but might have been temporary high-jacked for an attack. No
Russians or Serbs for that matter don't use their IP addresses for
attach on US just like US agencies do not US addresses to attack Iran
for example. The first step is always taking control of large number of
personal computers from all over the world from incompetent Internet
Service Providers and their even more incompetent users and then staging
massive dynamical attack where machines who are attacking you appear
from nowhere and everywhere. 

Sorry I could not be of more help but I hope you had fun reading this.

Predrag