The blame now shifts to VSNL

Monday, June 28, 2004

I am very red faced to admit that my analysis of the Yahoo Groups blockage was flawed. The problem appears to be with VSNL.

What I did was:

~$ sudo tcptraceroute groups.yahoo.com 80 Selected device en1, address 192.168.1.34 for outgoing packets Tracing the path to groups.yahoo.com (66.218.66.240) on TCP port 80 (http), 30 hops max ... 8 core1.delhi.vsnl.net.in (203.200.87.15) 334.212 ms 332.150 ms 335.797 ms 9 202.54.2.253 (202.54.2.253) 331.953 ms 330.886 ms 332.507 ms 10 202.54.2.21 (202.54.2.21) 335.630 ms 335.024 ms 335.579 ms 11 groups1.vip.scd.yahoo.com (66.218.66.240) [open] 334.578 ms 337.981 ms 338.041 ms

From which I erroneously concluded that requests were going through to Yahoo’s network and failing there. I was expecting to see the request dropped abruptly wherever it was blocked, which is why I used tcptraceroute instead of regular traceroute. What I failed to notice was the sudden jump from VSNL’s Class B 202.54.* network to Yahoo’s Class A 66.* network. That’s a very unlikely router configuration.

Guess what? That’s VSNL’s transparent proxy masquerading as groups.yahoo.com. If you have the means, use an SSH tunnel. VSNL’s proxy has given me major grief in the past and I doubt it’s any better now.

PS:

gromhellscream, you may now say “I told you so!”

balaji — Jun 28, 2004 8:00:12 PM — # ↩

this is what my traceroute shows. (BSNL DIAS)

+++++++++++++++++++++++++++++++++++++++
...
4 27 ms 27 ms 27 ms bgl1all-a.sancharnet.in [61.0.239.16]
5 45 ms 44 ms 43 ms 61.0.229.102
6 69 ms 69 ms 69 ms 203.199.77.66
7 201 ms 235 ms 79 ms 203.197.33.134
+++++++++++++++++++++++++++++++++++++++

and the message is the same "gateway timeout".

and
+++++++++++++++++++++++++++++++++++++++

telnet eu.freenode.net irc
Trying 212.204.214.114...
telnet: connect to address 212.204.214.114: Connection refused
telnet: connect to address 213.92.8.4: Connection refused
telnet: connect to address 62.116.33.74: Connection refused
telnet: connect to address 81.209.176.2: Connection refused
telnet: connect to address 82.96.64.2: Connection refused
telnet: connect to address 82.138.76.67: Connection timed out
telnet: connect to address 82.182.103.109: Connection timed out
telnet: connect to address 130.239.18.172: Connection refused
telnet: connect to address 134.102.206.163: Connection timed out
telnet: Unable to connect to remote host: Connection refused
+++++++++++++++++++++++++++++++++++++++

and I guess irc is in-accessible since last friday.

-balaji
- Kiran Jonnalagadda — Jun 29, 2004 12:58:10 AM — # ↩
  
  You should telnet to port 6667, maybe?
  - balaji — Jun 29, 2004 3:55:32 AM — # ↩
    
    will post in the evening.
    
    -balaji
- kingsly — Jun 29, 2004 6:22:54 AM — # ↩
  
  I've been on freenode multiple times since last friday... and i'm on DIAS... infact I'm on IRC right now!
  
  But the yahoo groups issue is present .. groups.yahoo.com is blocked... in.groups.yahoo.com isn't.
  - Kiran Jonnalagadda — Jun 29, 2004 6:28:13 AM — # ↩
    
    Touchtel says they've blocked the 6660 series because someone was using it to attack their servers.
    - kingsly — Jun 29, 2004 6:39:28 AM — # ↩
      
      Someone needs to explain to these people about inbound/outbound traffic and how to apply rules on them.
      
      Pacific Internet blocks incoming connections on port 22 on their dialup pool... and it was such a pain to explain to them about the block... they stuck to standard line of we are not filtering any traffic(not just the phonebots.. even their so called network admin couldn't understand)... it was easier for me to run ssh on a different port on my box.
teemus — Jun 29, 2004 12:05:54 AM — # ↩

Yahoo Groups India...
Noticed that http://in.groups.yahoo.com/ seems to be working fine.
However, http://groups.yahoo.com/ gives a Gateway timeout out here too.
gromhellscream — Jun 29, 2004 1:19:01 AM — # ↩

will skip the i told you so part:)..but this is sad..i thought vsnl had stopped blocking groups..now it seems they are upto their old censorship tricks again..the lozers...

**sigh** somebody must explain to them that censorship doesn't work..and blocking a whole website because of one group..is absurd..
- Kiran Jonnalagadda — Jun 29, 2004 1:52:55 AM — # ↩
  
  They're not just blocking their users, but other ISPs who take bandwidth from them.
  - gromhellscream — Jun 29, 2004 2:53:50 AM — # ↩
    
    hmm but bharti doesnt take bandwidth from vsnl right? they have their own links from what i understand...
    - Kiran Jonnalagadda — Jun 29, 2004 3:05:34 AM — # ↩
      
      Traceroute shows a link to VSNL in Delhi. achitnis says same case with Reliance too.
    - kingsly — Jun 29, 2004 6:29:48 AM — # ↩
      
      Maybe they use them for sites hosted on VSNL...
      
      Tried a traceroute to my BSNL DIAS box from a Touchtel DSL machine ... and the traceroute showed the traffic going via singapore... SFO - NYC - LHR etc... that's the closest I'd ever get to seeing "round trip" times on the internet! ;-)
  - achitnis — Jun 29, 2004 7:49:12 AM — # ↩
    
    I got giggly news for you - VSNL isn't blocking groups - they just f'd up. Yahoo knows about it, but unless they can get some lethargic meathead at VSNL to wake up to undo the SNAFU, this wont get fixed.
    
    Also - the "babu" who originally gave the "block" order for groups.yahoo.com has been transferred, and the government he was trying to "protect" is no longer in power.
    
    Sorry, can't give you more details, but remember the old saying - don't assume malice where something can be completely explained by utter and complete stupidity.