Can’t get there from here

This is a route leak, plain and simple. Don&#x27;t forget to apply Occam&#x27;s Razor. All of those sites which are &quot;coincidentally&quot; misbehaving are located in the same &#x2F;24.<p>This is what is actually happening. Virgin Media peers with Cogent. Virgin prefers routes from peers over transit. Cogent is turrible at provisioning and filtering, and is a large international transit provider.<p>Let&#x27;s look at the route from Cogent&#x27;s perspective:<p><pre><code> BGP routing table entry for 199.58.210.0&#x2F;24, version 2031309347 Paths: (1 available, best #1, table Default-IP-Routing-Table) 54098 11557 4436 40015 54876 38.122.66.186 (metric 10105011) from 154.54.66.76 (154.54.66.76) Origin incomplete, metric 0, localpref 130, valid, internal, best Community: 174:3092 174:10031 174:20999 174:21001 174:22013 </code></pre> If Cogent was competent at filtering, they&#x27;d never learn a route transiting 4436 via a customer port in the first place, but most likely someone at Lionlink (54098) is leaking from one of their transit providers (Sidera, 11557) to another (Cogent, 174).<p>Also, traffic passing through Switzerland is a red herring -- the poster is using a geoip database to look up where a Cogent router is. GeoIP databases are typically populated by user activity, e.g., mobile devices phoning home to get wifi-based location, credit card txns, etc. None of this traffic comes from a ptp interface address on a core router. GeoIP databases tend to have a resolution of about a &#x2F;24, whereas infrastructure netblocks tend to be chopped up into &#x2F;30s or &#x2F;31s for ptp links and &#x2F;32s for loopbacks, so two adjacent &#x2F;32s could physically be located in wildly different parts of the world. More than likely, that IP address was previously assigned to a customer. The more accurate source of information would be the router&#x27;s hostname, which clearly indicates that it is in London. The handoff between Virgin and Cogent almost certainly happens at Telehouse in the Docklands.<p>If someone were, in fact, trying to intercept your traffic, they could almost certainly do so without you noticing (at least at layer 3.)

Would be interesting to know if you can get to <a href="https://conference.hitb.org/check-status/" rel="nofollow">https:&#x2F;&#x2F;conference.hitb.org&#x2F;check-status&#x2F;</a><p>Partly because it is HTTPS and partly because hack only appears in a url on the page.<p>This might answer if it is the result of the site, or the site content. Like for some reason LionLink is filtering based on the content on the page.

Both websites hitb.org (199.58.210.36) and thc.org (199.58.210.16) have A records part of the Rokabear&#x27;s CIDR 199.58.208.0&#x2F;21 and some IPs in that block are responding as expected i.e. 199.58.208.36 and 199.58.215.36<p>However not a single IP in the range 199.58.210.0&#x2F;24 responds to ICMP or TCP probes. My only guess is this is more likely a faulty or misconfig router.<p><pre><code> # Dirty TCP check nmap -v -Pn -p 80 199.58.210.0&#x2F;24 # Dirty ICMP check (1 means failure, 0 means success) for i in {1..254}; do echo -n &quot;199.58.210.$i &quot;; ping -c2 &quot;199.58.210.$i&quot; &gt;&#x2F;dev&#x2F;null 2&gt;&#x2F;dev&#x2F;null; echo &quot; $?&quot;; done</code></pre>

Cant access any of those sites either, they just time out. Virgin Media UK. Trace for THC: <a href="http://pastebin.com/raw.php?i=qmv3cYse" rel="nofollow">http:&#x2F;&#x2F;pastebin.com&#x2F;raw.php?i=qmv3cYse</a>

Quite a while ago now, there was a period where you couldn&#x27;t get to Stackoverflow on Virgin media. There were some quite long threads in Virgins forums about it, and apparently not all virgin customers were affected! It did eventually resolve itself, but it was very frustrating!<p><a href="http://community.virginmedia.com/t5/Up-to-120Mb-Setup-Equipment/stackoverflow-com/td-p/1722156/page/16" rel="nofollow">http:&#x2F;&#x2F;community.virginmedia.com&#x2F;t5&#x2F;Up-to-120Mb-Setup-Equipm...</a>

Interesting. Are any groups attempting to track odd routings like this? Seems like it would make for a good research project that would garner plenty of publicity.

Thus we see the inevitable result of a culture which encourages internet filters: full on censorship of divergent, but legal, views.

Well that would be pretty serious.<p>He should run that 45 min internet scan through his home network and diff with his work network, get a list of all the sites that have this behavior. Alternatively he could write a script to ping his bookmarks or browser history, that would probably take less time.

We know that routing sometimes takes strange hops - it doesn&#x27;t always mean malicious intent. He says he also can&#x27;t acccess the site of the hosting provider - so my take is, that it might be just a fucked up route somewhere. Happens all the time.

The IP that you&#x27;re trying to reach belongs to a US hosting company, so routing to the US should not be a surprise.