How can I tell if Comcast is blocking access to an IP? [closed]

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
2
down vote

favorite












I have a site hosted on CentOS 7, part of an A2 Hosting environment. Although I can access my site (http://68.66.205.103/) on my phone and an AT&T ISP, I can't access it from a Comcast ISP or my RCN ISP (which uses Comcast's network). Here's my traceroute



localhost:tmp davea$ traceroute 68.66.205.103
traceroute to 68.66.205.103 (68.66.205.103), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 15.293 ms 6.332 ms 1.234 ms
2 bdl1.lem-cbr2.chi-lem.il.cable.rcn.net (10.48.40.1) 9.922 ms 17.757 ms 12.261 ms
3 216.80.78.71 (216.80.78.71) 10.832 ms 10.550 ms 11.397 ms
4 bdle2.border1.eqnx.il.rcn.net (207.172.15.196) 13.622 ms 23.229 ms
bdle3.border1.eqnx.il.rcn.net (207.172.15.212) 11.654 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *


What's interesting though, is that on my same machine on a Comcast ISP, I can access the site on a TOR Browser, so I don't know if that means the ISP is blocking the remote IP address or there is something else going on. Any advice is appreciated, -







share|improve this question














closed as off-topic by Patrick, Rui F Ribeiro, Archemar, Jesse_b, Jeff Schaller Feb 26 at 1:31



  • This question does not appear to be about Unix or Linux within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.








  • 5




    I'm voting to close this question as off-topic because this is not related to Unix or Linux. I might try serverfault or superuser.
    – Patrick
    Feb 25 at 15:55










  • @Patrick: I opened a question meta, here: meta.stackexchange.com/questions/307356/…
    – user1404316
    Feb 25 at 16:24














up vote
2
down vote

favorite












I have a site hosted on CentOS 7, part of an A2 Hosting environment. Although I can access my site (http://68.66.205.103/) on my phone and an AT&T ISP, I can't access it from a Comcast ISP or my RCN ISP (which uses Comcast's network). Here's my traceroute



localhost:tmp davea$ traceroute 68.66.205.103
traceroute to 68.66.205.103 (68.66.205.103), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 15.293 ms 6.332 ms 1.234 ms
2 bdl1.lem-cbr2.chi-lem.il.cable.rcn.net (10.48.40.1) 9.922 ms 17.757 ms 12.261 ms
3 216.80.78.71 (216.80.78.71) 10.832 ms 10.550 ms 11.397 ms
4 bdle2.border1.eqnx.il.rcn.net (207.172.15.196) 13.622 ms 23.229 ms
bdle3.border1.eqnx.il.rcn.net (207.172.15.212) 11.654 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *


What's interesting though, is that on my same machine on a Comcast ISP, I can access the site on a TOR Browser, so I don't know if that means the ISP is blocking the remote IP address or there is something else going on. Any advice is appreciated, -







share|improve this question














closed as off-topic by Patrick, Rui F Ribeiro, Archemar, Jesse_b, Jeff Schaller Feb 26 at 1:31



  • This question does not appear to be about Unix or Linux within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.








  • 5




    I'm voting to close this question as off-topic because this is not related to Unix or Linux. I might try serverfault or superuser.
    – Patrick
    Feb 25 at 15:55










  • @Patrick: I opened a question meta, here: meta.stackexchange.com/questions/307356/…
    – user1404316
    Feb 25 at 16:24












up vote
2
down vote

favorite









up vote
2
down vote

favorite











I have a site hosted on CentOS 7, part of an A2 Hosting environment. Although I can access my site (http://68.66.205.103/) on my phone and an AT&T ISP, I can't access it from a Comcast ISP or my RCN ISP (which uses Comcast's network). Here's my traceroute



localhost:tmp davea$ traceroute 68.66.205.103
traceroute to 68.66.205.103 (68.66.205.103), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 15.293 ms 6.332 ms 1.234 ms
2 bdl1.lem-cbr2.chi-lem.il.cable.rcn.net (10.48.40.1) 9.922 ms 17.757 ms 12.261 ms
3 216.80.78.71 (216.80.78.71) 10.832 ms 10.550 ms 11.397 ms
4 bdle2.border1.eqnx.il.rcn.net (207.172.15.196) 13.622 ms 23.229 ms
bdle3.border1.eqnx.il.rcn.net (207.172.15.212) 11.654 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *


What's interesting though, is that on my same machine on a Comcast ISP, I can access the site on a TOR Browser, so I don't know if that means the ISP is blocking the remote IP address or there is something else going on. Any advice is appreciated, -







share|improve this question














I have a site hosted on CentOS 7, part of an A2 Hosting environment. Although I can access my site (http://68.66.205.103/) on my phone and an AT&T ISP, I can't access it from a Comcast ISP or my RCN ISP (which uses Comcast's network). Here's my traceroute



localhost:tmp davea$ traceroute 68.66.205.103
traceroute to 68.66.205.103 (68.66.205.103), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 15.293 ms 6.332 ms 1.234 ms
2 bdl1.lem-cbr2.chi-lem.il.cable.rcn.net (10.48.40.1) 9.922 ms 17.757 ms 12.261 ms
3 216.80.78.71 (216.80.78.71) 10.832 ms 10.550 ms 11.397 ms
4 bdle2.border1.eqnx.il.rcn.net (207.172.15.196) 13.622 ms 23.229 ms
bdle3.border1.eqnx.il.rcn.net (207.172.15.212) 11.654 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *


What's interesting though, is that on my same machine on a Comcast ISP, I can access the site on a TOR Browser, so I don't know if that means the ISP is blocking the remote IP address or there is something else going on. Any advice is appreciated, -









share|improve this question













share|improve this question




share|improve this question








edited Feb 25 at 16:42









Rui F Ribeiro

34.9k1269113




34.9k1269113










asked Feb 25 at 15:51









Dave

368827




368827




closed as off-topic by Patrick, Rui F Ribeiro, Archemar, Jesse_b, Jeff Schaller Feb 26 at 1:31



  • This question does not appear to be about Unix or Linux within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.




closed as off-topic by Patrick, Rui F Ribeiro, Archemar, Jesse_b, Jeff Schaller Feb 26 at 1:31



  • This question does not appear to be about Unix or Linux within the scope defined in the help center.
If this question can be reworded to fit the rules in the help center, please edit the question.







  • 5




    I'm voting to close this question as off-topic because this is not related to Unix or Linux. I might try serverfault or superuser.
    – Patrick
    Feb 25 at 15:55










  • @Patrick: I opened a question meta, here: meta.stackexchange.com/questions/307356/…
    – user1404316
    Feb 25 at 16:24












  • 5




    I'm voting to close this question as off-topic because this is not related to Unix or Linux. I might try serverfault or superuser.
    – Patrick
    Feb 25 at 15:55










  • @Patrick: I opened a question meta, here: meta.stackexchange.com/questions/307356/…
    – user1404316
    Feb 25 at 16:24







5




5




I'm voting to close this question as off-topic because this is not related to Unix or Linux. I might try serverfault or superuser.
– Patrick
Feb 25 at 15:55




I'm voting to close this question as off-topic because this is not related to Unix or Linux. I might try serverfault or superuser.
– Patrick
Feb 25 at 15:55












@Patrick: I opened a question meta, here: meta.stackexchange.com/questions/307356/…
– user1404316
Feb 25 at 16:24




@Patrick: I opened a question meta, here: meta.stackexchange.com/questions/307356/…
– user1404316
Feb 25 at 16:24










2 Answers
2






active

oldest

votes

















up vote
2
down vote













Is really Comcast blocking your IP of their own accord? Well, the answer is....complicated.



It is not exactly a decision of Comcast per se.



The IP address of the server you have now has been reported as being part of a BOTNET.



Many organisations all over the world, and even organisations using firewall vendors (namely recent CheckPoint technology) might be blocking full access or certain types of access as a server to that IP address while the server is in malware blacklists (i.e. clients on that networks won't open it).



Comcast is also (in)famous for intercepting at least HTTP requests with (transparent) proxies.



What we can know for sure Comcast is consuming/using one or more blacklists applied to some technology they use to filter out accesses to certain services. They won't probably be the only organisation doing that.



As an example of statics/reports of your IP address in a backlist see (while it is active) http://vxcube.com/tools/ip/68.66.205.103/threat



and also the malware they report they saw activity from your IP address:



MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet



Also in http://vxcube.com/tools/ip/68.66.205.103/graph , selecting the option to see URLs scanned/accessed by your host:



http://68.66.205.103/bins.sh 
http://80.211.225.35/'
http://80.211.225.35/apache2
http://80.211.225.35/banana124.sh
http://80.211.225.35/bash
http://80.211.225.35/cron
http://80.211.225.35/ftp
http://80.211.225.35/ntpd
http://80.211.225.35/openssh
http://80.211.225.35/pftp


Also inserting your IP address in Shodan, it alerted me you are exposing to the Internet dangerous services.



You should not have at least rpcbind exposed to the Internet; it should be firewalled.



$ nmap -sT 68.66.205.103

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-25 18:14 WET
Nmap scan report for 68.66.205.103.static.a2webhosting.com (68.66.205.103)
Host is up (0.14s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind


(Unfortunately, my own ISP prevents me from doing a reliable UDP port scanning operation)



It goes without saying that server should be reinstalled, and the security policy should be reevaluated.



P.S. I changed the question tag for malware.






share|improve this answer





























    up vote
    -1
    down vote













    Running a traceroute won't give you a deterministic answer. To check whether a port is blocked you need to connect to it directly. You can use tcptraceroute or hping to attempt to reach your :.



    # tcptraceroute www.google.com 443
    Running:
    traceroute -T -O info -p 443 www.google.com
    traceroute to www.google.com (216.58.198.164), 30 hops max, 60 byte packets
    ...
    9 108.170.232.97 (108.170.232.97) 10.305 ms 10.775 ms 108.170.232.99 (108.170.232.99) 10.724 ms
    10 lhr25s10-in-f164.1e100.net (216.58.198.164) <syn,ack> 9.316 ms 9.444 ms 11.003 ms


    Or using HPING3:



    # hping3 -V -S -p 443 www.google.co.uk
    using wlp3s0, addr: <ipaddr>, MTU: 1500
    HPING www.google.co.uk (wlp3s0 172.217.23.3): S set, 40 headers + 0 data bytes
    len=46 ip=172.217.23.3 ttl=57 id=54832 sport=443 flags=SA seq=0 win=42780 rtt=31.8 ms
    ...


    The fact that you can access your service over one other ISP and TOR does make it possible that Comcast is indeed blocking access to port 80. A simple test to validate malware based filtering is changing the port into a non-standard value (like 5580 or 9980) and trying again.






    share|improve this answer



























      2 Answers
      2






      active

      oldest

      votes








      2 Answers
      2






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes








      up vote
      2
      down vote













      Is really Comcast blocking your IP of their own accord? Well, the answer is....complicated.



      It is not exactly a decision of Comcast per se.



      The IP address of the server you have now has been reported as being part of a BOTNET.



      Many organisations all over the world, and even organisations using firewall vendors (namely recent CheckPoint technology) might be blocking full access or certain types of access as a server to that IP address while the server is in malware blacklists (i.e. clients on that networks won't open it).



      Comcast is also (in)famous for intercepting at least HTTP requests with (transparent) proxies.



      What we can know for sure Comcast is consuming/using one or more blacklists applied to some technology they use to filter out accesses to certain services. They won't probably be the only organisation doing that.



      As an example of statics/reports of your IP address in a backlist see (while it is active) http://vxcube.com/tools/ip/68.66.205.103/threat



      and also the malware they report they saw activity from your IP address:



      MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet



      Also in http://vxcube.com/tools/ip/68.66.205.103/graph , selecting the option to see URLs scanned/accessed by your host:



      http://68.66.205.103/bins.sh 
      http://80.211.225.35/'
      http://80.211.225.35/apache2
      http://80.211.225.35/banana124.sh
      http://80.211.225.35/bash
      http://80.211.225.35/cron
      http://80.211.225.35/ftp
      http://80.211.225.35/ntpd
      http://80.211.225.35/openssh
      http://80.211.225.35/pftp


      Also inserting your IP address in Shodan, it alerted me you are exposing to the Internet dangerous services.



      You should not have at least rpcbind exposed to the Internet; it should be firewalled.



      $ nmap -sT 68.66.205.103

      Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-25 18:14 WET
      Nmap scan report for 68.66.205.103.static.a2webhosting.com (68.66.205.103)
      Host is up (0.14s latency).
      Not shown: 998 closed ports
      PORT STATE SERVICE
      80/tcp open http
      111/tcp open rpcbind


      (Unfortunately, my own ISP prevents me from doing a reliable UDP port scanning operation)



      It goes without saying that server should be reinstalled, and the security policy should be reevaluated.



      P.S. I changed the question tag for malware.






      share|improve this answer


























        up vote
        2
        down vote













        Is really Comcast blocking your IP of their own accord? Well, the answer is....complicated.



        It is not exactly a decision of Comcast per se.



        The IP address of the server you have now has been reported as being part of a BOTNET.



        Many organisations all over the world, and even organisations using firewall vendors (namely recent CheckPoint technology) might be blocking full access or certain types of access as a server to that IP address while the server is in malware blacklists (i.e. clients on that networks won't open it).



        Comcast is also (in)famous for intercepting at least HTTP requests with (transparent) proxies.



        What we can know for sure Comcast is consuming/using one or more blacklists applied to some technology they use to filter out accesses to certain services. They won't probably be the only organisation doing that.



        As an example of statics/reports of your IP address in a backlist see (while it is active) http://vxcube.com/tools/ip/68.66.205.103/threat



        and also the malware they report they saw activity from your IP address:



        MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet



        Also in http://vxcube.com/tools/ip/68.66.205.103/graph , selecting the option to see URLs scanned/accessed by your host:



        http://68.66.205.103/bins.sh 
        http://80.211.225.35/'
        http://80.211.225.35/apache2
        http://80.211.225.35/banana124.sh
        http://80.211.225.35/bash
        http://80.211.225.35/cron
        http://80.211.225.35/ftp
        http://80.211.225.35/ntpd
        http://80.211.225.35/openssh
        http://80.211.225.35/pftp


        Also inserting your IP address in Shodan, it alerted me you are exposing to the Internet dangerous services.



        You should not have at least rpcbind exposed to the Internet; it should be firewalled.



        $ nmap -sT 68.66.205.103

        Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-25 18:14 WET
        Nmap scan report for 68.66.205.103.static.a2webhosting.com (68.66.205.103)
        Host is up (0.14s latency).
        Not shown: 998 closed ports
        PORT STATE SERVICE
        80/tcp open http
        111/tcp open rpcbind


        (Unfortunately, my own ISP prevents me from doing a reliable UDP port scanning operation)



        It goes without saying that server should be reinstalled, and the security policy should be reevaluated.



        P.S. I changed the question tag for malware.






        share|improve this answer
























          up vote
          2
          down vote










          up vote
          2
          down vote









          Is really Comcast blocking your IP of their own accord? Well, the answer is....complicated.



          It is not exactly a decision of Comcast per se.



          The IP address of the server you have now has been reported as being part of a BOTNET.



          Many organisations all over the world, and even organisations using firewall vendors (namely recent CheckPoint technology) might be blocking full access or certain types of access as a server to that IP address while the server is in malware blacklists (i.e. clients on that networks won't open it).



          Comcast is also (in)famous for intercepting at least HTTP requests with (transparent) proxies.



          What we can know for sure Comcast is consuming/using one or more blacklists applied to some technology they use to filter out accesses to certain services. They won't probably be the only organisation doing that.



          As an example of statics/reports of your IP address in a backlist see (while it is active) http://vxcube.com/tools/ip/68.66.205.103/threat



          and also the malware they report they saw activity from your IP address:



          MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet



          Also in http://vxcube.com/tools/ip/68.66.205.103/graph , selecting the option to see URLs scanned/accessed by your host:



          http://68.66.205.103/bins.sh 
          http://80.211.225.35/'
          http://80.211.225.35/apache2
          http://80.211.225.35/banana124.sh
          http://80.211.225.35/bash
          http://80.211.225.35/cron
          http://80.211.225.35/ftp
          http://80.211.225.35/ntpd
          http://80.211.225.35/openssh
          http://80.211.225.35/pftp


          Also inserting your IP address in Shodan, it alerted me you are exposing to the Internet dangerous services.



          You should not have at least rpcbind exposed to the Internet; it should be firewalled.



          $ nmap -sT 68.66.205.103

          Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-25 18:14 WET
          Nmap scan report for 68.66.205.103.static.a2webhosting.com (68.66.205.103)
          Host is up (0.14s latency).
          Not shown: 998 closed ports
          PORT STATE SERVICE
          80/tcp open http
          111/tcp open rpcbind


          (Unfortunately, my own ISP prevents me from doing a reliable UDP port scanning operation)



          It goes without saying that server should be reinstalled, and the security policy should be reevaluated.



          P.S. I changed the question tag for malware.






          share|improve this answer














          Is really Comcast blocking your IP of their own accord? Well, the answer is....complicated.



          It is not exactly a decision of Comcast per se.



          The IP address of the server you have now has been reported as being part of a BOTNET.



          Many organisations all over the world, and even organisations using firewall vendors (namely recent CheckPoint technology) might be blocking full access or certain types of access as a server to that IP address while the server is in malware blacklists (i.e. clients on that networks won't open it).



          Comcast is also (in)famous for intercepting at least HTTP requests with (transparent) proxies.



          What we can know for sure Comcast is consuming/using one or more blacklists applied to some technology they use to filter out accesses to certain services. They won't probably be the only organisation doing that.



          As an example of statics/reports of your IP address in a backlist see (while it is active) http://vxcube.com/tools/ip/68.66.205.103/threat



          and also the malware they report they saw activity from your IP address:



          MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet



          Also in http://vxcube.com/tools/ip/68.66.205.103/graph , selecting the option to see URLs scanned/accessed by your host:



          http://68.66.205.103/bins.sh 
          http://80.211.225.35/'
          http://80.211.225.35/apache2
          http://80.211.225.35/banana124.sh
          http://80.211.225.35/bash
          http://80.211.225.35/cron
          http://80.211.225.35/ftp
          http://80.211.225.35/ntpd
          http://80.211.225.35/openssh
          http://80.211.225.35/pftp


          Also inserting your IP address in Shodan, it alerted me you are exposing to the Internet dangerous services.



          You should not have at least rpcbind exposed to the Internet; it should be firewalled.



          $ nmap -sT 68.66.205.103

          Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-25 18:14 WET
          Nmap scan report for 68.66.205.103.static.a2webhosting.com (68.66.205.103)
          Host is up (0.14s latency).
          Not shown: 998 closed ports
          PORT STATE SERVICE
          80/tcp open http
          111/tcp open rpcbind


          (Unfortunately, my own ISP prevents me from doing a reliable UDP port scanning operation)



          It goes without saying that server should be reinstalled, and the security policy should be reevaluated.



          P.S. I changed the question tag for malware.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Mar 1 at 13:03

























          answered Feb 25 at 16:42









          Rui F Ribeiro

          34.9k1269113




          34.9k1269113






















              up vote
              -1
              down vote













              Running a traceroute won't give you a deterministic answer. To check whether a port is blocked you need to connect to it directly. You can use tcptraceroute or hping to attempt to reach your :.



              # tcptraceroute www.google.com 443
              Running:
              traceroute -T -O info -p 443 www.google.com
              traceroute to www.google.com (216.58.198.164), 30 hops max, 60 byte packets
              ...
              9 108.170.232.97 (108.170.232.97) 10.305 ms 10.775 ms 108.170.232.99 (108.170.232.99) 10.724 ms
              10 lhr25s10-in-f164.1e100.net (216.58.198.164) <syn,ack> 9.316 ms 9.444 ms 11.003 ms


              Or using HPING3:



              # hping3 -V -S -p 443 www.google.co.uk
              using wlp3s0, addr: <ipaddr>, MTU: 1500
              HPING www.google.co.uk (wlp3s0 172.217.23.3): S set, 40 headers + 0 data bytes
              len=46 ip=172.217.23.3 ttl=57 id=54832 sport=443 flags=SA seq=0 win=42780 rtt=31.8 ms
              ...


              The fact that you can access your service over one other ISP and TOR does make it possible that Comcast is indeed blocking access to port 80. A simple test to validate malware based filtering is changing the port into a non-standard value (like 5580 or 9980) and trying again.






              share|improve this answer
























                up vote
                -1
                down vote













                Running a traceroute won't give you a deterministic answer. To check whether a port is blocked you need to connect to it directly. You can use tcptraceroute or hping to attempt to reach your :.



                # tcptraceroute www.google.com 443
                Running:
                traceroute -T -O info -p 443 www.google.com
                traceroute to www.google.com (216.58.198.164), 30 hops max, 60 byte packets
                ...
                9 108.170.232.97 (108.170.232.97) 10.305 ms 10.775 ms 108.170.232.99 (108.170.232.99) 10.724 ms
                10 lhr25s10-in-f164.1e100.net (216.58.198.164) <syn,ack> 9.316 ms 9.444 ms 11.003 ms


                Or using HPING3:



                # hping3 -V -S -p 443 www.google.co.uk
                using wlp3s0, addr: <ipaddr>, MTU: 1500
                HPING www.google.co.uk (wlp3s0 172.217.23.3): S set, 40 headers + 0 data bytes
                len=46 ip=172.217.23.3 ttl=57 id=54832 sport=443 flags=SA seq=0 win=42780 rtt=31.8 ms
                ...


                The fact that you can access your service over one other ISP and TOR does make it possible that Comcast is indeed blocking access to port 80. A simple test to validate malware based filtering is changing the port into a non-standard value (like 5580 or 9980) and trying again.






                share|improve this answer






















                  up vote
                  -1
                  down vote










                  up vote
                  -1
                  down vote









                  Running a traceroute won't give you a deterministic answer. To check whether a port is blocked you need to connect to it directly. You can use tcptraceroute or hping to attempt to reach your :.



                  # tcptraceroute www.google.com 443
                  Running:
                  traceroute -T -O info -p 443 www.google.com
                  traceroute to www.google.com (216.58.198.164), 30 hops max, 60 byte packets
                  ...
                  9 108.170.232.97 (108.170.232.97) 10.305 ms 10.775 ms 108.170.232.99 (108.170.232.99) 10.724 ms
                  10 lhr25s10-in-f164.1e100.net (216.58.198.164) <syn,ack> 9.316 ms 9.444 ms 11.003 ms


                  Or using HPING3:



                  # hping3 -V -S -p 443 www.google.co.uk
                  using wlp3s0, addr: <ipaddr>, MTU: 1500
                  HPING www.google.co.uk (wlp3s0 172.217.23.3): S set, 40 headers + 0 data bytes
                  len=46 ip=172.217.23.3 ttl=57 id=54832 sport=443 flags=SA seq=0 win=42780 rtt=31.8 ms
                  ...


                  The fact that you can access your service over one other ISP and TOR does make it possible that Comcast is indeed blocking access to port 80. A simple test to validate malware based filtering is changing the port into a non-standard value (like 5580 or 9980) and trying again.






                  share|improve this answer












                  Running a traceroute won't give you a deterministic answer. To check whether a port is blocked you need to connect to it directly. You can use tcptraceroute or hping to attempt to reach your :.



                  # tcptraceroute www.google.com 443
                  Running:
                  traceroute -T -O info -p 443 www.google.com
                  traceroute to www.google.com (216.58.198.164), 30 hops max, 60 byte packets
                  ...
                  9 108.170.232.97 (108.170.232.97) 10.305 ms 10.775 ms 108.170.232.99 (108.170.232.99) 10.724 ms
                  10 lhr25s10-in-f164.1e100.net (216.58.198.164) <syn,ack> 9.316 ms 9.444 ms 11.003 ms


                  Or using HPING3:



                  # hping3 -V -S -p 443 www.google.co.uk
                  using wlp3s0, addr: <ipaddr>, MTU: 1500
                  HPING www.google.co.uk (wlp3s0 172.217.23.3): S set, 40 headers + 0 data bytes
                  len=46 ip=172.217.23.3 ttl=57 id=54832 sport=443 flags=SA seq=0 win=42780 rtt=31.8 ms
                  ...


                  The fact that you can access your service over one other ISP and TOR does make it possible that Comcast is indeed blocking access to port 80. A simple test to validate malware based filtering is changing the port into a non-standard value (like 5580 or 9980) and trying again.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Feb 25 at 17:59









                  Pedro

                  59429




                  59429












                      Popular posts from this blog

                      How to check contact read email or not when send email to Individual?

                      Displaying single band from multi-band raster using QGIS

                      How many registers does an x86_64 CPU actually have?