DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 21st November 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default Can not connect to a website

Hi,

I notice I can not connect to this website: https://www.apec.fr/ with FireFox. I got this error:
Quote:
The connection has timed out

The server at apec.fr is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer’s network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.
With a old Sparky Linux I can connect to this website.
Any helps is welcome.

Last edited by ripe; 21st November 2019 at 07:13 PM. Reason: apec.fr to https://www.apec.fr/
Reply With Quote
  #2   (View Single Post)  
Old 22nd November 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

At this time of writing:
  • I can resolve the domain name to 91.231.175.100. That address does not respond to pings from here, I cannot establish a TCP connection to port 443, nor port 80, and traceroute(8) ends at 212.73.205.50, which resolves to INTERMEDIAS.edge3.Paris1.Level3.net.
  • https://downforeveryoneorjustme.com/apec.fr says that the server is up, the problem is just me.
  • https://tools.keycdn.com/traceroute testing shows failures to reach the server from 14 locations around the world -- including Paris.
My assumption is the server or its bastion network is using a packet filter, and it happens to use an OS fingerprint filter. PF can do this too, see /etc/pf.os and pf.os(5)

Last edited by jggimi; 22nd November 2019 at 03:49 AM. Reason: added the fingerprint man page
Reply With Quote
  #3   (View Single Post)  
Old 22nd November 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default

Thank you jggimi. I will investigate pf.os man page and /etc/pf.os

Quote:
Originally Posted by jggimi View Post
At this time of writing:
Same as you.
100% packet loss.
traceroute(8) aslo ends at INTERMEDIAS.edge3.Paris1.Level3.net
Reply With Quote
  #4   (View Single Post)  
Old 22nd November 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

I can reach the site with a Windows workstation. So I believe my fingerprint assumption is correct.

I use fingerprint filtering, but only on SSH traffic. I would never use it for a web application.
Reply With Quote
  #5   (View Single Post)  
Old 22nd November 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default

I think too as you think. I will write to the website that I could not connect, hoping they will correct it.
Thank you jggimi.
Reply With Quote
  #6   (View Single Post)  
Old 22nd November 2019
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default

I can connect to https://www.apec.fr/ on FreeBSD 12.0 with Chrome without problem.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #7   (View Single Post)  
Old 22nd November 2019
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

Per OpenBSD's /etc/pf.os, our two OSes have different SYN fingerprints:
Code:
65535:64:1:60:M*,N,W1,N,N,T:    FreeBSD:5.0-5.2::FreeBSD 4.7-5.2
.
.
.
16384:64:1:64:M*,N,N,S,N,W6,N,N,T:      OpenBSD:6.1::OpenBSD 6.1
16384:64:0:64:M*,N,N,S,N,W6,N,N,T:      OpenBSD:6.1:no-df:OpenBSD 6.1 (scrub no-df)
Reply With Quote
  #8   (View Single Post)  
Old 23rd November 2019
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

I'm in Germany and it doesn't work for me either on OpenBSD (Firefox, Iridium, Dillo), whereas it works fine on a family member's iMac running MacOS High Sierra.

The frogs are farting in our (OpenBSD user's) general direction, it would seem.

UPDATE: Either they rectified it, or there's a workaround. After connecting to the site from the iMac I can now also connect from my OpenBSD box. Both machines are behind a NAT-Router FWIW.
Reply With Quote
  #9   (View Single Post)  
Old 24th November 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default

Cool!
For me I can't haha
Reply With Quote
Old 24th November 2019
fvgit's Avatar
fvgit fvgit is offline
Spikes in tights
 
Join Date: May 2016
Location: perl -MMIME::Base64 -le 'print decode_base64("U2hlcndvb2QgRm9yZXN0")'
Posts: 314
Default

The effect seems to be temporary! I just tested it again from my OpenBSD box and I couldn't connect anymore. So I openend the page again from the iMac and, voilá, I could again connect from my OpenBSD machine.

As both machines sit behind a non-OpenBSD NAT router the filtering mechanism at apec.fr apparently doesn't perform any further checks on consecutive connections after a successful attempt from the same src-IP. Perhaps the system doesn't recognize OpenBSD as a "known" OS?

Anyway, the page says "La place des compétences cadres". But it's certainly not "La place des compétences numériques"
Reply With Quote
Old 25th November 2019
ripe's Avatar
ripe ripe is offline
Package Pilot
 
Join Date: Feb 2013
Location: France
Posts: 175
Default


I wrote to them about I can not connect from an OpenBSD 6.6. Waiting to know if there is a update from them

Last edited by ripe; 25th November 2019 at 08:06 AM.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Somebody want to log into my OpenBSD website/server psypro OpenBSD Security 13 23rd December 2016 04:30 PM
A startup website in less than 12h Oko Off-Topic 2 11th March 2016 05:13 PM
blocking a website with pf pawaan General software and network 7 29th October 2013 02:28 AM
Problem with just one website !? Redrobes OpenBSD General 18 7th February 2010 07:11 PM
the website is down ai-danno Off-Topic 2 1st July 2008 11:35 PM


All times are GMT. The time now is 10:31 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick