ssr
06-04-2012, 07:30
The ICSI Netalyzr
Start » Analysis » Results
Result Summary + – (help)
cpc3-midd16-2-0-cust2.11-1.cable.virginmedia.com / 86.24.154.3
Recorded at 02:19 EDT (06:19 UTC), Apr 06 2012. Permalink. Referrer. Client/server transcript.
Summary of Noteworthy Events + –
Major Abnormalities –
Your DNS resolver returns IP addresses for names that do not exist
Minor Aberrations –
Certain UDP protocols are blocked in outbound traffic
The network blocks some or all EDNS replies
Not all DNS types were correctly processed
Your computer's clock is slightly fast
Address-based Tests + –
NAT detection (?): NAT Detected +
Local Network Interfaces (?): OK +
DNS-based host information (?): OK +
NAT support for Universal Plug and Play (UPnP) (?): Yes +
Reachability Tests + –
TCP connectivity (?): Failed to complete +
UDP connectivity (?): Note –
Basic UDP access is available.
The applet was able to send fragmented UDP traffic.
The applet was able to receive fragmented UDP traffic.
Direct UDP access to remote DNS servers (port 53) is blocked.
The network you are using appears to enforce the use of a local DNS resolver.
Direct UDP access to remote NTP servers (port 123) is allowed.
Direct UDP access to remote NetBIOS NS servers (port 137) is blocked.
Direct UDP access to remote NetBIOS DGM servers (port 138) is blocked.
Direct UDP access to remote IKE key exchange servers (port 500) is allowed.
Direct UDP access to remote OpenVPN servers (port 1194) is allowed.
Direct UDP access to remote Slammer servers (port 1434) is allowed.
Direct UDP access to remote L2 tunneling servers (port 1701) is allowed.
Direct UDP access to remote IPSec NAT servers (port 4500) is allowed.
Direct UDP access to remote RTP servers (port 5004) is allowed.
Direct UDP access to remote RTCP servers (port 5005) is allowed.
Direct UDP access to remote SIP servers (port 5060) is allowed.
Direct UDP access to remote VoIP servers (port 7078) is allowed.
Direct UDP access to remote VoIP servers (port 7082) is allowed.
Direct UDP access to remote SCTP servers (port 9899) is allowed.
Direct UDP access to remote Steam gaming servers (port 27005) is allowed.
Direct UDP access to remote Steam gaming servers (port 27015) is allowed.
Traceroute (?): OK +
Path MTU (?): OK +
Network Access Link Properties + –
Network latency measurements (?): Latency: 96ms Loss: 0.0% +
TCP connection setup latency (?): 100ms +
Network background health measurement (?): no transient outages +
Network bandwidth (?): Upload 3.1 Mbit/sec, Download 5.3 Mbit/sec +
Network buffer measurements (?): Uplink 240 ms, Downlink is good +
HTTP Tests + –
Address-based HTTP proxy detection (?): OK +
Content-based HTTP proxy detection (?): OK +
HTTP proxy detection via malformed requests (?): OK +
Filetype-based filtering (?): OK +
HTTP caching behavior (?): OK +
JavaScript-based tests (?): OK +
DNS Tests + –
Restricted domain DNS lookup (?): OK +
Unrestricted domain DNS lookup (?): OK +
Direct DNS support (?): Not executed +
Direct EDNS support (?): Note –
EDNS-enabled requests for small responses remain unanswered. This suggests that a proxy or firewall is unable to handle extended DNS requests.
EDNS-enabled requests for medium-sized responses remain unanswered. This suggests that a proxy or firewall is unable to handle extended DNS requests or DNS requests larger than 512 bytes.
EDNS-enabled requests for large responses remain unanswered. This suggests that a proxy or firewall is unable to handle large extended DNS requests or fragmented UDP traffic.
DNS resolver address (?): OK +
DNS resolver properties (?): Lookup latency 210ms +
Direct probing of DNS resolvers (?) –
Your system is configured to use 2 DNS resolver(s).
The resolver at 194.168.4.100 could not process the following tested types:
Large (~3000B) TXT records fetched with EDNS0
It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports a number of additional properties. Show them.
The resolver at 194.168.8.100 could not process the following tested types:
Large (~3000B) TXT records fetched with EDNS0
It does not validate DNSSEC. It wildcards NXDOMAIN errors. Instead of an error it returns the following IP address(es): 81.200.64.50. The resolver reports a number of additional properties. Show them.
DNS glue policy (?): OK +
DNS resolver port randomization (?): OK +
DNS lookups of popular domains (?): OK +
DNS external proxy (?): OK +
DNS results wildcarding (?): Warning –
Your ISP's DNS server returns IP addresses even for domain names which should not resolve. Instead of an error, the DNS server returns an address of 81.200.64.50, which resolves to advancedsearch.virginmedia.com. You can inspect the resulting HTML content here.
There are several possible explanations for this behavior. The most likely cause is that the ISP is attempting to profit from customer's typos by presenting advertisements in response to bad requests, but it could also be due to an error or misconfiguration in the DNS server.
The big problem with this behavior is that it can potentially break any network application which relies on DNS properly returning an error when a name does not exist.
The following lists your DNS server's behavior in more detail.
www.{random}.com is mapped to 81.200.64.50.
www.{random}.org is mapped to 81.200.64.50.
fubar.{random}.com is correctly reported as an error.
www.yahoo.cmo [sic] is mapped to 81.200.64.50.
nxdomain.{random}.netalyzr.icsi.berkeley.edu is correctly reported as an error.
DNS-level redirection of specific sites (?): OK +
Direct probing of DNS roots (?): Failed to complete +
IPv6 Tests + –
DNS support for IPv6 (?): OK +
IPv4, IPv6, and your web browser (?): No IPv6 support +
IPv6 connectivity (?): No IPv6 support +
Host Properties + –
System clock accuracy (?): Warning –
Your computer's clock is 6 seconds fast.
Browser properties (?): OK +
Uploaded data (?): OK +
Feedback + –
User-provided feedback +
ID 43ca253f-3436-c8877a6d-06b1-491d-a44e FAQs + Blog + Links +
Start » Analysis » Results
Result Summary + – (help)
cpc3-midd16-2-0-cust2.11-1.cable.virginmedia.com / 86.24.154.3
Recorded at 02:19 EDT (06:19 UTC), Apr 06 2012. Permalink. Referrer. Client/server transcript.
Summary of Noteworthy Events + –
Major Abnormalities –
Your DNS resolver returns IP addresses for names that do not exist
Minor Aberrations –
Certain UDP protocols are blocked in outbound traffic
The network blocks some or all EDNS replies
Not all DNS types were correctly processed
Your computer's clock is slightly fast
Address-based Tests + –
NAT detection (?): NAT Detected +
Local Network Interfaces (?): OK +
DNS-based host information (?): OK +
NAT support for Universal Plug and Play (UPnP) (?): Yes +
Reachability Tests + –
TCP connectivity (?): Failed to complete +
UDP connectivity (?): Note –
Basic UDP access is available.
The applet was able to send fragmented UDP traffic.
The applet was able to receive fragmented UDP traffic.
Direct UDP access to remote DNS servers (port 53) is blocked.
The network you are using appears to enforce the use of a local DNS resolver.
Direct UDP access to remote NTP servers (port 123) is allowed.
Direct UDP access to remote NetBIOS NS servers (port 137) is blocked.
Direct UDP access to remote NetBIOS DGM servers (port 138) is blocked.
Direct UDP access to remote IKE key exchange servers (port 500) is allowed.
Direct UDP access to remote OpenVPN servers (port 1194) is allowed.
Direct UDP access to remote Slammer servers (port 1434) is allowed.
Direct UDP access to remote L2 tunneling servers (port 1701) is allowed.
Direct UDP access to remote IPSec NAT servers (port 4500) is allowed.
Direct UDP access to remote RTP servers (port 5004) is allowed.
Direct UDP access to remote RTCP servers (port 5005) is allowed.
Direct UDP access to remote SIP servers (port 5060) is allowed.
Direct UDP access to remote VoIP servers (port 7078) is allowed.
Direct UDP access to remote VoIP servers (port 7082) is allowed.
Direct UDP access to remote SCTP servers (port 9899) is allowed.
Direct UDP access to remote Steam gaming servers (port 27005) is allowed.
Direct UDP access to remote Steam gaming servers (port 27015) is allowed.
Traceroute (?): OK +
Path MTU (?): OK +
Network Access Link Properties + –
Network latency measurements (?): Latency: 96ms Loss: 0.0% +
TCP connection setup latency (?): 100ms +
Network background health measurement (?): no transient outages +
Network bandwidth (?): Upload 3.1 Mbit/sec, Download 5.3 Mbit/sec +
Network buffer measurements (?): Uplink 240 ms, Downlink is good +
HTTP Tests + –
Address-based HTTP proxy detection (?): OK +
Content-based HTTP proxy detection (?): OK +
HTTP proxy detection via malformed requests (?): OK +
Filetype-based filtering (?): OK +
HTTP caching behavior (?): OK +
JavaScript-based tests (?): OK +
DNS Tests + –
Restricted domain DNS lookup (?): OK +
Unrestricted domain DNS lookup (?): OK +
Direct DNS support (?): Not executed +
Direct EDNS support (?): Note –
EDNS-enabled requests for small responses remain unanswered. This suggests that a proxy or firewall is unable to handle extended DNS requests.
EDNS-enabled requests for medium-sized responses remain unanswered. This suggests that a proxy or firewall is unable to handle extended DNS requests or DNS requests larger than 512 bytes.
EDNS-enabled requests for large responses remain unanswered. This suggests that a proxy or firewall is unable to handle large extended DNS requests or fragmented UDP traffic.
DNS resolver address (?): OK +
DNS resolver properties (?): Lookup latency 210ms +
Direct probing of DNS resolvers (?) –
Your system is configured to use 2 DNS resolver(s).
The resolver at 194.168.4.100 could not process the following tested types:
Large (~3000B) TXT records fetched with EDNS0
It does not validate DNSSEC. It does not wildcard NXDOMAIN errors. The resolver reports a number of additional properties. Show them.
The resolver at 194.168.8.100 could not process the following tested types:
Large (~3000B) TXT records fetched with EDNS0
It does not validate DNSSEC. It wildcards NXDOMAIN errors. Instead of an error it returns the following IP address(es): 81.200.64.50. The resolver reports a number of additional properties. Show them.
DNS glue policy (?): OK +
DNS resolver port randomization (?): OK +
DNS lookups of popular domains (?): OK +
DNS external proxy (?): OK +
DNS results wildcarding (?): Warning –
Your ISP's DNS server returns IP addresses even for domain names which should not resolve. Instead of an error, the DNS server returns an address of 81.200.64.50, which resolves to advancedsearch.virginmedia.com. You can inspect the resulting HTML content here.
There are several possible explanations for this behavior. The most likely cause is that the ISP is attempting to profit from customer's typos by presenting advertisements in response to bad requests, but it could also be due to an error or misconfiguration in the DNS server.
The big problem with this behavior is that it can potentially break any network application which relies on DNS properly returning an error when a name does not exist.
The following lists your DNS server's behavior in more detail.
www.{random}.com is mapped to 81.200.64.50.
www.{random}.org is mapped to 81.200.64.50.
fubar.{random}.com is correctly reported as an error.
www.yahoo.cmo [sic] is mapped to 81.200.64.50.
nxdomain.{random}.netalyzr.icsi.berkeley.edu is correctly reported as an error.
DNS-level redirection of specific sites (?): OK +
Direct probing of DNS roots (?): Failed to complete +
IPv6 Tests + –
DNS support for IPv6 (?): OK +
IPv4, IPv6, and your web browser (?): No IPv6 support +
IPv6 connectivity (?): No IPv6 support +
Host Properties + –
System clock accuracy (?): Warning –
Your computer's clock is 6 seconds fast.
Browser properties (?): OK +
Uploaded data (?): OK +
Feedback + –
User-provided feedback +
ID 43ca253f-3436-c8877a6d-06b1-491d-a44e FAQs + Blog + Links +