[sysreq #14828] W3.org site not accessible; Whitelist Zscaler Ip address range from Jean-Guilhem Rouel via RT on 2020-12-17 (site-comments@w3.org from December 2020)

From: Jean-Guilhem Rouel via RT <sysreq@w3.org>
Date: Thu, 17 Dec 2020 11:48:42 +0000
CC: jacob.vaughan@mpi.govt.nz, jacobv@datacom.co.nz, site-comments@w3.org
Message-ID: <rt-4.4.3-2-4983-1608205721-1865.14828-18-0@w3.org>
Hi,

We've received confirmation from other people that they could now reach www.w3.org. Can you confirm that it also works for you?

Thanks,
Jean-Gui

On Mon Dec 14 09:26:03 2020, jacobv@datacom.co.nz wrote:
> Hi team,
> 
> Appears the Zscaler IP range is still blocked, MTR IS:
> 
> [support@zs2-akl1-1b ~]$ mtr -c 300 --no-dns 128.30.52.100
>                                                     My traceroute
> [v0.80]
> zs2-akl1-1b (0.0.0.0)
> Mon Dec 14 21:20:56 2020
> Keys:  Help   Display mode   Restart statistics   Order of fields
> quit
>                                                                                       Packets
> Pings
>  Host
> Loss%   Snt   Last   Avg  Best  Wrst StDev
>  1. 124.248.141.3
> 0.0%    29    0.4   2.8   0.2  47.5  10.0
>  2. 154.18.96.58
> 0.0%    29   25.9  29.8  25.9  77.2  10.9
>  3. 154.18.96.57
> 0.0%    29  156.4 156.5 156.3 156.8   0.2
>  4. 154.54.88.141
> 0.0%    29  200.4 200.4 200.3 200.7   0.1
>  5. 154.54.88.138
> 0.0%    29  200.4 200.6 200.3 202.8   0.5
>  6. 154.54.140.18
> 0.0%    29  265.0 265.3 264.9 268.3   0.8
>  7. 195.89.111.210
> 0.0%    29  200.7 200.8 200.6 201.1   0.1
>  8. 23.57.106.245
> 0.0%    28  200.5 200.5 200.5 200.7   0.1
>  9. 72.52.1.155
> 0.0%    28  203.8 203.6 203.4 203.8   0.1
> 10. 72.52.1.244
> 0.0%    28  200.8 200.7 200.5 200.8   0.1
> 11. ???
> 
> Any help greatly appreciated.
> 
> Jacob Vaughan
> Senior Cybersecurity Engineer | A/NZ Security Operations Centre
> 
> 68-86 Jervois Quay, Wellington, 6011, New Zealand
> Email: JacobV@datacom.co.nz | Mobile: +64 212070737
> www.datacom.co.nz
> 
> 
> 
> -----Original Message-----
>  From: Jean-Guilhem Rouel via RT <sysreq@w3.org>
> Sent: Friday, 11 December 2020 4:25 AM
> Cc: jacob.vaughan@mpi.govt.nz; Jacob Vaughan <JacobV@datacom.co.nz>;
> site-comments@w3.org
> Subject: [sysreq #14828] W3.org site not accessible; Whitelist Zscaler
> Ip address range
> 
> On Thu Dec 10 09:33:29 2020, srawat@zscaler.com wrote:
> > Hello Team,
> >
> > Hope you are doing well.
> >
> > I am writing this email in hopes of reaching someone in your
> > security/networking department.
> >
> > One of our customers *Ministry for Primary Industries New Zealand *
> > raised concern that they were not able to reach the following URLs
> > via
> > our company's service.
> > *https://www.w3.org/ <https://www.w3.org/>*
> >
> > [image: image.png]
> >
> >
> > Taking tcpdump we see Zscaler Auckland node is sending TCP SYN
> > however
> > site is not responding. We see no SYN+ACK from destination.
> > It seems you have not whitelisted the range from our Auckland Node.
> >
> > 22:48:41.949990 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> > (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80: Flags
> > [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale
> > 5,sackOK,TS val
> > 188199143 ecr 0], length 0
> > 22:48:44.592392 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> > (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80: Flags
> > [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale
> > 5,sackOK,TS val
> > 188199443 ecr 0], length 0
> > 22:48:47.420014 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> > (0x0800), length 74:* 124.248.141.76.33661 > 128.30.52.100.80: Flags
> > [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale
> > 5,sackOK,TS val
> > 188199763 ecr 0], length 0
> > 22:48:50.256015 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> > (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80: Flags
> > [S*], seq 1205153653, win 65535, options [mss 1460,sackOK,eol],
> > length
> > 0
> > 22:48:52.915216 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype IPv4
> > (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80: Flags
> > [S]*, seq 1205153653, win 65535, options [mss 1460,sackOK,eol],
> > length
> > 0 ^C
> >
> > As a company zscaler provide a hosted web filtering/security
> > solution.
> > As part of the debugging process, we noticed that the outbound IP
> > address of our nodes is being blocked from your CDN.
> > Would it be possible to open a dialogue to have this ban or throttle
> > policy lifted? If there is something we need to address I would be
> > more than happy to look at it.
> > Note: It is possible that you are seeing a large volume of traffic
> > from our IP address. This is not uncommon as we may have up to 50k+
> > users behind a single node.
> 
> Hi,
> 
> Would you be able to run a traceroute to see where packets get
> stopped? We've received a few similar complaints around the same time
> as yours, one of them being blocked on Akamai's routers to protect our
> Internet provider's network. This may be due to them mitigating an
> attack on this network, I'll try to get more information.
> 
> Best Regards,
> Jean-Gui
> 
> >
> > Zscaler Case ID:  02654708
> > Location: *Auckland*
> > Range:
> >  *Auckland* *124.248.141.0/24 <http://124.248.141.0/24>* Regards,
> > Suman
> > Rawat Zscaler Product Support Engineer
>
Received on Thursday, 17 December 2020 11:48:49 UTC