[sysreq #14828] W3.org site not accessible; Whitelist Zscaler Ip address range

On Fri Dec 18 09:19:34 2020, jacobv@datacom.co.nz wrote:
> Hi Jean,
> 
> Thank you for confirming, yes appears to be working now. Are you able
> to advise what the cause was? Or at least weather this could likely
> occur again? Thanks heaps.

Hi,

OK good. Unfortunately we haven't received any information about what happened or if this could occur again (hopefully not).
I'm closing this ticket but if you get blocked again do not hesitate to contact us.

Best Regards,
Jean-Gui


> 
> Jacob Vaughan
> Senior Cybersecurity Engineer | A/NZ Security Operations Centre
> 
> 68-86 Jervois Quay, Wellington, 6011, New Zealand
> Email: JacobV@datacom.co.nz | Mobile: +64 212070737
> www.datacom.co.nz
> 
> 
> 
> -----Original Message-----
>  From: Jean-Guilhem Rouel via RT <sysreq@w3.org>
> Sent: Friday, 18 December 2020 12:49 AM
> Cc: jacob.vaughan@mpi.govt.nz; Jacob Vaughan <JacobV@datacom.co.nz>;
> site-comments@w3.org
> Subject: [sysreq #14828] W3.org site not accessible; Whitelist Zscaler
> Ip address range
> 
> Hi,
> 
> We've received confirmation from other people that they could now
> reach www.w3.org. Can you confirm that it also works for you?
> 
> Thanks,
> Jean-Gui
> 
> On Mon Dec 14 09:26:03 2020, jacobv@datacom.co.nz wrote:
> > Hi team,
> >
> > Appears the Zscaler IP range is still blocked, MTR IS:
> >
> > [support@zs2-akl1-1b ~]$ mtr -c 300 --no-dns 128.30.52.100
> >                                                      My traceroute
> > [v0.80] zs2-akl1-1b (0.0.0.0) Mon Dec 14 21:20:56 2020
> > Keys:  Help   Display mode   Restart statistics   Order of fields
> > quit
> >
> > Packets Pings  Host
> > Loss%   Snt   Last   Avg  Best  Wrst StDev
> >  1. 124.248.141.3
> > 0.0%    29    0.4   2.8   0.2  47.5  10.0
> >  2. 154.18.96.58
> > 0.0%    29   25.9  29.8  25.9  77.2  10.9
> >  3. 154.18.96.57
> > 0.0%    29  156.4 156.5 156.3 156.8   0.2
> >  4. 154.54.88.141
> > 0.0%    29  200.4 200.4 200.3 200.7   0.1
> >  5. 154.54.88.138
> > 0.0%    29  200.4 200.6 200.3 202.8   0.5
> >  6. 154.54.140.18
> > 0.0%    29  265.0 265.3 264.9 268.3   0.8
> >  7. 195.89.111.210
> > 0.0%    29  200.7 200.8 200.6 201.1   0.1
> >  8. 23.57.106.245
> > 0.0%    28  200.5 200.5 200.5 200.7   0.1
> >  9. 72.52.1.155
> > 0.0%    28  203.8 203.6 203.4 203.8   0.1
> > 10. 72.52.1.244
> > 0.0%    28  200.8 200.7 200.5 200.8   0.1
> > 11. ???
> >
> > Any help greatly appreciated.
> >
> > Jacob Vaughan
> > Senior Cybersecurity Engineer | A/NZ Security Operations Centre
> >
> > 68-86 Jervois Quay, Wellington, 6011, New Zealand
> > Email: JacobV@datacom.co.nz | Mobile: +64 212070737 www.datacom.co.nz
> >
> >
> >
> > -----Original Message-----
> >  From: Jean-Guilhem Rouel via RT <sysreq@w3.org>
> > Sent: Friday, 11 December 2020 4:25 AM
> >  Cc: jacob.vaughan@mpi.govt.nz; Jacob Vaughan <JacobV@datacom.co.nz>;
> > site-comments@w3.org
> >  Subject: [sysreq #14828] W3.org site not accessible; Whitelist
> > Zscaler
> > Ip address range
> >
> > On Thu Dec 10 09:33:29 2020, srawat@zscaler.com wrote:
> > > Hello Team,
> > >
> > > Hope you are doing well.
> > >
> > > I am writing this email in hopes of reaching someone in your
> > > security/networking department.
> > >
> > > One of our customers *Ministry for Primary Industries New Zealand *
> > > raised concern that they were not able to reach the following URLs
> > > via our company's service.
> > > *https://www.w3.org/ <https://www.w3.org/>*
> > >
> > > [image: image.png]
> > >
> > >
> > > Taking tcpdump we see Zscaler Auckland node is sending TCP SYN
> > > however site is not responding. We see no SYN+ACK from destination.
> > > It seems you have not whitelisted the range from our Auckland Node.
> > >
> > > 22:48:41.949990 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype
> > > IPv4 (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80:
> > > Flags
> > > [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale
> > > 5,sackOK,TS val
> > > 188199143 ecr 0], length 0
> > > 22:48:44.592392 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype
> > > IPv4 (0x0800), length 74: *124.248.141.76.33661 > 128.30.52.100.80:
> > > Flags
> > > [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale
> > > 5,sackOK,TS val
> > > 188199443 ecr 0], length 0
> > > 22:48:47.420014 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype
> > > IPv4 (0x0800), length 74:* 124.248.141.76.33661 > 128.30.52.100.80:
> > > Flags
> > > [S],* seq 2737271665, win 65535, options [mss 1460,nop,wscale
> > > 5,sackOK,TS val
> > > 188199763 ecr 0], length 0
> > > 22:48:50.256015 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype
> > > IPv4 (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80:
> > > Flags [S*], seq 1205153653, win 65535, options [mss
> > > 1460,sackOK,eol], length
> > > 0
> > > 22:48:52.915216 0c:c4:7a:fa:10:a5 > 00:00:5e:00:01:0f, ethertype
> > > IPv4 (0x0800), length 62:* 124.248.141.76.56447 > 128.30.52.100.80:
> > > Flags [S]*, seq 1205153653, win 65535, options [mss
> > > 1460,sackOK,eol], length
> > > 0 ^C
> > >
> > > As a company zscaler provide a hosted web filtering/security
> > > solution.
> > > As part of the debugging process, we noticed that the outbound IP
> > > address of our nodes is being blocked from your CDN.
> > > Would it be possible to open a dialogue to have this ban or
> > > throttle
> > > policy lifted? If there is something we need to address I would be
> > > more than happy to look at it.
> > > Note: It is possible that you are seeing a large volume of traffic
> > > from our IP address. This is not uncommon as we may have up to 50k+
> > > users behind a single node.
> >
> > Hi,
> >
> > Would you be able to run a traceroute to see where packets get
> > stopped? We've received a few similar complaints around the same time
> > as yours, one of them being blocked on Akamai's routers to protect
> > our
> > Internet provider's network. This may be due to them mitigating an
> > attack on this network, I'll try to get more information.
> >
> > Best Regards,
> > Jean-Gui
> >
> > >
> > > Zscaler Case ID:  02654708
> > > Location: *Auckland*
> > > Range:
> > >   *Auckland* *124.248.141.0/24 <http://124.248.141.0/24>* Regards,
> > > Suman Rawat Zscaler Product Support Engineer
> >
> 

Received on Friday, 18 December 2020 13:38:52 UTC