Unable to browse to certain domain names

[dugaduga]

Yes I can access my router. No blocks appearing in diversion/skynet.

With DNS bind protection on I am not seeing dnsmasq logging DNS requests for websites starting with 192.* pinging works however, (even after restarting dnsmasq to clear cache) and wireshark shows the DNS query ip is accurate, but the websites will not respond to outgoing https requests.

With DNS bind protection off, it appears dnsmasq logs the IP but still, the ip does not respond, it just sits there like there is perhaps some kind of upstream 192.* block or spoofing going on.

the websites: linuxmint.com, opdeepstate.com
--- linuxmint.com ping statistics ---
64 bytes from 192.124.249.9: seq=3 ttl=58 time=52.646 ms
64 bytes from 192.124.249.9: seq=4 ttl=58 time=54.579 ms

PING opdeepstate.com (192.124.249.114): 56 data bytes
64 bytes from 192.124.249.114: seq=0 ttl=58 time=57.065 ms
64 bytes from 192.124.249.114: seq=1 ttl=58 time=62.328 ms
64 bytes from 192.124.249.114: seq=2 ttl=58 time=52.256 ms

Pings respond. I see an https packet request or two in wireshark going to these IPs via chrome but no response. I have no idea what is going on here. I had this mysterious issue come and go before, now its back again. I blv this occurred with the ISP router as well, prior to the asuswrt.

Middlebox man / spoofer? Misconfigured ISP Node? Router issue? Any ideas?

 

[AndreiV]

Both sites load using the www. url but bot throw a misconfigured firewall notice using the IP addresses.

http://192.124.249.114

Sucuri Website Firewall - Not Configured
The site you are visiting is using Sucuri Website Firewall. And for some reason it is not configured properly. If you are the site owner, please open a ticket here asap for us to look at it for you: https://support.sucuri.net. If you are visiting the site please try again in a few minutes.

Error Details:
Your IP: 95.xxx.xx.xx
URL: 192.124.249.114/
Your Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 OPR/57.0.3098.102
Time: 2018-12-19 06:14:56
Server ID: 13014

 

[dugaduga]

Thank you AndreiV. I cannot even get any response at all through http://192.124.249.114

 

[NGRhodes]

Sucuri is a proxy-security service similar concept to Cloudflare and it looks like the site behind this proxy is not working.

 

[RMerlin]

Both sites load using the www. url but bot throw a misconfigured firewall notice using the IP addresses.

http://192.124.249.114

Websites can rarely be accessed by their IP addresses nowadays, as often multiple websites share the same IP. The web server will need to be told which website is being accessed.

 

[dugaduga]

@RMerlin, for clarification, if the website itself is located on a domain that uses an IP of 192.* I can't connect to it through a browser; Happens using standard host domain names (linuxmint.com) or ip addresses! Pings are the only things that respond. This was also happening with my ISP router prior to using AsusWRT, around the time I started tinkering with using VPNs. This issue has come and went before, now its back again.

 

[dugaduga]

Ok, cannot access https://kurtzimmermann.com either which starts with 109, this is happening a lot with a lot of websites, seeing no blocks in diversion or skynet!

 

[john9527]

This was also happening with my ISP router prior to using AsusWRT, around the time I started tinkering with using VPNs. This issue has come and went before, now its back again.

Your ISP may be handing you a blacklisted address. Try powering down both the modem and router for 15-30 minutes to get a new ip.

 

[dugaduga]

Your ISP may be handing you a blacklisted address. Try powering down both the modem and router for 15-30 minutes to get a new ip.

I tried a wget from the router to download https://www.linuxmint.com/pictures/screenshots/tessa/thumb_mate.png
It downloaded successfully from the router itself; wont open in browsers though; what does this suggest to you?

 

[dugaduga]

I'm using acrylic dns resolver as an alternative to windows dns client and limiting the types of queries possible. its returning an A result in reverse as a PTR; maybe this is the key, though ptr is disabled on the router; i enabled it on the router and these sites were still not working, ill try messing with acrylic a bit

pinging from windows gets the proper responses

2018-12-20 23:29:05.505 TDnsResolver.Execute: Request ID 53921 forwarded to server 192.168.50.1:53.
2018-12-20 23:29:05.509 TDnsResolver.Execute: Response ID 53921 received from server 192.168.50.1:53 [RC=0;QDC=1;ANC=1;Q[1]=www.linuxmint.com;T[1]=A;A[1]=www.linuxmint.com>9.249.124.192;Z=D2A18180000100010000000003777777096C696E75786D696E7403636F6D0000010001C00C00010001000001390004C07CF909].

 

[dugaduga]

Tried enabling all dns queries, no dns caching, no luck! disabled acrylic. its working on the iphone with ptr (all arpa) disabled at the router level. windows firewall logs not stating anything. firefox, chrome and others cannot connect; hosts file is clean. bridged xp vm can connect to linuxmint.com. So its a pc issue! doy. can't figure it out though, this is a strange mystery.

 

[dugaduga]

does a bridged vm use the same tcpip stack as the host machine? or just the adapter?

 

[dugaduga]

What can cause this:

• Problem with DNS server or DNS records; (working fine)
• Incorrect TCP/IP stack settings; (reset tcpip/winsock , problem remains)
• Incorrect entries in the hosts file; (its clean)
• Your computer may be infected with a virus or malware; (doubt it muchly)
• The browser or plugins are misconfigured; (all browsers affected)
• Routing table error; (reset routing table, still problematic)
• Wrong MTU size. (its @ 1500)
• AV (only using Windows Defender)

Could it be due to one of these settings? (i tried enabling domainnamedevolution, with no success) XP VM is using the same TCPIP settings and is not affected.