In Which There Is More Network Retardation
Dec. 9th, 2008 12:43 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
serinde(The "cranky", "you're stupid", and "my job sucks" icons were fighting it out for the honor of placement here. You see who won.)
First, let us define the problem:
A student with a MacBook (10.5.x). He can use the school wireless network just fine on the uptown campus. When he tries from his dorm room downtown, he can connect, but can only get Hunter web sites. No CUNY and no outer Internet whatsoever.
Stage 1 and 2 troubleshooting:
I took a look at his config when he brought the computer to the help desk, just in case there was some other-location insanity, which there was not. Then I had him call me from his room so I could walk him through some stuff. I ascertained the following:
- He had gotten an IP address on our network
- He could ping the wireless gateway and servers on the uptown campus
- He could not get to exterior websites by IP address (hence, not a DNS issue)
- Traceroutes died before getting into CUNYland (we connect to them for our intarwubs, don't ask me why)
So: clearly a routing issue. Something is not letting his traffic route outside the college network. Therefore I package all this information together, with specifics, with date stamps, with all the hops in the traceroute, and open a trouble ticket assigned to what we are pleased to call our network group. Three days later, I learn they don't actually use the trouble ticketing system; the help desk crew has to print out the ticket and hand it to them. FINE. I do that thing. Ensues the following conversation:
Notwork Stooges: It's his computer.
Your humble correspondent: No it's not, it works fine from uptown.
NS: It's nothing to do with us.
YHC: I don't understand why you would say that. He gets an IP address, he can authenticate to the AP.
NS: You have to find out when Hacker-Boy[1] is going downtown and have him take his laptop and test from the student's room and call us for troubleshooting.
YHC: Why? I've already been on the phone personally with this student, gathering this troubleshooting data. What else do you expect Hacker-Boy to find?
NS: Well if it's his computer--
YHC: IT IS NOT HIS COMPUTER, WHICH WORKS FINE FROM HERE.
NS: It's nothing to do with us.
YHC: *turns around and walks out without another word*
Apparently this (rightly) gave them the notion that I was gearing up to complain to their boss, because Stooge #2 followed me out a few minutes later to "sit down and talk about it". After gloriously insulting my intelligence and experience by "explaining" how CUNY sends us notification of IP addresses engaged in botnet activity, and how they nobly protect our network by blocking all those addresses, the following conversation ensued:
NS: ...so the student's computer must be infected with a botnet virus.
YHC: No, it can't be; it's a Mac.[2]
NS: Well then there must be something funny on it, because CUNY detected it and sent us a notice. So he needs to have it checked out first, but that is why it's blocked. When they are blocked they can only get Hunter & CUNY sites.
YHC: So IP addresses we block for this can get to Hunter and CUNY but nowhere else?
NS: Yes
YHC: Well that can't be it, then, 'cause he can only get to Hunter sites.
NS: ...Oh well then, when blocked you can only get to Hunter sites.
YHC: . o O ( YOU DON'T EVEN KNOW WHAT YOU'RE BLOCKING?!? )
YHC: OK. Well, could it be that the previous student using that IP address was the botnetted one, and when that DHCP lease expired this student got the address?
NS: That is possible I guess. We will remove the block. But he should still bring in his computer so it can be checked out.
YHC: Sure. Fine. I'll take care of that. kthxbye.
You will note, therefore, that this has magically transformed from "not our problem" to "oh except the part where we have a block against that IP address". You will also note that even if we had sent down Hacker-Boy, it would not have done a goddamn thing, since his laptop would have gotten a different address entirely. You will thirdly note the utter absurdity of trying to block out a particular machine by blocking DHCP-assigned IP addresses. Which leases, according to Network Stooge #1, last a whole! complete! twenty minutes!.
I am so utterly, bitterly fed up with their shit.
[1] Who they then started describing name, appearance, and function to me, apparently oblivious to the fact that I am his manager.
[2] Yes, I do realize the kid might have Windows on a Parallels or VMWare or Boot Camp setup. Bets?
First, let us define the problem:
A student with a MacBook (10.5.x). He can use the school wireless network just fine on the uptown campus. When he tries from his dorm room downtown, he can connect, but can only get Hunter web sites. No CUNY and no outer Internet whatsoever.
Stage 1 and 2 troubleshooting:
I took a look at his config when he brought the computer to the help desk, just in case there was some other-location insanity, which there was not. Then I had him call me from his room so I could walk him through some stuff. I ascertained the following:
- He had gotten an IP address on our network
- He could ping the wireless gateway and servers on the uptown campus
- He could not get to exterior websites by IP address (hence, not a DNS issue)
- Traceroutes died before getting into CUNYland (we connect to them for our intarwubs, don't ask me why)
So: clearly a routing issue. Something is not letting his traffic route outside the college network. Therefore I package all this information together, with specifics, with date stamps, with all the hops in the traceroute, and open a trouble ticket assigned to what we are pleased to call our network group. Three days later, I learn they don't actually use the trouble ticketing system; the help desk crew has to print out the ticket and hand it to them. FINE. I do that thing. Ensues the following conversation:
Notwork Stooges: It's his computer.
Your humble correspondent: No it's not, it works fine from uptown.
NS: It's nothing to do with us.
YHC: I don't understand why you would say that. He gets an IP address, he can authenticate to the AP.
NS: You have to find out when Hacker-Boy[1] is going downtown and have him take his laptop and test from the student's room and call us for troubleshooting.
YHC: Why? I've already been on the phone personally with this student, gathering this troubleshooting data. What else do you expect Hacker-Boy to find?
NS: Well if it's his computer--
YHC: IT IS NOT HIS COMPUTER, WHICH WORKS FINE FROM HERE.
NS: It's nothing to do with us.
YHC: *turns around and walks out without another word*
Apparently this (rightly) gave them the notion that I was gearing up to complain to their boss, because Stooge #2 followed me out a few minutes later to "sit down and talk about it". After gloriously insulting my intelligence and experience by "explaining" how CUNY sends us notification of IP addresses engaged in botnet activity, and how they nobly protect our network by blocking all those addresses, the following conversation ensued:
NS: ...so the student's computer must be infected with a botnet virus.
YHC: No, it can't be; it's a Mac.[2]
NS: Well then there must be something funny on it, because CUNY detected it and sent us a notice. So he needs to have it checked out first, but that is why it's blocked. When they are blocked they can only get Hunter & CUNY sites.
YHC: So IP addresses we block for this can get to Hunter and CUNY but nowhere else?
NS: Yes
YHC: Well that can't be it, then, 'cause he can only get to Hunter sites.
NS: ...Oh well then, when blocked you can only get to Hunter sites.
YHC: . o O ( YOU DON'T EVEN KNOW WHAT YOU'RE BLOCKING?!? )
YHC: OK. Well, could it be that the previous student using that IP address was the botnetted one, and when that DHCP lease expired this student got the address?
NS: That is possible I guess. We will remove the block. But he should still bring in his computer so it can be checked out.
YHC: Sure. Fine. I'll take care of that. kthxbye.
You will note, therefore, that this has magically transformed from "not our problem" to "oh except the part where we have a block against that IP address". You will also note that even if we had sent down Hacker-Boy, it would not have done a goddamn thing, since his laptop would have gotten a different address entirely. You will thirdly note the utter absurdity of trying to block out a particular machine by blocking DHCP-assigned IP addresses. Which leases, according to Network Stooge #1, last a whole! complete! twenty minutes!.
I am so utterly, bitterly fed up with their shit.
[1] Who they then started describing name, appearance, and function to me, apparently oblivious to the fact that I am his manager.
[2] Yes, I do realize the kid might have Windows on a Parallels or VMWare or Boot Camp setup. Bets?
