The ICSI Netalyzr Beta
Introduction » Analysis » Results
Result Summary
example.example.com / 10.0.1.2
Recorded at 02:00 PDT (09:00 UTC) on Mon, May 04 2009. Permalink. Transcript.
Noteworthy Events

Major Abnormalities

Minor Aberrations

Address-based Tests

NAT detection: NAT Detected

Your global IP address is 10.0.1.2 while your local one is 192.168.200.206. You are behind a NAT. Your local address is in unroutable address space.

Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.

port sequence plot

DNS-based host information: OK

You are not a Tor exit node for HTTP traffic.
You are listed on the Spamhaus Policy Based Blacklist, meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail.
The SORBS DUHL believes you are using a dynamically assigned IP address.
Reachability Tests

General connectivity: Note

We are unable to deliver non-DNS UDP datagrams to our servers.
Possible reasons include a restrictive Java security policy, a blocking rule imposed by your firewall or personal firewall configuration, or filtering performed by your ISP. Although it means we cannot conduct the latency and bandwidth tests, it does not necessarily indicate a problem with your network.
Direct TCP connections to remote FTP servers (port 21) failed.
This is commonly due to how a NAT or firewall handles FTP traffic, as FTP causes unique problems when developing NATs and firewalls.
Direct TCP access to remote SSH servers (port 22) is blocked.
Direct TCP access to remote SMTP servers (port 25) is allowed.
Direct TCP access to remote DNS servers (port 53) is blocked.
The network you are using appears to enforce the use of a local DNS resolver.
Direct TCP access to remote HTTP servers (port 80) is allowed.
Direct TCP access to remote POP servers (port 110) is allowed.
Direct TCP access to remote IMAP servers (port 143) is allowed.
Direct TCP access to remote HTTPS servers (port 443) is allowed.
Direct TCP access to remote SMTP/SSL servers (port 465) is allowed.
Direct TCP access to remote secure IMAP servers (port 585) is blocked.
Direct TCP access to remote authenticated SMTP servers (port 587) is blocked.
Direct TCP access to remote IMAP/SSL servers (port 993) is allowed.
Direct TCP access to remote POP/SSL servers (port 995) is allowed.
Network Access Link Properties

Network latency measurements: Prohibited

The applet was not permitted to run this test in its entirety. We encourage you to re-run the applet, allowing it to conduct its tests if prompted. However, some system configurations will always block this test. See the corresponding FAQ for help.

TCP connection setup latency: 86ms

The time it takes your computer to set up a TCP connection with our server is 86 msec, which is good.

Network background health measurement: Not Executed

The test was not executed. Required functionality was unavailable or not permitted.

Network bandwidth measurements: Not Executed

The test was not executed. Required functionality was unavailable or not permitted.

Network buffer measurements: Not Executed

The test was not executed. Required functionality was unavailable or not permitted.
HTTP Tests

Address-based HTTP proxy detection: OK

There is no explicit sign of HTTP proxy use based on IP address.

Header-based HTTP proxy detection: Warning

Changes to headers or contents sent between the applet and our HTTP server show the presence of an otherwise unadvertised HTTP proxy

The following headers had their capitalization modified by the proxy:

  • Connection

The detected HTTP proxy changed either the headers the applet sent or the HTTP response from the server. We have captured the changes for further analysis.

HTTP proxy detection via malformed requests: OK

Deliberately malformed HTTP requests do not arrive at our server. This suggests that an otherwise undetected proxy exists along the network path. This proxy was either unable to parse or refused to forward the deliberately bad request.

Filetype-based filtering: OK

We did not detect file-content filtering.

HTTP caching behavior: OK

There is no suggestion that a transparent HTTP cache exists in your network.

JavaScript-based tests: OK

JavaScript is not enabled for the Netalyzr site.
DNS Tests

Restricted domain DNS lookup: Failed

Restricted DNS lookup test failed to complete.

Unrestricted domain DNS lookup: Failed

Unable to lookup a name not associated with our server.

DNS resolver address: OK

The IP address of your ISP's DNS Resolver is 10.2.3.4, which does not resolve.

DNS resolver properties: Lookup latency: 229ms

Your ISP's DNS resolver requires 229 msec to conduct an external lookup, and 60 msec to lookup an item in the cache.
Your resolver is using QTYPE=A for default queries.
Your resolver is not automatically performing IPv6 queries.
Your resolver does not use 0x20 randomization, but will pass names in a case-sensitive manner.

DNS glue policy: OK

Your ISP's DNS resolver does not accept generic additional (glue) records — good.
Your ISP's DNS resolver accepts additional (glue) records for nameservers located in subdomains of the queried domain.
Your ISP's DNS resolver does not follow CNAMEs.

DNS resolver port randomization: Danger

Your ISP's DNS resolver does not randomize its local port number. This means your ISP's DNS resolver is probably vulnerable to DNS cache poisoning, which enables an attacker to intercept and modify effectively all communications of anyone using your ISP.

We suggest that, if possible, you immediately contact your network provider, as this represents a serious vulnerability.

The following graph shows DNS requests on the x-axis and the detected source ports on the y-axis.

port sequence plot

DNS lookups of popular domains: OK

24 of 24 popular names were resolved successfully. In the following table reverse lookups that failed but for which a Start Of Authority (SOA) entry indicated correct name associations are shown using an "X", followed by the SOA entry. Absence of both IP address and reverse name indicates failed forward lookups.
Name IP Address Reverse Name/SOA
ad.doubleclick.net 209.62.176.152 eqnjmegaadvip2.doubleclick.net
www.bankofamerica.com 171.159.193.173 www.bankofamerica.com
www.chase.com 159.53.60.105 X (ns1.jpmorganchase.com)
www.etrade.com 12.153.224.22 etrade.com
www.facebook.com 69.63.184.143 www-11-03-ash1.facebook.com
www.google.com 209.85.227.104 wy-in-f104.google.com
mail.google.com 209.85.137.83 mg-in-f83.google.com
mail.live.com 64.4.20.174 dp1.mail.live.com
mail.yahoo.com 217.12.8.76 l1.login.vip.ukl.yahoo.com
www.meebo.com 208.81.191.110 X (ns1.meebo.com)
www.microsoft.com 65.55.21.250 X (msnhst.microsoft.com)
pagead.googlesyndication.com 209.85.227.166 wy-in-f166.google.com
partner.googleadservices.com 209.85.227.164 wy-in-f164.google.com
www.paypal.com 64.4.241.49 node-64-4-241-4[...]orks.paypal.com
www.schwab.com 162.93.206.80 wwwschwab-vip.schwab.com
smartzone.comcast.net 76.96.58.12 webmail3.westch[...]ail.comcast.net
www.tdameritrade.com 204.58.27.105 beta-new.tdameritrade.com
www.ticketmaster.com 88.221.196.199 a88-221-196-199[...]echnologies.com
us.etrade.com 12.153.224.21 X (ns2m3.etrade.com)
www.wamu.com 167.88.184.51 www.wamu.com
www.wellsfargo.com 151.151.13.133 psaltery-dd.wellsfargo.com
windowsupdate.microsoft.com 207.46.18.94 X (msnhst.microsoft.com)
wireless.att.com 135.209.208.191 origin-busine[...]eless.att.com
www.yahoo.com 87.248.113.14 f1.us.www.vip.ird.yahoo.com

DNS results wildcarding: OK

Your ISP correctly leaves non-resolving names untouched.
Host Properties

System clock accuracy: Not Executed

The test was not executed. Required functionality was unavailable or not permitted.

Browser properties: OK

The following parameters are sent by your web browser to all web sites you visit:
  • User Agent: Mozilla/5.0 (compatible; Konqueror/3.5; Linux) KHTML/3.5.10 (like Gecko)
  • Accept: text/html, image/jpeg, image/png, text/*, image/*, */*
  • Accept Language: en
  • Accept Encoding: x-gzip, x-deflate, gzip, deflate
  • Accept Charset: utf-8, utf-8;q=0.5, *;q=0.5
Feedback

The following feedback was reported for this session by example@example.org.
  • The client used a wireless network connection.
  • The session was conducted at a public location.
  • The user commented:
    An actual test run (with the address hidden to protect the guilty network)