Moderator: Greg Downing

All times are UTC-05:00

  
« Previous topic | Next topic »  
Reply to topic  
 First unread post  | 18 posts | 
by Tim Zurowski on Fri Jan 02, 2015 12:27 pm
User avatar
Tim Zurowski
Forum Contributor
Posts: 18881
Joined: 4 Apr 2006
Location: Victoria BC, Canada
For about 3 weeks to a month now NSN has been really slow loading pages for me. Today they are taking 17 seconds each to load. I am on a fast service where most pages at other sites load under 1 second. This problem is also happening at a few other sites, but not quite as slow as NSN. I have talked to my internet provider, but we have done speed tests and I am getting correct speeds for my plan at my cable and router (26.67 mbps download & 2.87 mbps upload). When the pages are hanging to load, in the lower left corner I see "waiting for www.google-analytics.com" and then "waiting for www.sharethis.com". Having done a bit of research on these sites, they apparently are not supposed to slow down your browsing experience. So what are they to do with NSN and why are they slowing the site down so much for me? It is so slow that my desire to use NSN is wavering.
 

by SantaFeJoe on Fri Jan 02, 2015 9:14 pm
User avatar
SantaFeJoe
Forum Contributor
Posts: 8622
Joined: 28 Jan 2012
Location: Somewhere Out In The Wilds
I've been having that problem as well, but not consistently. I often get a message that "Page is not Available". This happens mostly when posting a reply.

Joe
Learn the rules like a pro, so you can break them like an artist.  -Pablo Picasso
 

by E.J. Peiker on Sat Jan 03, 2015 12:14 am
User avatar
E.J. Peiker
Senior Technical Editor
Posts: 86760
Joined: 16 Aug 2003
Location: Arizona
Member #:00002
When that happens, try running a traceroute to see where the slowdown is. If it is the very last entry that's much slower than the rest, then it would be the NSN servers. If it's anything else it's somewhere in the chain between your computer, your ISP and NSN and not an NSN problem but some other problem.

We did have a big slowdown a few days ago but that was resolved on that day. There are no slowdowns currently occurring on the NSN side that I can see.

On a Mac from the command line you would type: traceroute naturescapes.net
On a PC from a command prompt type: tracert naturescapes.net

I just ran one and the NSN server replied in 42ms after receiving the request from all of the upstream servers and routers. With the types of delays you are seeing, look for something that is several hundred or even thousand milliseconds long.
 

by Tim Zurowski on Sat Jan 03, 2015 12:52 pm
User avatar
Tim Zurowski
Forum Contributor
Posts: 18881
Joined: 4 Apr 2006
Location: Victoria BC, Canada
Okay first, it is a bit faster today, but still WAY lower than it should be. it took me about 32 seconds to get into this forum to post this. Yesterday it would have been about 68 seconds at 17 seconds per page. Also note that it is not just with NSN, there are many other pages that are loading like this and even some that are slower. yet there are many other pages that are instant, as expected. Shaw tech support are trying to tell me I have a malware or virus, but I have scanned with Malwarebytes, MSE, McAfee Shaw Secure and Trend Micro. I have also booted into Safe Mode + Network and have ran scans from there. The same sites are also just as slow when in the Safe Boot + Network. So I really am stumped on this one. Here's a screen shot of the tracert naturescapes.net and followed by a screenshot of what I see when I am waiting. I get "waiting for www.sharethis.com" and "waiting for www.google-analytics.com" when the pages are trying to load. So if these results for the tracert are normal, then something in between is stopping the pages from loading, and it appears to be www.sharethis.com and www.google-analytics.com. What I can't figure out is why only for me?
Image
Image
 

by Royce Howland on Sat Jan 03, 2015 3:59 pm
User avatar
Royce Howland
Forum Contributor
Posts: 11719
Joined: 12 Jan 2005
Location: Calgary, Alberta
Member #:00460
Those traceroute times look okay, which confirms the suspicion that it's not really to do with NSN per se. So next do a traceroute to w.sharethis.com. (Note that it has only a single "w", not 3 of them.) Do the same for any others that you see down in the status bar with a "waiting" message that lasts for longer than a second. NSN pages won't complete loading if any links to offsite resources block up for some reason. I don't believe you're having an issue with NSN, but rather with some offsite resources.

The ISP support people you're dealing with are most likely ignorant. Talk of malware is an easy punt for them. Probably nothing to do with your case, but it's a good way to get out of actually doing any work to diagnose the problem... assuming they even know how. It may be something to do with your computer, but I doubt it's malware and more likely it's tied in with something about your network path to reach the various online resources involved.
Royce Howland
 

by Tim Zurowski on Sat Jan 03, 2015 6:43 pm
User avatar
Tim Zurowski
Forum Contributor
Posts: 18881
Joined: 4 Apr 2006
Location: Victoria BC, Canada
Thanks Royce. What is confusing though is that some sites I go to are instant, like my website for example, while others like NSN are really slow. This just came on really suddenly about a month or so ago, and I have done nothing to change or disrupt my network settings. Can you suggest some things I can look into here at my end? I am not what I would call very knowledgeable about networking issues. Also, note that everything is really slow on my laptop as well. The laptop is connecting wirelessly and my PC is hardwired. I guess I am just at a loss as to where I can go to get help with this problem, and it is driving me NUTS! Just this last time posting here it took over 30 seconds for this forum to load so I could read your message and respond. The whole time it is that blank white screen with the waiting for message down in the lower left.
 

by Anthony Medici on Sat Jan 03, 2015 8:54 pm
User avatar
Anthony Medici
Lifetime Member
Posts: 6879
Joined: 17 Aug 2003
Location: Champions Gate, FL
Member #:00012
I seem to remember googling "Slow internet connection" and finding an article about changing your DNS servers to Google's servers since Google's servers always have access to everything. You might consider trying to google that and see what comes up. Maybe it will help.
Tony
 

by Royce Howland on Sat Jan 03, 2015 9:46 pm
User avatar
Royce Howland
Forum Contributor
Posts: 11719
Joined: 12 Jan 2005
Location: Calgary, Alberta
Member #:00460
For those who might be curious, I dug into some of Tim's network config and it appears that he may be suffering from a DNS hijack of some type. Apparently 3 computers are affected on his home network -- 2 PC's and a Mac. Internet behaviors on all 3 are not working right. That seems unlikely to be attributable to malware.

Doing some debugging, the IP addresses returned by the nslookup utility on his PC laptop for both w.sharethis.com and www.google-analytics.com (offsite resources linked by pages on NSN), both point to IP addresses that are allocated to some bogus-looking virtual servers hosted by Amazon Web Services. I'm pretty sure Google Analytics does not run on Amazon virtual servers. :)

Tim's PC laptop DNS server addresses both point to IP addresses that come from a domain called static.cloud-ips.com. This was a virtual cloud IP service run by Rackspace, but which was shut down sometime in 2013. Google shows there are a few reports of people being spammed or hacked by sources hidden behind addresses coming from cloud-ips.com. So clearly this old Rackspace service has been used by net abusers before.

Since Tim's internet service provider is Shaw, a major Canadian operation, again I doubt their DNS servers are running on Rackspace cloud infrastructure. The fact that his machines point to cloud-ips.com addresses for DNS, and that those DNS servers are returning Amazon cloud server addresses for hosts like Google Analytics, indicates to me a DNS hijack has happened. At this point it's back over to Shaw tech support, who hopefully can do something intelligent with a bit more info pointing them at something concrete to work on...
Royce Howland
 

by Tim Zurowski on Sat Jan 03, 2015 11:35 pm
User avatar
Tim Zurowski
Forum Contributor
Posts: 18881
Joined: 4 Apr 2006
Location: Victoria BC, Canada
First thing I have to say is what a GREAT guy Royce is for helping me with this issue! I can't believe how much he knows about this stuff.

Anyway, tonight we resolved the problem. In October my wife and I subscribed to an add-on for Netflix through a company called Blockless. It gave us way more shows on Netflix, but also required that we change the LAN settings in our router. I had kind of forgotten about it and tonight changed those LAN settings back to the default settings. Voila . . . . . speed is back to normal. So needless to say, we immediately cancelled our subscription with Blockless. So be warned, this could happen to you too! It was more than a month of headaches for us, and I am glad I am finally back to the internet speeds I am paying for.
 

by Royce Howland on Sun Jan 04, 2015 1:16 am
User avatar
Royce Howland
Forum Contributor
Posts: 11719
Joined: 12 Jan 2005
Location: Calgary, Alberta
Member #:00460
In the end, it was indeed a DNS hijack, just not one from the outside. Inside jobs are always the hardest to protect against. ;)

There was some stuff being triggered by the config changes of this Blockless service that I definitely didn't like the look of. Tracing a whole bunch of addresses, there was some suspicious behavior, including the redirection of services like Google Analytics to dodgy-looking Amazon Web Services-hosted virtual servers. And some IP addresses appearing in traceroute reports that showed hits on a few internet blacklist services as possible spam sources. So I'm suspicious about what was going on with this redirection service. Certainly at a minimum it wasn't working right.

If you use these kinds of DNS redirection services to access foreign Netflix content or anything similar, be very careful. You're basically voluntarily allowing an operator other than your ISP to hijack DNS on your computer. If the redirection service isn't trustworthy, you're taking a risk IMO...
Royce Howland
 

by E.J. Peiker on Sun Jan 04, 2015 10:11 am
User avatar
E.J. Peiker
Senior Technical Editor
Posts: 86760
Joined: 16 Aug 2003
Location: Arizona
Member #:00002
Oh wow, any service that requires you to change your router settings is likely malicious. Good thing you got it sorted and yes Royce is the guru on this sort of stuff.
 

by Tim Zurowski on Sun Jan 04, 2015 2:22 pm
User avatar
Tim Zurowski
Forum Contributor
Posts: 18881
Joined: 4 Apr 2006
Location: Victoria BC, Canada
Just thought I would follow up on this one. I had a really good long talk today with the Shaw tech who is their expert with all this stuff. He said the mistake we made was making those LAN changes in our router. He says we need to make them in the TV or the Blue Ray player (i.e. the device we are using for accessing Netflix) He says changing them in the router makes it think we are not in Canada, and it is going all over the world and will naturally really slow down our internet usage for the whole household. He said if were in the US, this would not likely be the case as it would just access addresses within the US. It is primarily because we are in Canada that this is a problem. He looked at the Blockless site and said he is sure it is fine and that he actually may even switch over to it because it appears to offer more. He said (for now) it is a legal operation in Canada. So we may sign back up for a Blockless account but make the changes in our TV or player and NOT in the router.
 

by Royce Howland on Mon Jan 05, 2015 12:03 pm
User avatar
Royce Howland
Forum Contributor
Posts: 11719
Joined: 12 Jan 2005
Location: Calgary, Alberta
Member #:00460
That Shaw guy is only half right. I can't say if he didn't understand what he was talking about, or was just trying to put it into layman's terms and messing up. I personally hate it when support people assume I don't have the ability to understand the real situation and so they explain things in ways that are factually wrong while trying to simplify. :)

Making the changes for the Blockless service in the router does indeed make it look like you're coming from the USA. That's the whole point of the service being marketed as a way to gain access to the Netflix USA and other online content from USA catalogs. But your performance problems were not because "it is going all over the world and will naturally really slow down our internet usage for the whole household." And the issue you experienced was not "primarily because we are in Canada."

The problem was because something about using the Blockless service was hijacking DNS lookups for other services like sharethis.com and google-analytics.com, and redirecting them away from Sharethis and Google to broken / bogus / invalid virtual servers running in the Amazon cloud. These services were timing out after long delays, which crippled your use of NSN and probably screwed up other things too (especially the problem with Google Analytics). That is 100% the problem that was affecting you here, not making the change in the router, "being in Canada" or "going all over the world". I should note that sharethis.com and google-analytics.com are the only two we know about because they were smoking guns with the problems loading NSN pages and so they're the ones we looked at. There could be any number of others that were being intercepted in a similar way, or other ways.

Making the changes in the router to use the Blockless service was not a "mistake". It is in fact how Blockless themselves recommend doing it in their "advanced" config guide; they provide many support notes describing how to enable their service on various routers by redirecting DNS away from your normal Shaw DNS service to the Blockless DNS service. If following the recommended setup guide of a vendor's service is a mistake, then even using that service at all is probably the bigger mistake. :)

Now, what the Shaw guy said is true, that you could make the change to use the Blockless service just on a single smart TV or some other media device. What that means is the side effects experienced here by your whole network would only potentially affect that single device instead. If something about the Blockless service is fundamentally compromised, I personally wouldn't touch it or let anything of it onto any network I controlled. The service either works or it doesn't; if it doesn't work, my advice is don't use it.

I suppose there is a chance that Blockless itself is fine, and the DNS hijack was coming from somewhere else on the net, triggered by your configuration of the Blockless DNS servers. In our email chat, I described how it would probably take someone from Shaw to fully diagnose the situation since without access to that back-end network infrastructure it's harder to pin these kinds of things down. But it doesn't sound like you'll get anywhere with that, Shaw probably isn't interested in spending the time on it.
Royce Howland
 

by Tim Zurowski on Mon Jan 05, 2015 12:32 pm
User avatar
Tim Zurowski
Forum Contributor
Posts: 18881
Joined: 4 Apr 2006
Location: Victoria BC, Canada
Royce, those were my words and not his. He spent over 1.5 hours on the phone with me, and there was no way I was going to understand everything he said, nor be able to remember it as if it was recorded. He was the head tech at the Shaw office who trains ALL the other techs. He definitely knows what he is talking about. Since I know very little in this area of things, I am probably not the right person to try and explain what he was telling me. I guess my main point was that changing the router LAN settings will cause the household internet browsing problems, but changing them in the device will not.

The one thing I do not understand though, is why were my two Windows machines reacting so much slower than my wife's iMac? If it is a routing IP Address thing, shouldn't the page load speeds have been the same (i.e. way slower) on both. Hers was a bit slower at about 7-10s per page load, but the same pages were 15-30s on my machines, and we tested it a few times.
 

by Royce Howland on Mon Jan 05, 2015 1:34 pm
User avatar
Royce Howland
Forum Contributor
Posts: 11719
Joined: 12 Jan 2005
Location: Calgary, Alberta
Member #:00460
Tim, I know you were paraphrasing what he likely said, but I suspect he was paraphrasing things as well, and in a way that may lead you to a less appropriate decision about using that service. The Blockless info recommends and supports configuring their service on your router, and claims that doing so is secure and will not affect your normal internet activity. That's certainly not what you observed. If the service is broken or compromised, the better advice is "don't use the service"... not "configure the service on your TV instead of on your router". :)

The reason your two Windows machines were impacted differently than the iMac is because the services affected (DNS lookups and sending queries to net-based services) are functions that are specific to the operating system or even the web browsers in question. Without being able to test it directly, since I don't have Macs, I'm betting that the Windows browsers simply allowed the failed queries to sharethis.com and google-analytics.com to hang for a long time before timing them out and continuing to load the rest of the NSN pages. Whatever browser you used on the iMac probably gave up on the failed queries much more quickly, allowing the NSN pages to load after a shorter delay.

The impact in both cases was coming from DNS lookups for sharethis.com and google-analytics.com being incorrectly hijacked to point to bogus servers running in the Amazon cloud. That hijacking occurred when you configured Blockless on your router, presumably exactly as stated in their config guide. So that's the real problem here. Without further pinning down where that hijacking was coming from, I wouldn't recommend using Blockless for anything... but it's your call of course.
Royce Howland
 

by Royce Howland on Mon Jan 05, 2015 4:06 pm
User avatar
Royce Howland
Forum Contributor
Posts: 11719
Joined: 12 Jan 2005
Location: Calgary, Alberta
Member #:00460
By the way, since the discussion went this particular direction, the NSN editorial team should clarify one other point. You should be aware that if you use these kinds of networking location-altering services to access different online content, you may be violating the terms of service of the content providers. And possibly violating the copyright law of your country; Canadian, US and other copyright acts contain clauses prohibiting use of a technical mechanism to work around content licensing agreements.

http://www.cbc.ca/news/business/netflix ... -1.2889895

From the Netflix TOS, see item 6.c.
https://www.netflix.com/TermsOfUse
6. Netflix Service
   c. You may view a movie or TV show through the Netflix service primarily within the country in which you have established your account and only in geographic locations where we offer our service and have licensed such movie or TV show.
The content that may be available to watch will vary by geographic location. Netflix will use technologies to verify your geographic location. [...]
So quite aside from any network performance or security risks you may be taking, you need to be aware of other implications of using these services. NSN obviously doesn't advocate doing anything to breach terms of service or copyright laws...
Royce Howland
 

by E.J. Peiker on Tue Jan 06, 2015 11:40 am
User avatar
E.J. Peiker
Senior Technical Editor
Posts: 86760
Joined: 16 Aug 2003
Location: Arizona
Member #:00002
Yup, it has happened to me many times that I started watching something on Netflix or HBO Go in the US and wanted to finish watching it during downtime in another country and that content was blocked there.
 

by Greg Downing on Sat Jan 10, 2015 3:24 pm
User avatar
Greg Downing
Publisher
Posts: 19318
Joined: 16 Aug 2003
Location: Maryland
Member #:00001
Wow - just read this thread. Royce saves the day again!
Greg Downing
Publisher, NatureScapes.Net
[url=http://www.gdphotography.com/]Visit my website for images, workshops and newsletters![/url]
 

Display posts from previous:  Sort by:  
18 posts | 
  

Powered by phpBB® Forum Software © phpBB Group