How to block/avoid a particular IP when connecting to websites?

I'm having trouble connecting to a particular website. I can view it through a proxy, but not from home. So I ran a traceroute:

Tracing route to fvringette.com [76.74.225.90]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  <snip>
  2     *        *        *     Request timed out.
  3     9 ms     7 ms    27 ms  rd2bb-ge2-0-0-22.vc.shawcable.net [64.59.146.226]
  4     8 ms     7 ms     7 ms  rc2bb-tge0-9-2-0.vc.shawcable.net [66.163.69.41]
  5    10 ms     9 ms     9 ms  rc2wh-tge0-0-1-0.vc.shawcable.net [66.163.69.65]
  6    27 ms    23 ms    22 ms  ge-gi0-2.pix.van.peer1.net [206.223.127.1]
  7    18 ms    18 ms    20 ms  10ge.xe-0-2-0.van-spenc-dis-1.peer1.net [216.187.89.206]
  8     9 ms    11 ms    10 ms  64.69.91.245
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
...

Looks like this "64.69.91.245" is somehow blocking me. Can I tell my computer to avoid/bypass that IP when trying to connect?

mpen

Posted 2010-04-29T19:55:31.510

Reputation: 9 109

1Great question! Seems impossible to me, because you have no control over the route your packets will get, but I'm not sure. – axk – 2010-04-29T20:06:57.093

Answers

For one, I can load the site fine. See the route:

0 04:35:23pm ~ $ mtr -4 --report fvringette.com
HOST: Defcon.local                Loss%   Snt   Last   Avg  Best  Wrst StDev
  1. woodcrest.local               0.0%    10    0.6   0.5   0.4   0.8   0.1
  2. bas1-oakville30_lo0_SYMP.net  0.0%    10   14.0  16.1  13.1  31.2   5.4
  3. core1-hamilton14_10-0-3_150.  0.0%    10   13.3  12.8  11.6  15.7   1.1
  4. newcore1-chicago23_so2-0-0.n  0.0%    10   23.6  31.4  23.6  66.3  16.0
  5. bx5-chicagodt_xe-0-0-3_0.net  0.0%    10   24.7  24.6  23.2  28.5   1.6
  6. ge-3-2-4.chi10.ip4.tinet.net  0.0%    10   26.7  26.9  26.3  28.0   0.5
  7. xe-2-0-0.sea11.ip4.tinet.net  0.0%    10  107.0 106.8 106.0 107.5   0.4
  8. peer1-gw.ip4.tinet.net        0.0%    10   83.9  83.9  83.6  84.6   0.3
  9. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
 10. ???                          100.0    10    0.0   0.0   0.0   0.0   0.0
 11. 64.69.91.245                  0.0%    10   88.6  87.9  87.1  88.6   0.6
 12. van-hc21e-cs1.wappyzappy.net 10.0%    10   88.7  88.0  87.4  88.7   0.5

It would appear that (somehow) the two nodes, 9 & 10 in my route, are either blocking ICMP packets or have some other form of network voodoo implemented. It could be that when you were accessing the site through the proxy, you were accessing some cached version when the website was really down, who knows. The fact that there is 100% packet loss in nodes 9 & 10 is odd, but since I can (obviously) reach the site, it doesn't appear that 64.69.91.245 (Peer1 Internet Bandwidth & Server Co-Location Facilities, 2155-500 West Hastings St., Vancouver) is doing anything to block any traffic (in all likelihood, they are just ignoring ICMP packets).

To more directly answer your question, it's pretty much impossible to define your own route to a site. Since (I would assume) all packets would pass through that address at one point or another to get to the actual host (as it's the external IP of the datacentre the servers are hosted in), there would be no route around it. Once your packet gets outside of your router, it's up to Shaw what route your packet takes; you have no control whatsoever. Hope that helps a bit!

squircle

Posted 2010-04-29T19:55:31.510

Reputation: 6 365

ICMP packets == pings? It's not just that. When I try visiting the site in my browser, it tries loading for a couple minutes and then gives me "The connection was reset". And it only seems to be me that that's having this problem, even after I moved several blocks. But I could view it from my school... and my friends can view it, and they're relatively nearby... must be related to Shaw? – mpen – 2010-05-04T07:11:31.570

He can try a VPN, that could go through a different route. – Keltari – 2016-01-24T23:25:01.240

I think you can do this by forcing a particular IP routing using the route add command at the command prompt, but it will take a better man than I am to explain exactly how. You might do a search on 'add a static IP route' or 'force IP routing' to get some idea. I don't know if you can block a specific node, but I wouldn't be surprised if you can. Forcing a specific route that avoids the node would be the alternative.

raw_noob

Posted 2010-04-29T19:55:31.510

Reputation: 165

The only problem is you have no control over what route your packet takes once it leaves your premises. The massive routers of the Internet will just follow their BGP tables and send the packet on whatever route they feel is best. – squircle – 2010-04-29T20:46:51.123

Are you going to a site that is somehow geographically restricted? There are sites that will only accept traffic from certain regions and if your IP address is not within their allowed list, the packets may be eaten. The reason I'm asking is that you said you can access through a proxy.

Blackbeagle

Posted 2010-04-29T19:55:31.510

Reputation: 6 424

No. In fact, I made the site myself. Years ago. Before I had this problem :\ – mpen – 2010-05-04T07:05:19.187

Well if you actually track the ip geo-location using ipligence.com you can see that its not just automated nodes but it is big brother and other countries that are spying on you using your router as a hub.

Get the geo-location of the ip and you will see that I am correct. Trust me its not just automated nodes and such a good %90 of the time its a government organization stealing your information.

I have done trace routes from my cpu to my same cpu and pulled up 30 ip addresses.

Have fun.

CApt.

Posted 2010-04-29T19:55:31.510

Reputation: 1