Result Summary
63.239.94.10
Address-based Tests
Your global IP address is 63.239.94.10 while your local one is 10.71.2.195. You are behind a NAT. Your local address is in unroutable address space.
Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
TCP ports are not renumbered by the network.
Your computer reports the following network
interfaces, with the following IP addresses for each one:
- en0: (an ethernet interface)
- fe80::60c:ceff:fedb:8222 [mnot-laptop.local] (a link-local IPv6 address)
- 10.71.2.195 (a private IPv4 address)
- lo0: (a local loopback interface)
- ::1 [localhost] (an IPv6 loopback address)
- fe80::1 (a link-local IPv6 address)
- 127.0.0.1 [localhost] (an IPv4 loopback address)
- utun0:
- 172.19.124.56 (a private IPv4 address)
You are not a Tor exit node for HTTP traffic.
The
SORBS DUHL
believes you are using a statically assigned IP address.
Reachability Tests
Direct TCP access to remote FTP servers (port 21)
is allowed.
Direct TCP access to remote SSH servers (port 22)
is allowed.
Direct TCP access to remote SMTP servers (port 25) is allowed.
Direct TCP connections to remote DNS
servers (port 53) succeed, but do not receive the expected content.
A DNS proxy or firewall generated a new request rather than passing the client's request unmodified.
A DNS proxy or firewall caused the client's direct DNS request to arrive from another IP address. Instead of your IP address, the request came from 74.125.187.209.
Direct TCP access to remote HTTP servers (port 80)
is allowed.
Direct TCP access to remote POP3 servers (port 110)
is allowed.
Direct TCP access to remote RPC servers (port 135)
is allowed.
Direct TCP access to remote NetBIOS servers (port 139)
is allowed.
Direct TCP access to remote IMAP servers (port 143)
is allowed.
Direct TCP access to remote SNMP servers (port 161)
is allowed.
Direct TCP access to remote HTTPS servers (port 443)
is allowed.
Direct TCP access to remote SMB servers (port 445)
is allowed.
Direct TCP access to remote SMTP/SSL servers (port 465)
is allowed.
Direct TCP access to remote secure IMAP servers (port 585)
is allowed.
Direct TCP access to remote authenticated SMTP servers (port 587)
is allowed.
Direct TCP access to remote IMAP/SSL servers (port 993)
is allowed.
Direct TCP access to remote POP/SSL servers (port 995)
is allowed.
Direct TCP access to remote OpenVPN servers (port 1194)
is allowed.
Direct TCP access to remote PPTP Control servers (port 1723)
is allowed.
Direct TCP access to remote SIP servers (port 5060)
is allowed.
Direct TCP access to remote BitTorrent servers (port 6881)
is allowed.
Direct TCP access to remote TOR servers (port 9001)
is allowed.
We are unable to deliver non-DNS UDP datagrams to our servers. Possible reasons include a restrictive Java security policy, a blocking rule imposed by your firewall or personal firewall configuration, or filtering performed by your ISP. Although it means we cannot conduct the latency and bandwidth tests, it does not necessarily indicate a problem with your network.
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
Netalyzr detected the following proxies:
- Port: 80 (HTTP), Response Time: 29 ms
Network Access Link Properties
The client was not permitted to run this test in its entirety. We
encourage you to re-run Netalyzr, allowing it to conduct its tests
if prompted. However, some system configurations will always block
this test. See the corresponding FAQ for help.
The time it takes your computer to set up a TCP
connection with our server is 110 ms, which is good.
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
HTTP Tests
We detected no explicit sign of HTTP proxy via IP address changes.
Changes to headers or contents sent between the client and our HTTP server show the presence of an otherwise unadvertised HTTP proxy.
The following headers had their capitalization modified by the proxy:
- Content-Type: text/html
- Content-Length: 698
- Last-Modified: Tue
- 18 Jun 2013 06:19:19 GMT
- Set-Cookie: netAlizEd=BaR; path=/; domain=netalyzr.icsi.berkeley.edu
- Connection: keep-alive
The following headers were added by the proxy to HTTP responses:
- Via: [1.1 localhost:3128 (squid/2.7.STABLE3)]
- X-Cache-Lookup: [MISS from localhost:3128]
- X-Cache: [MISS from localhost]
- Proxy-Connection: keep-alive
The detected proxy reordered the headers sent from the server.
The detected HTTP proxy changed either the headers the client sent or the HTTP response from the server. We have captured the changes for further analysis.
The detected HTTP proxy may cause your traffic to be vulnerable to CERT Vulnerability Note 435052. An attacker might be able to use this vulnerability to attack your web browser.
Deliberately malformed HTTP requests do not arrive at our server.
This suggests that an otherwise undetected proxy exists along the
network path. This proxy was either unable to parse or refused to
forward the deliberately bad request.
We did not detect file-content filtering.
The test failed to execute completely, or the required results did
not get uploaded to our server completely.
JavaScript is not enabled for the Netalyzr site.
DNS Tests
We can successfully look up a name which
resolves to the same IP address as our webserver. This means we are
able to conduct many of the tests on your DNS server.
We can successfully look up arbitrary names from the client.
This means we are able to conduct all test on your DNS
server.
The IP address of your ISP's DNS Resolver is 72.247.151.10, which resolves to a72-247-151-10.deploy.akamaitechnologies.com.
Your ISP's DNS resolver requires 100 ms to conduct an external lookup. It takes 19 ms for your ISP's DNS resolver to lookup a name on
our server.
Your resolver correctly uses TCP requests when necessary.
Your resolver is using QTYPE=A for default queries.
Your host or resolver also performs IPv6 queries in addition to IPv4 queries.
Your DNS resolver requests DNSSEC records.
Your DNS resolver advertises the ability to accept DNS packets of up to 4096 bytes.
Your DNS resolver can successfully receive a
smaller (~1400 byte) DNS response.
Your DNS resolver can successfully receive a
large (>1500 byte) DNS response.
Your DNS resolver can successfully accept large responses.
Your resolver does not use 0x20 randomization, but will pass names in a case-sensitive manner.
Your ISP's DNS server cannot use IPv6.
No transport problems were discovered which could affect
the deployment of DNSSEC.
Your ISP's DNS resolver does not accept generic additional (glue) records — good.
Your ISP's DNS resolver does not accept additional (glue) records
which correspond to nameservers.
Your ISP's DNS resolver does not follow CNAMEs.
Your ISP's DNS resolver does not randomize its local port number. This means your ISP's DNS resolver is probably vulnerable to DNS cache poisoning, which enables an attacker to intercept and modify effectively all communications of anyone using your ISP.
We suggest that, if possible, you immediately contact your network provider, as this represents a serious vulnerability.
The following graph shows DNS requests on the x-axis and the detected source ports on the y-axis.
90 of 90 popular names were resolved successfully.
In the following table reverse lookups that failed but for which a
Start Of Authority (SOA) entry indicated correct name associations are
shown using an "X", followed by the SOA entry. Absence of both IP
address and reverse name indicates failed forward lookups.
22 popular names have a mild anomaly. The ownership suggested by the
reverse name lookup does not match our understanding of the original
name. The most likely cause is the site's use of a Content Delivery
Network.
2 popular names have a mild anomaly: we are unable to find a reverse
name associated with the IP address provided by your ISP's DNS server.
This is most likely due to a slow responding DNS server or
misconfiguration on the part of the domain owner.
| Name | IP Address | Reverse Name/SOA |
|---|---|---|
| www.bankofthewest.com | 204.44.12.103 | X |
| www.sterlingsavingsbank.com | 12.69.145.232 | X |
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
Your ISP correctly leaves non-resolving names untouched.
Your ISP does not appear to be using DNS to redirect
traffic for specific websites.
The test failed to execute completely, or the required results did
not get uploaded to our server completely.
IPv6 Tests
Your system can successfully look up IPv6 addresses. Your DNS resolver is on
Google's IPv6
"whitelist", which means that Google enables IPv6 access to their
services for you.
JavaScript is not enabled for the Netalyzr site.
Your host was not able to contact a separate
server using IPv6, but was able to contact the same server using
IPv4.
Network Security Protocols
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
Host Properties
The test was not executed. Required functionality was unavailable
or not permitted, or this session dates from a time before Netalyzr
supported this test.
Your web browser sends the following parameters to all web sites
you visit:
- User Agent: Java/1.6.0_45
- Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
- Accept Language: en-us,en;q=0.5
- Accept Encoding: gzip,deflate
- Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
The client uploaded the following additional content: