Fuck me dead, what a giant piece of shit. On my Linux work laptop I have the problem that some unknown snakeoil “security” junk is dropping any IPv4 connections to ports 80 and 443. All other ports and IPv6 seem unaffected. I get an immediate “connection refused” when trying to estabslish a connection.

I had this problem four weeks ago on Friday morning the very first time at home. On Thursday evening, everything was perfectly fine. Eventually, I plugged in the LAN cable in the office and everything got automatically fixed. Nobody can explain what’s happening.

Then, last week Friday morning out of the blue, the same issue was back. So, I went to the office yesterday and it got fixed again by plugging in the network cable. This evening, I have exactly the same bloody problem again.

What the hell is going on? Does anyone have any ideas? I’m certainly not an expert, but I don’t see anything suspicious in iptables or nft rules. I also do not see anything showing up in /var/log/kern.log. Even tried to stop firewalld, flush the iptables and nft rules, but that didn’t result in any changes.

@lyse@lyse.isobeef.org Oh gawd. This is the point where computing stops being fun. 😂

• Can you disable the snakeoil junk temporarily? Probably not, eh?
  
• Have you verified with an external device that it really is your laptop that’s dropping the packets? Like, what does tcpdump on your router see?
  

If this works reliably in the office, then it feels like some kind of fail-safe mechanism of the snakeoil stuff. If it can’t see its control server (which might only be reachable from the office?), then it shuts down web traffic? Something like that?

Any idea how the snakeoil works? Maybe it does LD_PRELOAD magic to hijack syscalls like connect()? Does it use kernel modules?

Thank you, @movq@www.uninformativ.de! Luckily, I can disable it. I also tried it, no luck, though. But the problem is, I don’t really know how much snakeoil actually runs on my machine. There is definitely a ClownStrike infestation, I stopped the falcon sensor. But there might be even more, I’ve no idea. From the vague answers I got last time, it feels like even the UHD/IT guys don’t know what is in use. O_o

Yeah, it is definitely something on my laptop that rejects connections to IPv4 ports 80 and 443. All other devices here can access the stuff without issue, only this work machine is unable to. The “Connection refused” happens within a few milliseconds.

Unfortunately, I do not have the slightest idea how it works. But maybe I can look into that tomorrow. Kernel modules are a very good hint, thank you! <3

You’re right, it might be some sort of fail-safe mechanism. But then, why just block IPv4 and not also IPv6? But maybe because the VPN and company servers require IPv4, there is zero IPv6 support. (Yeah, don’t ask, I don’t understand it either.)

@lyse@lyse.isobeef.org

But then, why just block IPv4 and not also IPv6?

I’ll take “what’s the most overlooked thing in corporate networks” for 200. 😅

It just worked fine like nothing had ever happened when I booted my laptop this morning.