I Bet They Wish They'd Called It Facebooc

  • Article

Some days it would be nice if things just did what you expected. Like music coming out of your MP3 player when you press the play button, or nice brown toast coming out of the toaster after the prerequisite two minutes. Or Windows Media Center quite happily recognizing that, yes, it does have a TV tuner card and a video card installed, instead of just hiding in the corner pretending it wasn't its fault that Coronation Street didn't get recorded.

Last week it was Virgin Media (my cable Internet provider) who decided to do something different by refusing to connect to any website with the word "microsoft" in the URL. When I spoke to the nice man in customer services he said they had a "routing issue in my area", but that it was no problem because almost everything else worked fine. All I had to do was avoid going to Microsoft sites. Though, after some animated discussion, he did reluctantly agree that it might be a problem for me unless I go and work for somebody else for a day or so. Or take a holiday. Thankfully I could use my alternative (ADSL) connection, which quite happily connected to Microsoft, while Virgin fixed their interesting issue.

But while I was playing with the cable modem and router to confirm the routing issue wasn't my fault, I noticed that it has options to block certain types of content. With the recent security scares over Java, I thought it would be useful to block this because I don't use it and - other than my UPS configuration web pages - I haven't found a website that requires it. In fact, other than one machine, Java is not installed anywhere on my network. So blocking it obviously won't cause any problems.

Hah! I bet it wasn't even an hour before outright panic erupted in our house because Facebook had suddenly stopped working. But why? It can't use Java because that's not installed on my wife's computer. So I look in the ISA proxy logs. Facebook doesn't make any requests for .jar or .java files, though it does download a couple of JavaScript (.js) files. But the log reveals that these aren't blocked by the router content filter, and every other site I test that uses JavaScript works fine.

So I turn off the Java filter and try again. Now Facebook downloads the same two JavaScript files as before, but then downloads about a dozen more. It looks like the original ones are just loaders for the scripts that do all the work. But, again, why are these requests blocked? They're all for .js files and Java isn't installed on the computer so it can't be requesting anything. Very strange.

Oh well, I'll just create a rule to allow Facebook to bypass the Java filter. All I need is Facebook's IP address. So here's what you get when you do an nslookup for facebook.com:

Name: facebook.com
Addresses: 2a03:2880:10:8f01:face:b00c:0:25
2a03:2880:10:cf01:face:b00c::
2a03:2880:2110:3f01:face:b00c::
2a03:2880:2110:9f01:face:b00c::
69.171.247.21
66.220.149.88
66.220.152.16
66.220.158.70
69.171.234.21
69.171.237.16

As my router doesn't seem to have any facility to specify IPv6 addresses, and it only allows one IP address per rule, maybe this isn't an option either. But notice the last two groups of hex characters in some of the addresses above. I bet Mark and his pals now wish they'd called it "Facebooc" instead...