Security Basics mailing list archives

RE: Weird trace route output

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 16 Apr 2007 11:34:16 -0700

Has anyone seen a Class C private Address when running a 
trace route outside of their own network or domain?


  Sure.  There's nothing saying ISPs can't use RFC1918 private
addresses for their internal routers, as long as they don't
need to be the destination of a connection beyond the ISP's
perimeter.

  Of course, if your antispoofing ingress rules block such
sources ahead of allowing the ICMP types that a trace uses,
you'll just see no response from those hops.  But that's on
your end, not theirs.

David Gillett

-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of Jody Riding
Sent: Friday, April 13, 2007 3:39 PM
To: security-basics () securityfocus com
Subject: Weird trace route output

 
Has anyone seen a Class C private Address when running a 
trace route outside of their own network or domain?

Notice the 15th hop address.
Some stuff has been *** for my protection ;-)

Tracing route to ***.com [216.159.234.11] over a maximum of 30 hops:
 
  1    <1 ms    <1 ms    <1 ms  ***.***.***.***
  2    <1 ms    <1 ms    <1 ms  ***.***.***.***
  3     1 ms     1 ms     2 ms  ***.***.*** [**.***.***.***]
  4     4 ms     4 ms     4 ms  500.MFR14.GW4.KCY4.ALTER.NET
[157.130.161.253]
  5     5 ms     5 ms    11 ms  181.at-5-0-0.cl1.kcy4.alter.net
[152.63.88.210]
  6    20 ms    21 ms    23 ms  0.so-7-0-0.XL1.CHI2.ALTER.NET
[152.63.68.81]
  7    16 ms    19 ms    17 ms  0.so-7-0-0.BR6.CHI2.ALTER.NET
[152.63.71.94]
  8    22 ms    24 ms    29 ms  p4-0.core01.ord03.atlas.cogentco.com
[154.54.13.109]
  9    23 ms    50 ms    21 ms  v3491.mpd01.ord03.atlas.cogentco.com
[154.54.3.238]
 10    39 ms    17 ms    17 ms  v3488.mpd01.ord01.atlas.cogentco.com
[154.54.5.25]
 11    48 ms    19 ms    17 ms  g2-0-0.core01.ord01.atlas.cogentco.com
[154.54.1.205]
 12    17 ms    17 ms    37 ms
vl3523.na01.b002332-1.ord01.atlas.cogentco.com [66.250.9.90]
 13    28 ms    18 ms    18 ms  globalcom-inc.demarc.cogentco.com
[38.99.221.26]
 14    37 ms    28 ms    19 ms  chi-dist3-fa13-1.networkgci.net
[216.146.70.11]
 15    22 ms    30 ms    43 ms  192.168.107.133
 16     *     ^C

Current thread:

Weird trace route output Jody Riding (Apr 15)
- RE: Weird trace route output David Gillett (Apr 16)
- Re: Weird trace route output Alex Nedelcu (Apr 16)
- Re: Weird trace route output Scott Pack (Apr 16)
- Re: Weird trace route output Pranay Kanwar (Apr 16)
  - Re: Weird trace route output Max Vohra (Apr 17)
    - RE: Weird trace route output David Gillett (Apr 17)
  - Re[2]: Weird trace route output Thierry Zoller (Apr 17)
    - Re: Weird trace route output Pranay Kanwar (Apr 17)
- <Possible follow-ups>
- Re: Weird trace route output notmyemail (Apr 16)