part 2 and oh, I forgot...

["Richard Golodner" <rgolodner () infratection com>]

                Earlier today I asked about some routing strangeness, or
what looked weird to me, like why does my traffic pass through DoD IP space
on its way to an IP address that has been scanning my outside int. Anyway,
you will see in that traceroute the second to the last hop was 6.6.6.6, DoD
experimental space. ARIN's exact words evade me at the moment, but when you
attempt a traceroute to that same 6.6.6.6, you get:

 

Tracing route to 6.6.6.6 over a maximum of 30 hops

 

  1     1 ms     1 ms     1 ms  10.10.10.1

  2     7 ms     9 ms     7 ms  10.20.0.1

  3     8 ms    13 ms    10 ms  mart-h1.chi-mart.il.cable.rcn.net
[207.229.191.130]

  4    15 ms    12 ms    13 ms  tge3-1.border2.eqnx.il.rcn.net
[207.172.19.159]

  5    10 ms     7 ms     7 ms  te-8-3.car3.Chicago1.Level3.net
[4.71.101.73]

  6     8 ms     7 ms     7 ms  ae-1-55.edge3.Chicago3.Level3.net
[4.68.101.148]

  7    10 ms    11 ms    22 ms  4.68.110.186

  8    10 ms    19 ms     8 ms  0.so-5-1-0.XL3.CHI13.ALTER.NET
[152.63.65.34]

  9    56 ms    17 ms    11 ms  0.so-7-1-0.XT1.CHI2.ALTER.NET
[152.63.64.110]

 10    10 ms    11 ms    11 ms  POS6-0.GW6.CHI2.ALTER.NET [152.63.67.217]

 11     *        *        *     Request timed out.

 12     *        *        *     Request timed out.

 13     *        *        *     Request timed out.

 14     *        *        *     Request timed out.

 

                If anyone has even a good story that seems plausible, please
shine it on. The irritant is located at IP address 119.161.130.75.

Richard

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.