jackaroo

Unroutable IP address in tracert?

2 posts in this topic

Hi, I'm wondering how non-routable IP address can be interspersed in traceroute output.  Is this a case of DNS spoofing?  Is there a legitimate reason why these would be expected to appear?  Take for example lines #18 and #19 below.

C:\Users\jackaroo>tracert 82.57.200.117

Tracing route to smtp301.alice.it [82.57.200.117]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2     *        *        *     Request timed out.
  <snip>
  7    31 ms    31 ms    31 ms  be-10825-cr01.9greatoaks.ca.ibone.comcast.net [68.86.85.198]
  8     *       31 ms     *     be-10925-cr01.sunnyvale.ca.ibone.comcast.net [68.86.87.157]
  9    40 ms    33 ms    31 ms  hu-0-11-0-1-pe02.529bryant.ca.ibone.comcast.net [68.86.86.146]
 10    31 ms    31 ms    31 ms  as6762-pe02.529bryant.ca.ibone.comcast.net [75.149.229.214]
 11   188 ms   194 ms   187 ms  etrunk0.milano1.mil.seabone.net [195.22.209.215]
 12   190 ms   191 ms   191 ms  ibs-resid.milano1.mil.seabone.net [93.186.128.202]
 13     *        *        *     Request timed out.
 14   200 ms   199 ms   199 ms  172.17.8.69
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18   208 ms   207 ms   207 ms  10.54.1.41
 19   206 ms   220 ms   204 ms  10.54.1.102
 20   201 ms   200 ms   202 ms  host205-38-static.77-62-b.business.telecomitalia.it [62.77.38.205]
 21   199 ms   199 ms   201 ms  host198-38-static.77-62-b.business.telecomitalia.it [62.77.38.198]
 22   203 ms   203 ms   204 ms  62.211.79.2
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

 

Share this post


Link to post
Share on other sites

This does not have much to do with actual reporting, but probably should be answered.  No DNS spoofing.  This is nothing more than an ISP who has started using the private address in their routers, but forgot to block it on their borders.  We have been seeing private addresses more since the IPv4 runout occurred a few years ago.  Also, you forgot about line #14 which is also a private address.  For me, I just usually block these private addresses on my border firewall.

I am sure if you were able to dig further you would probably see that line #13, #15, #16, and #17 are also private address, but they actually blocked those.  Now if you start to see the same IP repeated in multiple lines, you would probably know that they are NAT'ting their private addresses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now