jackaroo Posted February 26, 2017 Share Posted February 26, 2017 Hi, I'm wondering how non-routable IP address can be interspersed in traceroute output. Is this a case of DNS spoofing? Is there a legitimate reason why these would be expected to appear? Take for example lines #18 and #19 below. C:\Users\jackaroo>tracert 82.57.200.117 Tracing route to smtp301.alice.it [82.57.200.117] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 192.168.0.1 2 * * * Request timed out. <snip> 7 31 ms 31 ms 31 ms be-10825-cr01.9greatoaks.ca.ibone.comcast.net [68.86.85.198] 8 * 31 ms * be-10925-cr01.sunnyvale.ca.ibone.comcast.net [68.86.87.157] 9 40 ms 33 ms 31 ms hu-0-11-0-1-pe02.529bryant.ca.ibone.comcast.net [68.86.86.146] 10 31 ms 31 ms 31 ms as6762-pe02.529bryant.ca.ibone.comcast.net [75.149.229.214] 11 188 ms 194 ms 187 ms etrunk0.milano1.mil.seabone.net [195.22.209.215] 12 190 ms 191 ms 191 ms ibs-resid.milano1.mil.seabone.net [93.186.128.202] 13 * * * Request timed out. 14 200 ms 199 ms 199 ms 172.17.8.69 15 * * * Request timed out. 16 * * * Request timed out. 17 * * * Request timed out. 18 208 ms 207 ms 207 ms 10.54.1.41 19 206 ms 220 ms 204 ms 10.54.1.102 20 201 ms 200 ms 202 ms host205-38-static.77-62-b.business.telecomitalia.it [62.77.38.205] 21 199 ms 199 ms 201 ms host198-38-static.77-62-b.business.telecomitalia.it [62.77.38.198] 22 203 ms 203 ms 204 ms 62.211.79.2 23 * * * Request timed out. 24 * * * Request timed out. 25 * * * Request timed out. 26 * * * Request timed out. 27 * * * Request timed out. 28 * * * Request timed out. 29 * * * Request timed out. 30 * * * Request timed out. Link to comment Share on other sites More sharing options...
gnarlymarley Posted February 27, 2017 Share Posted February 27, 2017 This does not have much to do with actual reporting, but probably should be answered. No DNS spoofing. This is nothing more than an ISP who has started using the private address in their routers, but forgot to block it on their borders. We have been seeing private addresses more since the IPv4 runout occurred a few years ago. Also, you forgot about line #14 which is also a private address. For me, I just usually block these private addresses on my border firewall. I am sure if you were able to dig further you would probably see that line #13, #15, #16, and #17 are also private address, but they actually blocked those. Now if you start to see the same IP repeated in multiple lines, you would probably know that they are NAT'ting their private addresses. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.