Jump to content

Unroutable IP address in tracert?


jackaroo
 Share

Recommended Posts

Hi, I'm wondering how non-routable IP address can be interspersed in traceroute output.  Is this a case of DNS spoofing?  Is there a legitimate reason why these would be expected to appear?  Take for example lines #18 and #19 below.

C:\Users\jackaroo>tracert 82.57.200.117

Tracing route to smtp301.alice.it [82.57.200.117]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.0.1
  2     *        *        *     Request timed out.
  <snip>
  7    31 ms    31 ms    31 ms  be-10825-cr01.9greatoaks.ca.ibone.comcast.net [68.86.85.198]
  8     *       31 ms     *     be-10925-cr01.sunnyvale.ca.ibone.comcast.net [68.86.87.157]
  9    40 ms    33 ms    31 ms  hu-0-11-0-1-pe02.529bryant.ca.ibone.comcast.net [68.86.86.146]
 10    31 ms    31 ms    31 ms  as6762-pe02.529bryant.ca.ibone.comcast.net [75.149.229.214]
 11   188 ms   194 ms   187 ms  etrunk0.milano1.mil.seabone.net [195.22.209.215]
 12   190 ms   191 ms   191 ms  ibs-resid.milano1.mil.seabone.net [93.186.128.202]
 13     *        *        *     Request timed out.
 14   200 ms   199 ms   199 ms  172.17.8.69
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18   208 ms   207 ms   207 ms  10.54.1.41
 19   206 ms   220 ms   204 ms  10.54.1.102
 20   201 ms   200 ms   202 ms  host205-38-static.77-62-b.business.telecomitalia.it [62.77.38.205]
 21   199 ms   199 ms   201 ms  host198-38-static.77-62-b.business.telecomitalia.it [62.77.38.198]
 22   203 ms   203 ms   204 ms  62.211.79.2
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
 25     *        *        *     Request timed out.
 26     *        *        *     Request timed out.
 27     *        *        *     Request timed out.
 28     *        *        *     Request timed out.
 29     *        *        *     Request timed out.
 30     *        *        *     Request timed out.

 

Link to comment
Share on other sites

This does not have much to do with actual reporting, but probably should be answered.  No DNS spoofing.  This is nothing more than an ISP who has started using the private address in their routers, but forgot to block it on their borders.  We have been seeing private addresses more since the IPv4 runout occurred a few years ago.  Also, you forgot about line #14 which is also a private address.  For me, I just usually block these private addresses on my border firewall.

I am sure if you were able to dig further you would probably see that line #13, #15, #16, and #17 are also private address, but they actually blocked those.  Now if you start to see the same IP repeated in multiple lines, you would probably know that they are NAT'ting their private addresses.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...