RE: Weird trace route output



Has anyone seen a Class C private Address when running a
trace route outside of their own network or domain?

Sure. There's nothing saying ISPs can't use RFC1918 private
addresses for their internal routers, as long as they don't
need to be the destination of a connection beyond the ISP's
perimeter.

Of course, if your antispoofing ingress rules block such
sources ahead of allowing the ICMP types that a trace uses,
you'll just see no response from those hops. But that's on
your end, not theirs.

David Gillett


-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx
[mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Jody Riding
Sent: Friday, April 13, 2007 3:39 PM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Weird trace route output


Has anyone seen a Class C private Address when running a
trace route outside of their own network or domain?

Notice the 15th hop address.
Some stuff has been *** for my protection ;-)

Tracing route to ***.com [216.159.234.11] over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms ***.***.***.***
2 <1 ms <1 ms <1 ms ***.***.***.***
3 1 ms 1 ms 2 ms ***.***.*** [**.***.***.***]
4 4 ms 4 ms 4 ms 500.MFR14.GW4.KCY4.ALTER.NET
[157.130.161.253]
5 5 ms 5 ms 11 ms 181.at-5-0-0.cl1.kcy4.alter.net
[152.63.88.210]
6 20 ms 21 ms 23 ms 0.so-7-0-0.XL1.CHI2.ALTER.NET
[152.63.68.81]
7 16 ms 19 ms 17 ms 0.so-7-0-0.BR6.CHI2.ALTER.NET
[152.63.71.94]
8 22 ms 24 ms 29 ms p4-0.core01.ord03.atlas.cogentco.com
[154.54.13.109]
9 23 ms 50 ms 21 ms v3491.mpd01.ord03.atlas.cogentco.com
[154.54.3.238]
10 39 ms 17 ms 17 ms v3488.mpd01.ord01.atlas.cogentco.com
[154.54.5.25]
11 48 ms 19 ms 17 ms g2-0-0.core01.ord01.atlas.cogentco.com
[154.54.1.205]
12 17 ms 17 ms 37 ms
vl3523.na01.b002332-1.ord01.atlas.cogentco.com [66.250.9.90]
13 28 ms 18 ms 18 ms globalcom-inc.demarc.cogentco.com
[38.99.221.26]
14 37 ms 28 ms 19 ms chi-dist3-fa13-1.networkgci.net
[216.146.70.11]
15 22 ms 30 ms 43 ms 192.168.107.133
16 * ^C