Security Basics mailing list archives

Re: Weird trace route output

From: Scott Pack <packs () ohio edu>
Date: Sun, 15 Apr 2007 12:51:34 -0400

Jody Riding [Jody.Riding () sunflowergroup com] wrote:

 
Has anyone seen a Class C private Address when running a trace route
outside of their own network or domain?

Notice the 15th hop address.
Some stuff has been *** for my protection ;-)


-- snip --

 14    37 ms    28 ms    19 ms  chi-dist3-fa13-1.networkgci.net
[216.146.70.11]
 15    22 ms    30 ms    43 ms  192.168.107.133
 16     *     ^C


This behavior is pretty well expected.  It has more to do with the design of
traceroute than anything else.  Basically, traceroute uses specially crafted
packets to trick machines along the route to respond to you, when normally
they wouldn't.  What you're seeing is probably the internal routing structure
of whatever organization the packets are traversing. 

This page seems to have a reasonable writeup on the situation, as well as a
good enough description on how traceroute works.
http://www.exit109.com/~jeremy/news/providers/traceroute.html




S.

-- 


--------------------------------------------------
Scott Pack
Security Analyst
Ohio University
381 HDL Center
packs () ohio edu

Attachment: _bin
Description:

Current thread:

Weird trace route output Jody Riding (Apr 15)
- RE: Weird trace route output David Gillett (Apr 16)
- Re: Weird trace route output Alex Nedelcu (Apr 16)
- Re: Weird trace route output Scott Pack (Apr 16)
- Re: Weird trace route output Pranay Kanwar (Apr 16)
  - Re: Weird trace route output Max Vohra (Apr 17)
    - RE: Weird trace route output David Gillett (Apr 17)
  - Re[2]: Weird trace route output Thierry Zoller (Apr 17)
    - Re: Weird trace route output Pranay Kanwar (Apr 17)
- <Possible follow-ups>
- Re: Weird trace route output notmyemail (Apr 16)