Re: Strange trace to netsol...

[John Fraizer <nanog () Overkill EnterZone Net>]

Well, if you try to go directly to the IP address, it takes a long trip on
the UUnet network to the "REAL" 63.36.1.69.

 6 180.at-6-0-0.XR1.CMH2.ALTER.NET (152.63.66.154) [701] 3.670 ms 3.747 ms 5.977 ms
 7 189.at-1-1-0.TR1.CHI4.ALTER.NET (152.63.66.218) [701] 14.291 ms 14.748 ms 14.497 ms
 8 106.at-6-1-0.TR1.LAX9.ALTER.NET (146.188.141.242) [701] 68.313 ms 68.335 ms 68.843 ms
 9 0.so-0-0-0.XR1.LAX9.ALTER.NET (152.63.15.117) [701] 75.470 ms 79.128 ms 67.845 ms
10 191.at-3-1-0.HR2.LAX9.ALTER.NET (152.63.114.129) [701] 68.275 ms 68.263 ms 68.353 ms
11 112.ATM3-0.DR4.LAX3.ALTER.NET (152.63.113.141) [701] 70.499 ms 71.405 ms 70.741 ms
12 tnt36.lax3.da.uu.net (206.115.220.185) [701] 73.373 ms !H 73.859 ms

I'm nearly certain that it's a config typo inside Winstar where they
hijacked (accidently?) some address space for use on p-t-p links between
routers.  The reply I'm seeing is simply sourced from 66.36.1.69 so, that
is what shows up in the traceroute.  This is something that could happen a
lot if people don't take care when configuring devices.  It will be hard
to track inside the misconfigured network because, almost certainly, the
address will be in the IGP so, traceroutes to that address from inside
Winstars net (and for people who default to winstar) will go to that
address.

This just showed up within the past few days.  I've not seen that address
in there in traces previoiusly.


---
John Fraizer
EnterZone, Inc



On Thu, 9 Aug 2001, Peter Helmenstine wrote:

> You provide two very good points that I didn't bother looking at. Very
> interesting.
>
> I wonder what you would get for ping times if you pinged directly to the
> tnt box. I don't usually trust the times that traceroute gives you.
>
>       -Pete
>
> On Thu, 9 Aug 2001, John Fraizer wrote:
>
> > I'm not buying that there's a 20ms rtt from Columbus, OH to LA.  Beyond
> > that, the reverse would indicate that it is a dialup address on a
> > TNT.  Beyond that, if you will notice, it goes winstar->UU->winstar.
> >
> > If I had to guess myself, I would say that someone at Winstar hosed the
> > addresses when configuring a p-t-p link from Columbus, OH to NJ or NY.
> >
> >
> > ---
> > John Fraizer
> > EnterZone, Inc
> >
> >
> >
> > On Thu, 9 Aug 2001, Peter Helmenstine wrote:
> >
> > > Seems that if reverse lookups on 63.36.1.69 are resolving to uunet then it
> > > wouldn't be a winstar DNS issue. I think it actually goes through that
> > > router. I wonder if there is a preferred (static) route through set to
> > > point to UUnet on 1.ATM6-0.CMH-0.WINSTAR.NET and UUnet points right back
> > > at them.
> > >
> > >   -Pete
> > > ---
> > > Backbone Engineering                                      V:206-504-5363
> > > Internap Network Services                         C:206-849-7263
> > > 601 Union Street, Suite 1000                              P:888-463-4188
> > > Seattle WA 98101-4064               Text Message:pete-pager () internap com
> > > *The contents of this e-mail message are confidential and proprietary*
> > >
> > > On Thu, 9 Aug 2001, John Fraizer wrote:
> > >
> > > > Did someone at WINSTAR typo an address on a ptp link?
> > > >
> > > >
> > > >   1 1.ATM6-0.CMH-0.WINSTAR.NET (209.140.29.9) [AS 5696] 4 msec 0 msec 4 msec
> > > >   2 4Cust5.tnt36.lax3.da.uu.net (63.36.1.69) [AS 701] 20 msec 20 msec 16 msec
> > > >   3 pos2-0.wdc1-bb1.winstar.net (216.172.247.117) [AS 5696] 20 msec 24 msec 24 msec
> > > >   4 7.atm8-0.vienna-0.winstar.net (65.36.0.130) [AS 5696] 24 msec 24 msec 24 msec
> > > >   5 internic-goodnet.internic.net (209.54.51.90) [AS 5696] 24 msec 28 msec 28 msec
> > > >   6 www.netsol.com (216.168.224.111) [AS 6245] 28 msec 28 msec 28 msec
> > > >
> > > >
> > > >
> > > > ---
> > > > John Fraizer
> > > > EnterZone, Inc