[67103] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post
Strange public traceroutes return private RFC1918 addresses

daemon@ATHENA.MIT.EDU (Brian (nanog-list))
Mon Feb 2 18:06:43 2004

From: "Brian (nanog-list)" <nanog@confluence.com>
To: "'nanog@merit.edu'" <nanog@merit.edu>
Date: Mon, 2 Feb 2004 18:01:56 -0500 
Errors-To: owner-nanog-outgoing@merit.edu


This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C3E9E0.8DF67030
Content-Type: text/plain;
	charset="iso-8859-1"

Any ideas how (or why) the following traceroutes are leaking private RFC1918
addresses back to me when I do a traceroute?

Maybe try from your side of the internet and see if you get the same types
of responses.

It's really strange to see 10/8's and 192.168/16 addresses coming from the
public internet.  Has this phenomenon been documented anywhere?
Connectivity to the end-sites is fine, it's just the traceroutes that are
strange.

(initial few hops sanitized)

[brian@testbox1 /]# traceroute www.ibm.com
traceroute: Warning: www.ibm.com has multiple addresses; using 129.42.17.99
traceroute to www.ibm.com (129.42.17.99), 30 hops max, 38 byte packets
 1  (---.---.---.---)  2.481 ms  2.444 ms  2.379 ms
 2  (---.---.---.---)  17.964 ms  17.529 ms  17.632 ms
 3  so-1-2.core1.Chicago1.Level3.net (209.0.225.1)  17.891 ms  17.985 ms
18.026 ms
 4  so-11-0.core2.chicago1.level3.net (4.68.112.194)  18.272 ms  18.109 ms
17.795 ms
 5  so-4-1-0.bbr2.chicago1.level3.net (4.68.112.197)  17.851 ms  17.859 ms
18.094 ms
 6  so-3-0-0.mp1.stlouis1.level3.net (64.159.0.49)  23.095 ms  22.975 ms
22.998 ms
 7  ge-7-1.hsa2.stlouis1.level3.net (64.159.4.130)  23.106 ms  23.237 ms
22.977 ms
 8  unknown.level3.net (63.20.48.6)  24.264 ms  24.099 ms  24.154 ms
 9  10.16.255.10 (10.16.255.10)  24.164 ms  24.108 ms  24.105 ms
10  * * *


[brian@testbox1 /]# traceroute www.att.net
traceroute: Warning: www.att.net has multiple addresses; using
204.127.166.135
traceroute to www.att.net (204.127.166.135), 30 hops max, 38 byte packets
 1  (---.---.---.---)  2.404 ms  2.576 ms  2.389 ms
 2  (---.---.---.---)  17.953 ms  18.170 ms  17.435 ms
 3  500.pos2-1.gw10.chi2.alter.net (63.84.96.9)  18.077 ms *  18.628 ms
 4  0.so-6-2-0.xl1.chi2.alter.net (152.63.69.170)  18.238 ms  18.321 ms
18.213 ms
 5  0.so-6-1-0.BR6.CHI2.ALTER.NET (152.63.64.49)  18.269 ms  18.396 ms
18.329 ms
 6  204.255.169.146 (204.255.169.146)  19.231 ms  19.042 ms  18.982 ms
 7  tbr2-p012702.cgcil.ip.att.net (12.122.11.209)  20.530 ms  20.542 ms
23.033 ms
 8  tbr2-cl7.sl9mo.ip.att.net (12.122.10.46)  26.904 ms  27.378 ms  27.320
ms
 9  tbr1-cl2.sl9mo.ip.att.net (12.122.9.141)  27.194 ms  27.673 ms  26.677
ms
10  gbr1-p10.bgtmo.ip.att.net (12.122.4.69)  26.606 ms  28.026 ms  26.246 ms
11  12.122.248.250 (12.122.248.250)  27.296 ms  28.321 ms  28.997 ms
12  192.168.254.46 (192.168.254.46)  28.522 ms  30.111 ms  27.439 ms
13  * * *
14  * * *



------_=_NextPart_001_01C3E9E0.8DF67030
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2653.12">
<TITLE>Strange public traceroutes return private RFC1918 =
addresses</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=3D2>Any ideas how (or why) the following traceroutes are =
leaking private RFC1918 addresses back to me when I do a =
traceroute?</FONT></P>

<P><FONT SIZE=3D2>Maybe try from your side of the internet and see if =
you get the same types of responses.</FONT>
</P>

<P><FONT SIZE=3D2>It's really strange to see 10/8's and 192.168/16 =
addresses coming from the public internet.&nbsp; Has this phenomenon =
been documented anywhere?&nbsp; Connectivity to the end-sites is fine, =
it's just the traceroutes that are strange.</FONT></P>

<P><FONT SIZE=3D2>(initial few hops sanitized)</FONT>
</P>

<P><FONT SIZE=3D2>[brian@testbox1 /]# traceroute www.ibm.com</FONT>
<BR><FONT SIZE=3D2>traceroute: Warning: www.ibm.com has multiple =
addresses; using 129.42.17.99</FONT>
<BR><FONT SIZE=3D2>traceroute to www.ibm.com (129.42.17.99), 30 hops =
max, 38 byte packets</FONT>
<BR><FONT SIZE=3D2>&nbsp;1&nbsp; (---.---.---.---)&nbsp; 2.481 ms&nbsp; =
2.444 ms&nbsp; 2.379 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;2&nbsp; (---.---.---.---)&nbsp; 17.964 =
ms&nbsp; 17.529 ms&nbsp; 17.632 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;3&nbsp; so-1-2.core1.Chicago1.Level3.net =
(209.0.225.1)&nbsp; 17.891 ms&nbsp; 17.985 ms&nbsp; 18.026 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;4&nbsp; so-11-0.core2.chicago1.level3.net =
(4.68.112.194)&nbsp; 18.272 ms&nbsp; 18.109 ms&nbsp; 17.795 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;5&nbsp; so-4-1-0.bbr2.chicago1.level3.net =
(4.68.112.197)&nbsp; 17.851 ms&nbsp; 17.859 ms&nbsp; 18.094 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;6&nbsp; so-3-0-0.mp1.stlouis1.level3.net =
(64.159.0.49)&nbsp; 23.095 ms&nbsp; 22.975 ms&nbsp; 22.998 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;7&nbsp; ge-7-1.hsa2.stlouis1.level3.net =
(64.159.4.130)&nbsp; 23.106 ms&nbsp; 23.237 ms&nbsp; 22.977 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;8&nbsp; unknown.level3.net (63.20.48.6)&nbsp; =
24.264 ms&nbsp; 24.099 ms&nbsp; 24.154 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;9&nbsp; 10.16.255.10 (10.16.255.10)&nbsp; =
24.164 ms&nbsp; 24.108 ms&nbsp; 24.105 ms</FONT>
<BR><FONT SIZE=3D2>10&nbsp; * * *</FONT>
</P>
<BR>

<P><FONT SIZE=3D2>[brian@testbox1 /]# traceroute www.att.net</FONT>
<BR><FONT SIZE=3D2>traceroute: Warning: www.att.net has multiple =
addresses; using 204.127.166.135</FONT>
<BR><FONT SIZE=3D2>traceroute to www.att.net (204.127.166.135), 30 hops =
max, 38 byte packets</FONT>
<BR><FONT SIZE=3D2>&nbsp;1&nbsp; (---.---.---.---)&nbsp; 2.404 ms&nbsp; =
2.576 ms&nbsp; 2.389 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;2&nbsp; (---.---.---.---)&nbsp; 17.953 =
ms&nbsp; 18.170 ms&nbsp; 17.435 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;3&nbsp; 500.pos2-1.gw10.chi2.alter.net =
(63.84.96.9)&nbsp; 18.077 ms *&nbsp; 18.628 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;4&nbsp; 0.so-6-2-0.xl1.chi2.alter.net =
(152.63.69.170)&nbsp; 18.238 ms&nbsp; 18.321 ms&nbsp; 18.213 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;5&nbsp; 0.so-6-1-0.BR6.CHI2.ALTER.NET =
(152.63.64.49)&nbsp; 18.269 ms&nbsp; 18.396 ms&nbsp; 18.329 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;6&nbsp; 204.255.169.146 =
(204.255.169.146)&nbsp; 19.231 ms&nbsp; 19.042 ms&nbsp; 18.982 =
ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;7&nbsp; tbr2-p012702.cgcil.ip.att.net =
(12.122.11.209)&nbsp; 20.530 ms&nbsp; 20.542 ms&nbsp; 23.033 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;8&nbsp; tbr2-cl7.sl9mo.ip.att.net =
(12.122.10.46)&nbsp; 26.904 ms&nbsp; 27.378 ms&nbsp; 27.320 ms</FONT>
<BR><FONT SIZE=3D2>&nbsp;9&nbsp; tbr1-cl2.sl9mo.ip.att.net =
(12.122.9.141)&nbsp; 27.194 ms&nbsp; 27.673 ms&nbsp; 26.677 ms</FONT>
<BR><FONT SIZE=3D2>10&nbsp; gbr1-p10.bgtmo.ip.att.net =
(12.122.4.69)&nbsp; 26.606 ms&nbsp; 28.026 ms&nbsp; 26.246 ms</FONT>
<BR><FONT SIZE=3D2>11&nbsp; 12.122.248.250 (12.122.248.250)&nbsp; =
27.296 ms&nbsp; 28.321 ms&nbsp; 28.997 ms</FONT>
<BR><FONT SIZE=3D2>12&nbsp; 192.168.254.46 (192.168.254.46)&nbsp; =
28.522 ms&nbsp; 30.111 ms&nbsp; 27.439 ms</FONT>
<BR><FONT SIZE=3D2>13&nbsp; * * *</FONT>
<BR><FONT SIZE=3D2>14&nbsp; * * *</FONT>
</P>
<BR>

</BODY>
</HTML>
------_=_NextPart_001_01C3E9E0.8DF67030--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post
[67103] in North American Network Operators' Group

Strange public traceroutes return private RFC1918 addresses

daemon@ATHENA.MIT.EDU (Brian (nanog-list))Mon Feb 2 18:06:43 2004

daemon@ATHENA.MIT.EDU (Brian (nanog-list))
Mon Feb 2 18:06:43 2004
