[67105] in North American Network Operators' Group
Re: Strange public traceroutes return private RFC1918 addresses
daemon@ATHENA.MIT.EDU (Matthew Crocker)
Mon Feb 2 18:25:06 2004
In-Reply-To: <992E533DBE35D11188960060083748C802C137CC@cliff.confluence.com>
Cc: "'nanog@merit.edu'" <nanog@merit.edu>
From: Matthew Crocker <matthew@crocker.com>
Date: Mon, 2 Feb 2004 18:25:10 -0500
To: "Brian (nanog-list)" <nanog@confluence.com>
Errors-To: owner-nanog-outgoing@merit.edu
Search the archives, Comcast and other cable/DSL providers use the=20
10/8 for their infrastructure. The Internet itself doesn't need to be=20=
Internet routable. Only the edges need to be routable. It is common=20
practice to use RFC1918 address space inside the network. Companies=20
like Sprint and Verio use 'real' IPs but don't announce them to their=20
peers on customer edge routes.
-Matt
On Feb 2, 2004, at 6:01 PM, Brian (nanog-list) wrote:
> Any ideas how (or why) the following traceroutes are leaking private=20=
> RFC1918 addresses back to me when I do a traceroute?
>
> Maybe try from your side of the internet and see if you get the same=20=
> types of responses.
>
> It's really strange to see 10/8's and 192.168/16 addresses coming from=20=
> the public internet.=A0 Has this phenomenon been documented anywhere?=A0=
=20
> Connectivity to the end-sites is fine, it's just the traceroutes that=20=
> are strange.
>
> (initial few hops sanitized)
>
> [brian@testbox1 /]# traceroute www.ibm.com
> traceroute: Warning: www.ibm.com has multiple addresses; using=20
> 129.42.17.99
> traceroute to www.ibm.com (129.42.17.99), 30 hops max, 38 byte packets
> =A01=A0 (---.---.---.---)=A0 2.481 ms=A0 2.444 ms=A0 2.379 ms
> =A02=A0 (---.---.---.---)=A0 17.964 ms=A0 17.529 ms=A0 17.632 ms
> =A03=A0 so-1-2.core1.Chicago1.Level3.net (209.0.225.1)=A0 17.891 ms=A0 =
17.985=20
> ms=A0 18.026 ms
> =A04=A0 so-11-0.core2.chicago1.level3.net (4.68.112.194)=A0 18.272 ms=A0=
=20
> 18.109 ms=A0 17.795 ms
> =A05=A0 so-4-1-0.bbr2.chicago1.level3.net (4.68.112.197)=A0 17.851 ms=A0=
=20
> 17.859 ms=A0 18.094 ms
> =A06=A0 so-3-0-0.mp1.stlouis1.level3.net (64.159.0.49)=A0 23.095 ms=A0 =
22.975=20
> ms=A0 22.998 ms
> =A07=A0 ge-7-1.hsa2.stlouis1.level3.net (64.159.4.130)=A0 23.106 ms=A0 =
23.237=20
> ms=A0 22.977 ms
> =A08=A0 unknown.level3.net (63.20.48.6)=A0 24.264 ms=A0 24.099 ms=A0 =
24.154 ms
> =A09=A0 10.16.255.10 (10.16.255.10)=A0 24.164 ms=A0 24.108 ms=A0 =
24.105 ms
> 10=A0 * * *
>
>
>
> [brian@testbox1 /]# traceroute www.att.net
> traceroute: Warning: www.att.net has multiple addresses; using=20
> 204.127.166.135
> traceroute to www.att.net (204.127.166.135), 30 hops max, 38 byte=20
> packets
> =A01=A0 (---.---.---.---)=A0 2.404 ms=A0 2.576 ms=A0 2.389 ms
> =A02=A0 (---.---.---.---)=A0 17.953 ms=A0 18.170 ms=A0 17.435 ms
> =A03=A0 500.pos2-1.gw10.chi2.alter.net (63.84.96.9)=A0 18.077 ms *=A0 =
18.628 ms
> =A04=A0 0.so-6-2-0.xl1.chi2.alter.net (152.63.69.170)=A0 18.238 ms=A0 =
18.321=20
> ms=A0 18.213 ms
> =A05=A0 0.so-6-1-0.BR6.CHI2.ALTER.NET (152.63.64.49)=A0 18.269 ms=A0 =
18.396=20
> ms=A0 18.329 ms
> =A06=A0 204.255.169.146 (204.255.169.146)=A0 19.231 ms=A0 19.042 ms=A0 =
18.982 ms
> =A07=A0 tbr2-p012702.cgcil.ip.att.net (12.122.11.209)=A0 20.530 ms=A0 =
20.542=20
> ms=A0 23.033 ms
> =A08=A0 tbr2-cl7.sl9mo.ip.att.net (12.122.10.46)=A0 26.904 ms=A0 =
27.378 ms=A0=20
> 27.320 ms
> =A09=A0 tbr1-cl2.sl9mo.ip.att.net (12.122.9.141)=A0 27.194 ms=A0 =
27.673 ms=A0=20
> 26.677 ms
> 10=A0 gbr1-p10.bgtmo.ip.att.net (12.122.4.69)=A0 26.606 ms=A0 28.026 =
ms=A0=20
> 26.246 ms
> 11=A0 12.122.248.250 (12.122.248.250)=A0 27.296 ms=A0 28.321 ms=A0 =
28.997 ms
> 12=A0 192.168.254.46 (192.168.254.46)=A0 28.522 ms=A0 30.111 ms=A0 =
27.439 ms
> 13=A0 * * *
> 14=A0 * * *
>
> =20=
