[Dshield] Odd traceroute, I think I know what's going on, but not sure.

Wed Oct 8 15:47:16 GMT 2008

I was checking out a snort log entry, and thought this was odd.

traceroute to 210.86.238.70 (210.86.238.70), 30 hops max, 40 byte packets

 1  10.49.64.1 (10.49.64.1)  11.158 ms  11.016 ms  11.023 ms

...various hops, then this:

13  localhost (123.30.74.2)  647.139 ms 652.404 ms  657.893 ms

14  gridportal.ioit-hcm.ac.vn (210.86.238.70) 642.764 ms  660.164 ms  490.590 ms

When I do the same traceroute from a different network on a windows box, it shows my local computer name in place of localhost.

What I think this means is that some doofus in Vietnam (addresses owned by Vietnamese ISP) named a router localhost?  I could see windoze translating that into the local computer name/domain.

Just the first time I've noticed this, anything to worry about?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20081008/9e46c5f5/attachment.htm 

[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

[Dshield] Odd traceroute, I think I know what's going on, but not sure.