[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

[Brenden Walker]

> -----Original Message-----
> From: list-bounces at lists.sans.org [mailto:list-bounces at lists.sans.org]
> On Behalf Of John Hardin
> Sent: Wednesday, October 08, 2008 1:31 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Odd traceroute, I *think* I know what's going
> on, but not sure.
>
> On Wed, 8 Oct 2008, Brenden Walker wrote:
>
> > ...various hops, then this:
> >
> > 13  localhost (123.30.74.2)  647.139 ms 652.404 ms  657.893 ms
> > 14  gridportal.ioit-hcm.ac.vn (210.86.238.70) 642.764 ms  660.164 ms
> 490.590 ms
> >
> > What I think this means is that some doofus in Vietnam (addresses
> owned
> > by Vietnamese ISP) named a router localhost?
>
> More than one. See below...
>
> > I could see windoze translating that into the local computer
> name/domain.
>
> Native windows tracert doesn't:
>
> C:\Documents and Settings\JHardin>tracert 123.30.74.2
>
> Tracing route to localhost [123.30.74.2] over a maximum of 30 hops:
>
>    ...
>    8    34 ms    34 ms    34 ms  ch-telecom-gw.customer.alter.net
> [63.65.154.70]
>    9   220 ms   220 ms   220 ms  202.97.52.33
>   10   262 ms   220 ms   220 ms  202.97.33.41
>   11   241 ms   242 ms   241 ms  202.97.4.66
>   12   271 ms   275 ms   271 ms  localhost [123.30.63.17]
>   13   258 ms   258 ms   258 ms  203.162.231.210
>   14   258 ms   262 ms   260 ms  localhost [123.30.120.46]
>   15   260 ms   275 ms   259 ms  localhost [123.30.74.2]
>
> Trace complete.


Seems that the Vista version does, or perhaps has something to do with our domain setup here:

C:\Users\bkwalker>tracert 123.30.74.2

Tracing route to bkwalkerpc.drbsystems.com [123.30.74.2]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  10.168.0.1
  2     1 ms    <1 ms    <1 ms  12.196.88.129
  3     9 ms     8 ms    10 ms  12.116.78.129
  4    17 ms    16 ms    16 ms  cr81.dtrmi.ip.att.net [12.122.102.26]
  5    16 ms    16 ms    16 ms  cr1.cgcil.ip.att.net [12.123.139.157]
  6    17 ms    17 ms    16 ms  tbr1.cgcil.ip.att.net [12.122.17.154]
  7    15 ms    15 ms    15 ms  ggr3.cgcil.ip.att.net [12.123.4.245]
  8    39 ms    41 ms    32 ms  192.205.35.178
  9   522 ms   651 ms   474 ms  62.154.15.166
 10   682 ms   656 ms   625 ms  217.239.40.57
 11   590 ms   597 ms   495 ms  62.154.14.97
 12   685 ms   675 ms   636 ms  217.239.37.173
 13   691 ms   768 ms   679 ms  212.184.27.158
 14   649 ms   651 ms   646 ms  bkwalkerpc.drbsystems.com [123.30.120.13]
 15   652 ms   653 ms   695 ms  bkwalkerpc.drbsystems.com [123.30.120.46]
 16   648 ms   641 ms   637 ms  bkwalkerpc.drbsystems.com [123.30.74.2]

Trace complete.

;-)