[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

John Hardin jhardin at impsec.org
Wed Oct 8 18:27:19 GMT 2008 

On Wed, 8 Oct 2008, Brenden Walker wrote:

> Seems that the Vista version does, or perhaps has something to do with our domain setup here:
>
> C:\Users\bkwalker>tracert 123.30.74.2
>
> Tracing route to bkwalkerpc.drbsystems.com [123.30.74.2]
> over a maximum of 30 hops:
>
>  1    <1 ms    <1 ms    <1 ms  10.168.0.1
>  2     1 ms    <1 ms    <1 ms  12.196.88.129
>  3     9 ms     8 ms    10 ms  12.116.78.129
>  4    17 ms    16 ms    16 ms  cr81.dtrmi.ip.att.net [12.122.102.26]
>  5    16 ms    16 ms    16 ms  cr1.cgcil.ip.att.net [12.123.139.157]
>  6    17 ms    17 ms    16 ms  tbr1.cgcil.ip.att.net [12.122.17.154]
>  7    15 ms    15 ms    15 ms  ggr3.cgcil.ip.att.net [12.123.4.245]
>  8    39 ms    41 ms    32 ms  192.205.35.178
>  9   522 ms   651 ms   474 ms  62.154.15.166
> 10   682 ms   656 ms   625 ms  217.239.40.57
> 11   590 ms   597 ms   495 ms  62.154.14.97
> 12   685 ms   675 ms   636 ms  217.239.37.173
> 13   691 ms   768 ms   679 ms  212.184.27.158
> 14   649 ms   651 ms   646 ms  bkwalkerpc.drbsystems.com [123.30.120.13]
> 15   652 ms   653 ms   695 ms  bkwalkerpc.drbsystems.com [123.30.120.46]
> 16   648 ms   641 ms   637 ms  bkwalkerpc.drbsystems.com [123.30.74.2]
>
> Trace complete.
>
> ;-)

Confirmed on Vista, from a host on the same network as the earlier 
example. It's probably not your network setup unless ours is misconfigured 
the same way.

"ping -a" does the same thing.

Some quick googles don't seem to show anybody else discussing this issue.

Why in the world would anybody think it was reasonable to do that?

I wonder if this could be used to bypass security somehow? "Oh, the host 
I got that content from is me ('localhost' mapped to my local hostname), 
so I can trust it..."

--
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin at impsec.org    FALaholic #11174     pgpk -a jhardin at impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
   We are now seeing the disastrous consequences of government
   dictating behavior to the mortgage lending industry over the past
   two decades. Why do some think government dictating behavior to
   the health care industry would be any less disastrous?
-----------------------------------------------------------------------
  27 days until the Presidential Election

More information about the Dshield mailing list