[Dshield] Questions about traceroute

Ed Truitt ed.truitt at etee2k.net
Tue Jun 25 12:14:35 GMT 2002

What confuses you?  Basically, traceroute is giving you the route that
packets take from the source (in this case, samspade.org) to the target
(  The idea is that you find the entry just before the
target, and that is the "upstream" (ISP).  The main thing to remember here
is to look for the last entries - not the first.

>From what you included, I would presume you didn't make it all the way to
the target - meaning that either a router was down, or the host itself was
not on the 'Net.  That is what the lines of "* * * " mean (in this example,
line 22).

As to the "fake rDNS" (some traceroutes call it "fraudulent rDNS"), that
means the particular IP does not have a valid reverse-lookup entry (used to
convert a numeric IP address into a human-friendly name.)

I don't know exactly what is meant by "DNS error".

Hope this took away some of the confusion.

Ed Truitt
----- Original Message -----
From: Mercy
To: DS mailing list
Sent: Monday, June 24, 2002 8:05 PM
Subject: [Dshield] Questions about traceroute

I looked up an IP of someone who keeps port scanning me on ports 27374 &
12345 at samspade.org...

Traceroute confuses me... i also see it says (fake dns).  What's that mean?
that they spoofed an IP?



      3    9.849 ms   isi-1-lngw2-pos.ln.net [AS226] Los
Nettos origin AS
      4       9.123 ms
gigabitethernet5-0.lsanca1-cr3.bbnplanet.net [AS1] GTE Internetworking
      5         9.945 ms   p6-0.lsanca1-cr6.bbnplanet.net [AS1]
GTE Internetworking
      6        6.646 ms   p6-0.lsanca2-br1.bbnplanet.net [AS1]
GTE Internetworking
      7        10.554 ms  p15-0.snjpca1-br1.bbnplanet.net [AS1]
GTE Internetworking
      8       10.421 ms  p9-0.snjpca1-br2.bbnplanet.net [AS1]
GTE Internetworking
      9        27.087 ms  so-1-0-0.sttlwa2-br1.bbnplanet.net
[AS1] GTE Internetworking
     10      27.281 ms  so-0-0-0.sttlwa1-hcr1.bbnplanet.net
[AS1] GTE Internetworking
     11      28.846 ms  so-7-0-0.sttlwa1-hcr2.bbnplanet.net
[AS1] GTE Internetworking
     12      27.192 ms  p1-0.sttlwa1-cr2.bbnplanet.net [AS1]
GTE Internetworking
     13     30.544 ms  p3-0.bctel.bbnplanet.net [AS1] GTE
     14     31.196 ms  sttlwa01br02.bb.telus.com (Fake rDNS)
[AS174/AS852] Performance Systems International, Inc / TELUS Communications
     15    30.968 ms  nwmrbc01br01.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     16    45.424 ms  edtnabxmbr01.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     17  77.003 ms  edtnabkdbr01.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     18  77.070 ms  toroonnlbr00.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     19     87.274 ms  mtrlpqfbbr00.bb.telus.com (Fake rDNS)
[AS174/AS852] Performance Systems International, Inc / TELUS Communications
     20      87.265 ms  mtrlpqpbbr02.bb.telus.com (Fake rDNS)
[AS174/AS852] Performance Systems International, Inc / TELUS Communications
     21     94.571 ms  peer.mtrlpqpbbr02.bb.telus.com (DNS
error) [AS174/AS852] Performance Systems International, Inc / TELUS
Communications Inc.
     22 *


