[Dshield] Questions about traceroute

Ed Truitt ed.truitt at etee2k.net
Tue Jun 25 12:14:35 GMT 2002


What confuses you?  Basically, traceroute is giving you the route that
packets take from the source (in this case, samspade.org) to the target
(24.202.194.32).  The idea is that you find the entry just before the
target, and that is the "upstream" (ISP).  The main thing to remember here
is to look for the last entries - not the first.

>From what you included, I would presume you didn't make it all the way to
the target - meaning that either a router was down, or the host itself was
not on the 'Net.  That is what the lines of "* * * " mean (in this example,
line 22).

As to the "fake rDNS" (some traceroutes call it "fraudulent rDNS"), that
means the particular IP does not have a valid reverse-lookup entry (used to
convert a numeric IP address into a human-friendly name.)

I don't know exactly what is meant by "DNS error".

Hope this took away some of the confusion.

Cheers,
Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
http://www.etee2k.net
http://www.bsatroop148.org

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

----- Original Message -----
From: Mercy
To: DS mailing list
Sent: Monday, June 24, 2002 8:05 PM
Subject: [Dshield] Questions about traceroute


I looked up an IP of someone who keeps port scanning me on ports 27374 &
12345 at samspade.org...

Traceroute confuses me... i also see it says (fake dns).  What's that mean?
that they spoofed an IP?

thanks

traceroute 24.202.194.32


      3    130.152.80.30    9.849 ms   isi-1-lngw2-pos.ln.net [AS226] Los
Nettos origin AS
      4    4.24.4.249       9.123 ms
gigabitethernet5-0.lsanca1-cr3.bbnplanet.net [AS1] GTE Internetworking
      5    4.24.4.2         9.945 ms   p6-0.lsanca1-cr6.bbnplanet.net [AS1]
GTE Internetworking
      6    4.24.5.49        6.646 ms   p6-0.lsanca2-br1.bbnplanet.net [AS1]
GTE Internetworking
      7    4.24.5.58        10.554 ms  p15-0.snjpca1-br1.bbnplanet.net [AS1]
GTE Internetworking
      8    4.24.9.130       10.421 ms  p9-0.snjpca1-br2.bbnplanet.net [AS1]
GTE Internetworking
      9    4.0.3.229        27.087 ms  so-1-0-0.sttlwa2-br1.bbnplanet.net
[AS1] GTE Internetworking
     10    4.24.11.202      27.281 ms  so-0-0-0.sttlwa1-hcr1.bbnplanet.net
[AS1] GTE Internetworking
     11    4.24.10.234      28.846 ms  so-7-0-0.sttlwa1-hcr2.bbnplanet.net
[AS1] GTE Internetworking
     12    4.24.10.241      27.192 ms  p1-0.sttlwa1-cr2.bbnplanet.net [AS1]
GTE Internetworking
     13    4.24.125.110     30.544 ms  p3-0.bctel.bbnplanet.net [AS1] GTE
Internetworking
     14    154.11.10.10     31.196 ms  sttlwa01br02.bb.telus.com (Fake rDNS)
[AS174/AS852] Performance Systems International, Inc / TELUS Communications
Inc.
     15    209.53.75.177    30.968 ms  nwmrbc01br01.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     16    209.53.75.186    45.424 ms  edtnabxmbr01.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     17    205.233.111.130  77.003 ms  edtnabkdbr01.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     18    209.115.137.238  77.070 ms  toroonnlbr00.bb.telus.com (Fake rDNS)
[AS852] TELUS Communications Inc.
     19    154.11.11.14     87.274 ms  mtrlpqfbbr00.bb.telus.com (Fake rDNS)
[AS174/AS852] Performance Systems International, Inc / TELUS Communications
Inc.
     20    154.11.7.11      87.265 ms  mtrlpqpbbr02.bb.telus.com (Fake rDNS)
[AS174/AS852] Performance Systems International, Inc / TELUS Communications
Inc.
     21    154.11.135.6     94.571 ms  peer.mtrlpqpbbr02.bb.telus.com (DNS
error) [AS174/AS852] Performance Systems International, Inc / TELUS
Communications Inc.
     22 *

Mercy




More information about the list mailing list