[Dshield] Questions about traceroute

John Sage jsage at finchhaven.com
Tue Jun 25 15:19:46 GMT 2002


On Mon, Jun 24, 2002 at 09:05:25PM -0400, Mercy wrote:
> I looked up an IP of someone who keeps port scanning me on ports 27374 & 12345 at samspade.org...
> 
> Traceroute confuses me... i also see it says (fake dns).  What's that mean?  that they spoofed an IP?
> 
> thanks
> 
> traceroute 24.202.194.32


traceroute is showing you every device (mostly routers..) that packets
travel through from your host to the target, which is:

[toot at sparky ~]# host 24.202.194.32
32.194.202.24.in-addr.arpa. domain name pointer
  modemcable032.194-202-24.mtl.mc.videotron.ca.

Since the actual host probing you seems to be a cable modem user out
of videotron.ca it's possible you will not be able to traceroute right
back to that specific host.

In my experience, some ISP's block traceroutes past their perimeter
routers, as seems to have happened, here:


<snip>

21    154.11.135.6     94.571 ms  peer.mtrlpqpbbr02.bb.telus.com (DNS
 error) [AS174/AS852] Performance Systems International, Inc / TELUS
 Communications Inc.
22 *

<snip>

"DNS error" means -- uh.. some sort of DNS error.. dunno more than that.

Not of any great consequence for what the traceroute is able to tell
you, methinks...


- John
-- 
"You are in a little maze of twisty passages, all different."

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the list mailing list