[Dshield] Questions about traceroute
jsage at finchhaven.com
Tue Jun 25 15:19:46 GMT 2002
On Mon, Jun 24, 2002 at 09:05:25PM -0400, Mercy wrote:
> I looked up an IP of someone who keeps port scanning me on ports 27374 & 12345 at samspade.org...
> Traceroute confuses me... i also see it says (fake dns). What's that mean? that they spoofed an IP?
> traceroute 22.214.171.124
traceroute is showing you every device (mostly routers..) that packets
travel through from your host to the target, which is:
[toot at sparky ~]# host 126.96.36.199
188.8.131.52.in-addr.arpa. domain name pointer
Since the actual host probing you seems to be a cable modem user out
of videotron.ca it's possible you will not be able to traceroute right
back to that specific host.
In my experience, some ISP's block traceroutes past their perimeter
routers, as seems to have happened, here:
21 184.108.40.206 94.571 ms peer.mtrlpqpbbr02.bb.telus.com (DNS
error) [AS174/AS852] Performance Systems International, Inc / TELUS
"DNS error" means -- uh.. some sort of DNS error.. dunno more than that.
Not of any great consequence for what the traceroute is able to tell
"You are in a little maze of twisty passages, all different."
PGP key http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
More information about the list