[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

Brenden Walker BKWalker at drbsystems.com
Wed Oct 8 15:47:16 GMT 2008


I was checking out a snort log entry, and thought this was odd.



traceroute to 210.86.238.70 (210.86.238.70), 30 hops max, 40 byte packets

 1  10.49.64.1 (10.49.64.1)  11.158 ms  11.016 ms  11.023 ms



...various hops, then this:



13  localhost (123.30.74.2)  647.139 ms 652.404 ms  657.893 ms

14  gridportal.ioit-hcm.ac.vn (210.86.238.70) 642.764 ms  660.164 ms  490.590 ms





When I do the same traceroute from a different network on a windows box, it shows my local computer name in place of localhost.



What I think this means is that some doofus in Vietnam (addresses owned by Vietnamese ISP) named a router localhost?  I could see windoze translating that into the local computer name/domain.



Just the first time I've noticed this, anything to worry about?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20081008/9e46c5f5/attachment.htm 


More information about the Dshield mailing list