[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

Brenden Walker BKWalker at drbsystems.com
Wed Oct 8 15:47:16 GMT 2008

I was checking out a snort log entry, and thought this was odd.

traceroute to (, 30 hops max, 40 byte packets

 1 (  11.158 ms  11.016 ms  11.023 ms

...various hops, then this:

13  localhost (  647.139 ms 652.404 ms  657.893 ms

14  gridportal.ioit-hcm.ac.vn ( 642.764 ms  660.164 ms  490.590 ms

When I do the same traceroute from a different network on a windows box, it shows my local computer name in place of localhost.

What I think this means is that some doofus in Vietnam (addresses owned by Vietnamese ISP) named a router localhost?  I could see windoze translating that into the local computer name/domain.

Just the first time I've noticed this, anything to worry about?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20081008/9e46c5f5/attachment.htm 

More information about the Dshield mailing list