[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.

John Hardin jhardin at impsec.org
Wed Oct 8 17:30:30 GMT 2008


On Wed, 8 Oct 2008, Brenden Walker wrote:

> ...various hops, then this:
>
> 13  localhost (123.30.74.2)  647.139 ms 652.404 ms  657.893 ms
> 14  gridportal.ioit-hcm.ac.vn (210.86.238.70) 642.764 ms  660.164 ms  490.590 ms
>
> What I think this means is that some doofus in Vietnam (addresses owned 
> by Vietnamese ISP) named a router localhost?

More than one. See below...

> I could see windoze translating that into the local computer name/domain.

Native windows tracert doesn't:

C:\Documents and Settings\JHardin>tracert 123.30.74.2

Tracing route to localhost [123.30.74.2] over a maximum of 30 hops:

   ...
   8    34 ms    34 ms    34 ms  ch-telecom-gw.customer.alter.net [63.65.154.70]
   9   220 ms   220 ms   220 ms  202.97.52.33
  10   262 ms   220 ms   220 ms  202.97.33.41
  11   241 ms   242 ms   241 ms  202.97.4.66
  12   271 ms   275 ms   271 ms  localhost [123.30.63.17]
  13   258 ms   258 ms   258 ms  203.162.231.210
  14   258 ms   262 ms   260 ms  localhost [123.30.120.46]
  15   260 ms   275 ms   259 ms  localhost [123.30.74.2]

Trace complete.


-- 
  John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
  jhardin at impsec.org    FALaholic #11174     pgpk -a jhardin at impsec.org
  key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  They didn't add pork to the bailout, they added the bailout to pork.
                                              -- seen at saysuncle.com
-----------------------------------------------------------------------
  27 days until the Presidential Election


More information about the Dshield mailing list