[Dshield] Odd traceroute, I *think* I know what's going on, but not sure.
BKWalker at drbsystems.com
Wed Oct 8 19:07:17 GMT 2008
> -----Original Message-----
> From: list-bounces at lists.sans.org [mailto:list-bounces at lists.sans.org]
> On Behalf Of John Hardin
> Sent: Wednesday, October 08, 2008 2:27 PM
> To: General DShield Discussion List
> Subject: Re: [Dshield] Odd traceroute, I *think* I know what's going
> on, but not sure.
> On Wed, 8 Oct 2008, Brenden Walker wrote:
> > Seems that the Vista version does, or perhaps has something to do
> with our domain setup here:
> > C:\Users\bkwalker>tracert 126.96.36.199
> > Tracing route to bkwalkerpc.drbsystems.com [188.8.131.52]
> > 16 648 ms 641 ms 637 ms bkwalkerpc.drbsystems.com
> > Trace complete.
> > ;-)
> Confirmed on Vista, from a host on the same network as the earlier
> example. It's probably not your network setup unless ours is
> the same way.
> "ping -a" does the same thing.
> Some quick googles don't seem to show anybody else discussing this
> Why in the world would anybody think it was reasonable to do that?
> I wonder if this could be used to bypass security somehow? "Oh, the
> I got that content from is me ('localhost' mapped to my local
> so I can trust it..."
Good question. The only thing I could think of it putting in URL's that look like they're going to link to your local machine. But that's not going to work well, at least in most cases. I know my hosts files has localhost mapping directly to 127.0.0.1 and at least tracert and ping don't do a lookup.
Sure makes one wonder what the heck they are thinking. Or even how it got this way...weird.
More information about the Dshield