Odd cableone traceroute with 0.0.0.0 in path

Mike Tancsa mike at sentex.net
Thu Oct 28 14:17:17 CDT 2010


At 02:55 PM 10/28/2010, Brielle Bruns wrote:
>Okay, so this has my head hurting a bit just trying to figure out 
>just how this is possible and what kind of equipment would pull this stunt.

misconfig of a p2p addr somewhere ?  perhaps someone used 0.0.0.0/30 
as a p2p addr for kicks.

e.g. I just tried this at home.

on a next hop router,
# ifconfig igb1 0.0.0.0/30 alias


on a node/workstation behind the above router

0(i5)# ifconfig em0 0.0.0.1/30 alias
0(i5)# route add 173.194.32.104 0.0.0.0

0(i5)# telnet -s 10.255.255.27 173.194.32.104 80
Trying 173.194.32.104...
Connected to yyz06s05-in-f104.1e100.net.
Escape character is '^]'.


And looking for the arp who has, it is indeed asking for 0.0.0.0's 
MAC addr for the next hop.

15:07:38.308758 00:15:17:ed:36:e5 > ff:ff:ff:ff:ff:ff, ethertype ARP 
(0x0806), length 60: Request who-has 0.0.0.0 tell 0.0.0.1, length 46
15:07:38.308764 00:30:48:94:88:21 > 00:15:17:ed:36:e5, ethertype ARP 
(0x0806), length 42: Reply 0.0.0.0 is-at 00:30:48:94:88:21, length 28

         ---Mike



>Tracing from here (cableone cable modem) to the outside world, I end 
>up with the following at the beginning of my traceroute.
>
>  1  192.168.1.1 (192.168.1.1)  2.759 ms  0.803 ms  0.769 ms
>  2  0.0.0.0 (0.0.0.0)  10.462 ms  9.543 ms  8.043 ms
>  3  192.168.32.65 (192.168.32.65)  9.984 ms  9.654 ms  9.570 ms
>  4  te-4-4.car2.seattle1.level3.net (4.53.146.117)  25.960 
> ms  21.798 ms  24.144 ms
>....  etc
>
>0.0.0.0 as one of the hops.    So, I pulled out LFT to make sure 
>traceroute isn't going nuts.
>
>Layer Four Traceroute (LFT) version 3.1
>Using device en1, 192.168.1.101:53
>TTL LFT trace to 207.70.17.213:80/tcp
>  1  192.168.1.1 0.9/0.9ms
>  2 /9.8/10.3ms
>  3  192.168.32.65 9.7/8.3ms
>  4  10.255.255.1 9.1/8.4ms
>  5  te-4-4.car2.seattle1.level3.net (4.53.146.117) 29.0/20.2ms
>
>Fun, no entry for hop 2, plus there's an extra hop at #4.  Lets use verbose.
>
>Layer Four Traceroute (LFT) version 3.1 ... (verbosity level 2)
>Using device en1, 192.168.1.101:53
>SENT TCP  TTL=1 SEQ=648736948 FLAGS=0x2 ( SYN )
>SENT TCP  TTL=2 SEQ=648736949 FLAGS=0x2 ( SYN )
>RCVD ICMP SEQ=648736948 SRC=192.168.1.1 PTTL=1 PSEQ=648736948
>SENT TCP  TTL=3 SEQ=648736950 FLAGS=0x2 ( SYN )
>SENT TCP  TTL=4 SEQ=648736951 FLAGS=0x2 ( SYN )
>SENT TCP  TTL=5 SEQ=648736952 FLAGS=0x2 ( SYN )
>SENT TCP  TTL=6 SEQ=648736953 FLAGS=0x2 ( SYN )
>RCVD ICMP SEQ=648736949 SRC=0.0.0.0 PTTL=2 PSEQ=648736949
>SENT TCP  TTL=7 SEQ=648736954 FLAGS=0x2 ( SYN )
>RCVD ICMP SEQ=648736950 SRC=192.168.32.65 PTTL=3 PSEQ=648736950
>RCVD ICMP SEQ=648736951 SRC=10.255.255.1 PTTL=4 PSEQ=648736951
>RCVD ICMP SEQ=648736953 SRC=4.68.105.30 PTTL=6 PSEQ=648736953
>
>
>Am I going nuts, or is something really messed up somewhere upstream 
>from the cable modem?  To quote someone from IRC who's just as 
>confused, "the null route just talked to me".
>
>--
>Brielle Bruns
>The Summit Open Source Development Group
>http://www.sosdg.org    /     http://www.ahbl.org

--------------------------------------------------------------------
Mike Tancsa,                                      tel +1 519 651 3400
Sentex Communications,                            mike at sentex.net
Providing Internet since 1994                    www.sentex.net
Cambridge, Ontario Canada                         www.sentex.net/mike





More information about the NANOG mailing list