Odd cableone traceroute with 0.0.0.0 in path
Mike Tancsa
mike at sentex.net
Thu Oct 28 19:17:17 UTC 2010
At 02:55 PM 10/28/2010, Brielle Bruns wrote:
>Okay, so this has my head hurting a bit just trying to figure out
>just how this is possible and what kind of equipment would pull this stunt.
misconfig of a p2p addr somewhere ? perhaps someone used 0.0.0.0/30
as a p2p addr for kicks.
e.g. I just tried this at home.
on a next hop router,
# ifconfig igb1 0.0.0.0/30 alias
on a node/workstation behind the above router
0(i5)# ifconfig em0 0.0.0.1/30 alias
0(i5)# route add 173.194.32.104 0.0.0.0
0(i5)# telnet -s 10.255.255.27 173.194.32.104 80
Trying 173.194.32.104...
Connected to yyz06s05-in-f104.1e100.net.
Escape character is '^]'.
And looking for the arp who has, it is indeed asking for 0.0.0.0's
MAC addr for the next hop.
15:07:38.308758 00:15:17:ed:36:e5 > ff:ff:ff:ff:ff:ff, ethertype ARP
(0x0806), length 60: Request who-has 0.0.0.0 tell 0.0.0.1, length 46
15:07:38.308764 00:30:48:94:88:21 > 00:15:17:ed:36:e5, ethertype ARP
(0x0806), length 42: Reply 0.0.0.0 is-at 00:30:48:94:88:21, length 28
---Mike
>Tracing from here (cableone cable modem) to the outside world, I end
>up with the following at the beginning of my traceroute.
>
> 1 192.168.1.1 (192.168.1.1) 2.759 ms 0.803 ms 0.769 ms
> 2 0.0.0.0 (0.0.0.0) 10.462 ms 9.543 ms 8.043 ms
> 3 192.168.32.65 (192.168.32.65) 9.984 ms 9.654 ms 9.570 ms
> 4 te-4-4.car2.seattle1.level3.net (4.53.146.117) 25.960
> ms 21.798 ms 24.144 ms
>.... etc
>
>0.0.0.0 as one of the hops. So, I pulled out LFT to make sure
>traceroute isn't going nuts.
>
>Layer Four Traceroute (LFT) version 3.1
>Using device en1, 192.168.1.101:53
>TTL LFT trace to 207.70.17.213:80/tcp
> 1 192.168.1.1 0.9/0.9ms
> 2 /9.8/10.3ms
> 3 192.168.32.65 9.7/8.3ms
> 4 10.255.255.1 9.1/8.4ms
> 5 te-4-4.car2.seattle1.level3.net (4.53.146.117) 29.0/20.2ms
>
>Fun, no entry for hop 2, plus there's an extra hop at #4. Lets use verbose.
>
>Layer Four Traceroute (LFT) version 3.1 ... (verbosity level 2)
>Using device en1, 192.168.1.101:53
>SENT TCP TTL=1 SEQ=648736948 FLAGS=0x2 ( SYN )
>SENT TCP TTL=2 SEQ=648736949 FLAGS=0x2 ( SYN )
>RCVD ICMP SEQ=648736948 SRC=192.168.1.1 PTTL=1 PSEQ=648736948
>SENT TCP TTL=3 SEQ=648736950 FLAGS=0x2 ( SYN )
>SENT TCP TTL=4 SEQ=648736951 FLAGS=0x2 ( SYN )
>SENT TCP TTL=5 SEQ=648736952 FLAGS=0x2 ( SYN )
>SENT TCP TTL=6 SEQ=648736953 FLAGS=0x2 ( SYN )
>RCVD ICMP SEQ=648736949 SRC=0.0.0.0 PTTL=2 PSEQ=648736949
>SENT TCP TTL=7 SEQ=648736954 FLAGS=0x2 ( SYN )
>RCVD ICMP SEQ=648736950 SRC=192.168.32.65 PTTL=3 PSEQ=648736950
>RCVD ICMP SEQ=648736951 SRC=10.255.255.1 PTTL=4 PSEQ=648736951
>RCVD ICMP SEQ=648736953 SRC=4.68.105.30 PTTL=6 PSEQ=648736953
>
>
>Am I going nuts, or is something really messed up somewhere upstream
>from the cable modem? To quote someone from IRC who's just as
>confused, "the null route just talked to me".
>
>--
>Brielle Bruns
>The Summit Open Source Development Group
>http://www.sosdg.org / http://www.ahbl.org
--------------------------------------------------------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet since 1994 www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
More information about the NANOG
mailing list