Facebook & Traceroute

• Previous message (by thread): finding whois servers, was .pro whois registry down?
• Next message (by thread): Facebook & Traceroute
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Why does Facebook spoof the source IP address of the hop before this server?
They spoof the source IP address that is performing the traceroute.

66.220.156.68

---
 7  FACEBOOK-IN.ear1.Atlanta2.Level3.net (4.16.185.58)  51.736 ms  51.678 ms
52.075 ms
 8  ae2.bb01.atl1.tfbnw.net (74.119.78.214)  51.636 ms  51.584 ms  51.720 ms
 9  be36.bb01.frc3.tfbnw.net (31.13.26.199)  58.669 ms ae4.bb05.frc3.tfbnw.net
(31.13.27.129)  61.085 ms ae16.bb06.frc3.tfbnw.net (74.119.76.117)  59.731 ms
10  ae5.bb04.iad3.tfbnw.net (31.13.26.57)  111.338 ms ae7.bb04.iad3.tfbnw.net
(31.13.31.245)  110.007 ms  110.015 ms
11  ae9.dr07.ash3.tfbnw.net (31.13.29.29)  68.692 ms ae10.dr08.ash2.tfbnw.net
(31.13.28.207)  67.846 ms ae12.dr08.ash3.tfbnw.net (31.13.29.191)  68.629 ms
12  * * *
13  * * *
14  8.25.38.1 (8.25.38.1)  68.571 ms  68.718 ms  68.132 ms
15  edge-star-mini-shv-07-ash4.facebook.com (66.220.156.68)  67.903 ms  67.752
ms  68.071 ms
---

Hop 14 is the source ip of the traceroute which is forged. This essentially
makes hop 14 reply using the same ip for src and dst.

Sam

• Previous message (by thread): finding whois servers, was .pro whois registry down?
• Next message (by thread): Facebook & Traceroute
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]