Facebook & Traceroute
Sam Norris
Sam at SanDiegoBroadband.com
Thu Mar 10 03:53:16 UTC 2016
Why does Facebook spoof the source IP address of the hop before this server?
They spoof the source IP address that is performing the traceroute.
66.220.156.68
---
7 FACEBOOK-IN.ear1.Atlanta2.Level3.net (4.16.185.58) 51.736 ms 51.678 ms
52.075 ms
8 ae2.bb01.atl1.tfbnw.net (74.119.78.214) 51.636 ms 51.584 ms 51.720 ms
9 be36.bb01.frc3.tfbnw.net (31.13.26.199) 58.669 ms ae4.bb05.frc3.tfbnw.net
(31.13.27.129) 61.085 ms ae16.bb06.frc3.tfbnw.net (74.119.76.117) 59.731 ms
10 ae5.bb04.iad3.tfbnw.net (31.13.26.57) 111.338 ms ae7.bb04.iad3.tfbnw.net
(31.13.31.245) 110.007 ms 110.015 ms
11 ae9.dr07.ash3.tfbnw.net (31.13.29.29) 68.692 ms ae10.dr08.ash2.tfbnw.net
(31.13.28.207) 67.846 ms ae12.dr08.ash3.tfbnw.net (31.13.29.191) 68.629 ms
12 * * *
13 * * *
14 8.25.38.1 (8.25.38.1) 68.571 ms 68.718 ms 68.132 ms
15 edge-star-mini-shv-07-ash4.facebook.com (66.220.156.68) 67.903 ms 67.752
ms 68.071 ms
---
Hop 14 is the source ip of the traceroute which is forged. This essentially
makes hop 14 reply using the same ip for src and dst.
Sam
More information about the NANOG
mailing list