ICMP weirdness

Daniel Senie dts at senie.com
Mon Oct 18 21:38:34 UTC 2004


At 05:02 PM 10/18/2004, Crist Clark wrote:

>Jim Popovitch wrote:
>
>> From Comcast Cable, at my home in Atlanta, I can ping 10.10.1.1....
>>which is pong'ed from a private client network hanging somewhere off of
>>Insight Broadband's network in the North Central part of the US.  Why on
>>god's green earth do network operators allow such nonsense as this?
>
>FWIW, I get the same result from Comcast residential coax
>service from Santa Clara, CA using a plain ol' *nix UDP
>traceroute. (This is not ICMP specific.)

Interesting to see who does and doesn't apply bogon filters to their BGP 
sessions.

 From a Verio space, the packets do not make it past a default-free router. 
Good filtering.

 From AT&T space, the trace goes all the way to InsightBB, no filtering of 
prefixes.

It appears XO does not filter, but that whomever they try to hand the 
traffic off to in Dallas does filter.

Comcast (New England) seems to have some level of filtering, but has a 
default route loop between Lowell, MA and Needham, MA in their traces. Nice.

Appears level3.net filters properly.

The presence of the route did provide a nice set of data to see whose 
networks are implementing filtering.


>raceroute 10.10.1.1
>traceroute to 10.10.1.1 (10.10.1.1), 64 hops max, 44 byte packets
>[snip my internal net]
>  3  12.244.25.145 (12.244.25.145)  17.315 ms  17.378 ms  17.492 ms
>  4  12.244.67.17 (12.244.67.17)  33.548 ms  23.702 ms  13.066 ms
>  5  12.244.72.206 (12.244.72.206)  21.554 ms  18.118 ms  18.589 ms
>  6  gbr2-p50.sffca.ip.att.net (12.123.13.62)  23.677 ms  31.973 ms  18.647 ms
>  7  tbr1-p012702.sffca.ip.att.net (12.122.11.69)  24.447 ms  19.266 
> ms  19.036 ms
>  8  tbr1-cl2.sl9mo.ip.att.net (12.122.10.41)  73.801 ms  66.745 ms  71.541 ms
>  9  gbr2-p10.sl9mo.ip.att.net (12.122.11.102)  68.524 ms  62.157 
> ms  66.172 ms
>10  gar1-p370.sl9mo.ip.att.net (12.123.24.213)  68.568 ms  65.325 
>ms  62.455 ms
>11  12-220-0-69.client.insightBB.com (12.220.0.69)  93.072 ms  98.102 
>ms  91.132 ms
>12  12-220-7-198.client.insightBB.com (12.220.7.198)  88.131 ms  83.943 
>ms  85.713 ms
>13  10.10.1.1 (10.10.1.1)  159.507 ms  101.956 ms  95.575 ms
>
>I know that Comcast (formerly AT&T BB) uses the 10-net internally
>on their transit networks so they can't just blackhole the stuff.
>Insight's ISP is AT&T (now Comcast?). Looking quickly at the AT&T
>looking glass, Insight appears to not have its own AS. RFC1918
>successfully crossing between ASes would be a Very Bad Thing.
>However, it looks like it is completely within AT&T here. Not a
>Good Thing, but not the end of the world. For all I know,
>10.10.1.1 might be AT&T equipment using their internal 10-net.
>
>
>>Traceroute -I 10.10.1.1 produces the following:
>>traceroute to 10.10.1.1 (10.10.1.1), 30 hops max, 38 byte packets
>>  1  10.238.10.1 (10.238.10.1)  29.089 ms  25.387 ms  28.574 ms
>>  2  66.56.22.66 (66.56.22.66)  30.923 ms  31.305 ms  33.142 ms
>>  3  66.56.22.70 (66.56.22.70)  35.945 ms  35.874 ms  36.832 ms
>>  4  c-66-56-23-38.atl.client2.attbi.com (66.56.23.38)  34.740 ms  35.041
>>ms  37.537 ms
>>  5  12.118.184.41 (12.118.184.41)  41.967 ms  45.584 ms  43.997 ms
>>  6  gbr2-p70.attga.ip.att.net (12.123.21.6)  44.988 ms  44.706 ms 43.033 ms
>>  7  tbr2-p013602.attga.ip.att.net (12.122.12.37)  49.353 ms  44.010 ms 
>> 45.244 ms
>>  8  12.122.10.138 (12.122.10.138)  62.244 ms  62.269 ms  62.148 ms
>>  9  gbr1-p40.sl9mo.ip.att.net (12.122.11.114)  60.922 ms  67.005 ms 
>> 60.264 ms
>>10  gar1-p360.sl9mo.ip.att.net (12.123.24.209)  59.572 ms  64.013 ms 
>>60.198 ms
>>11  12-220-0-69.client.insightBB.com (12.220.0.69)  77.000 ms  76.050
>>ms  77.926 ms
>>12  12-220-7-198.client.insightBB.com (12.220.7.198)  95.437 ms  80.068
>>ms  84.076 ms
>>13  10.10.1.1 (10.10.1.1)  93.612 ms  97.280 ms  192.994 ms
>>
>
>
>--
>Crist J. Clark                               crist.clark at globalstar.com
>Globalstar Communications                                (408) 933-4387
>
>The information contained in this e-mail message is confidential,
>intended only for the use of the individual or entity named above.
>If the reader of this e-mail is not the intended recipient, or the
>employee or agent responsible to deliver it to the intended recipient,
>you are hereby notified that any review, dissemination, distribution or
>copying of this communication is strictly prohibited.  If you have
>received this e-mail in error, please contact postmaster at globalstar.com




More information about the NANOG mailing list