Very interesting ... and here is why I say that: this morning I had some complaints from my users about some sites being unreachable. A traceroute from a DSL provider to my external interface of the firewall would hop through and stop here:
(other hops ... irrelevant for the point I am trying to make) (previous hop) 166.90.73.78 (stopping hop) 192.168.5.14 (!!!) http://samspade.org/t/lookat?a=166.90.73.78 tells me: 166.90.73.78 has dubious reverse DNS of unknown.Level3.net - which is a valid hostname, but not one that resolves to 166.90.73.78 Interesting ... I wonder if some routers are misconfigured and started "leaking" private IPs ?!? We just had a major issue of a similar nature (not privates, but dropped routes!) last week with C&W, who ended up escalating the problem to their level 3 engineering. They never told me what the problem was, though ... Anybody else?!? Stef P.S. Ian - I apologize for CC:-ing you - usually I don't do that, as you should receive emails through the list, but the security-basics one seems to have failed me a couple of times lately, and I am hoping at least you receive this. On Sunday 21 July 2002 04:26 pm, Ian Webb wrote: > I get the following output when I do a traceroute from my Windows XP > machine, which is directly connected to a Road Runner cable modem > (Motorola Surfboard), to 192.168.100.1: > > C:\>tracert 192.168.100.1 > > Tracing route to 192.168.100.1 over a maximum of 30 hops > > 1 * * * Request timed out. > 2 62 ms 125 ms 66 ms 24.93.66.37 > 3 87 ms 220 ms * 24.93.66.150 > 4 * 24.93.66.177 reports: Destination host unreachable. > > This seems weird to me, since 192.168.100.1 is an RFC 1918 local > address space. I can't think of any valid reason that a packet > destined for it would go *two* hops into Road Runner's network before > getting a destination host unreachable. Is there something I'm > missing? > > Thanks, > Ian
