Okay, so this has my head hurting a bit just trying to figure out just
how this is possible and what kind of equipment would pull this stunt.
Tracing from here (cableone cable modem) to the outside world, I end up
with the following at the beginning of my traceroute.
1 192.168.1.1 (192.168.1.1) 2.759 ms 0.803 ms 0.769 ms
2 0.0.0.0 (0.0.0.0) 10.462 ms 9.543 ms 8.043 ms
3 192.168.32.65 (192.168.32.65) 9.984 ms 9.654 ms 9.570 ms
4 te-4-4.car2.seattle1.level3.net (4.53.146.117) 25.960 ms 21.798
ms 24.144 ms
.... etc
0.0.0.0 as one of the hops. So, I pulled out LFT to make sure
traceroute isn't going nuts.
Layer Four Traceroute (LFT) version 3.1
Using device en1, 192.168.1.101:53
TTL LFT trace to 207.70.17.213:80/tcp
1 192.168.1.1 0.9/0.9ms
2 /9.8/10.3ms
3 192.168.32.65 9.7/8.3ms
4 10.255.255.1 9.1/8.4ms
5 te-4-4.car2.seattle1.level3.net (4.53.146.117) 29.0/20.2ms
Fun, no entry for hop 2, plus there's an extra hop at #4. Lets use verbose.
Layer Four Traceroute (LFT) version 3.1 ... (verbosity level 2)
Using device en1, 192.168.1.101:53
SENT TCP TTL=1 SEQ=648736948 FLAGS=0x2 ( SYN )
SENT TCP TTL=2 SEQ=648736949 FLAGS=0x2 ( SYN )
RCVD ICMP SEQ=648736948 SRC=192.168.1.1 PTTL=1 PSEQ=648736948
SENT TCP TTL=3 SEQ=648736950 FLAGS=0x2 ( SYN )
SENT TCP TTL=4 SEQ=648736951 FLAGS=0x2 ( SYN )
SENT TCP TTL=5 SEQ=648736952 FLAGS=0x2 ( SYN )
SENT TCP TTL=6 SEQ=648736953 FLAGS=0x2 ( SYN )
RCVD ICMP SEQ=648736949 SRC=0.0.0.0 PTTL=2 PSEQ=648736949
SENT TCP TTL=7 SEQ=648736954 FLAGS=0x2 ( SYN )
RCVD ICMP SEQ=648736950 SRC=192.168.32.65 PTTL=3 PSEQ=648736950
RCVD ICMP SEQ=648736951 SRC=10.255.255.1 PTTL=4 PSEQ=648736951
RCVD ICMP SEQ=648736953 SRC=4.68.105.30 PTTL=6 PSEQ=648736953
Am I going nuts, or is something really messed up somewhere upstream
from the cable modem? To quote someone from IRC who's just as confused,
"the null route just talked to me".
--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org / http://www.ahbl.org
