Subject: Re: Weird route to spammer.
To: None <netbsd-help@netbsd.org>
From: Geoff Wing <mason@primenet.com.au>
List: netbsd-help
Date: 08/28/2003 05:51:14
Richard Rauch <rkr@olib.org> typed:
: I did a little looking around and tracerouted the connecting machine
: (218.45.234.31):
:
: [...]
: 15 gige11-0-10.hsipaccess2.tok1.net.reach.com (210.57.4.196) 248.464 ms 249.307 ms 248.133 ms
: 16 unknown.net.reach.com (210.57.52.50) 249.223 ms 248.807 ms 249.133 ms
: 17 10.0.1.17 (10.0.1.17) 242.064 ms 244.924 ms 243.203 ms
: 18 10.15.0.30 (10.15.0.30) 249.702 ms 254.012 ms 249.626 ms
: 19 218.45.234.31 (218.45.234.31) 255.120 ms 242.816 ms 243.469 ms
% ipw 218.45.234.31
inetnum: 218.45.234.0 - 218.45.234.63
netname: RURUBUNET
descr: JTB CORP.
country: JP
admin-c: KO3649JP
tech-c: KO3649JP
...
My traceroute correctly(*) tells me:
...
12 unknown.net.reach.com (210.57.52.50) 200.112 ms 197.813 ms 195.724 ms
13 * * *
14 * * *
15 218.45.234.31 (218.45.234.31) 199.686 ms 192.841 ms 201.955 ms
: I thought that 10.0/8 was not allowed on the public 'net. Has the
: rule changed, or is something really fishy going on here? (I remember
: starting to ask this before, but decided to delete the message, as I
: recall.)
It's a fairly common method ISPs use to set up large scale DHCP systems,
e.g. for broadband. The nodes on the private IP range don't produce TCP/UDP
traffic, they just route it - which also allows ISPs to put in transparent
proxies (whether you want them or not).
: (Yes, I normally filter all outside traffic from 10.0/8, but I also normally
: filter all ICMP traffic, so I have to disable ipf in order to run a
: traceroute. (^&)
(*) ``correctly'' since (as you indicate you have) private IP traffic doesn't
enter my network from outside.
Regards,
--
Geoff Wing