10.0.0

Janet_Pippin · May 31, 1997, 3:53am

ALL:
Upon trying to discover an abuse site's network location, I
happened upon this:

Now, first it goes to sierra.. Then right after the trace finishes,
I ran the second one..

traceroute to ns1.sierra.net (207.135.224.247), 30 hops max, 40 byte packets
1 cisco.cyberramp.net (207.158.64.1) 2 ms 1 ms 1 ms
2 166.48.80.9 (166.48.80.9) 6 ms 8 ms 13 ms
3 core3.Dallas.mci.net (204.70.4.13) 5 ms 7 ms 16 ms
4 uunet-hssi.Dallas.mci.net (206.157.77.130) 26 ms 7 ms 56 ms
5 Fddi0-0.CR1.DFW1.Alter.Net (137.39.37.35) 103 ms 13 ms 15 ms
6 108.Hssi5-0.CR1.SFO1.Alter.Net (137.39.70.221) 135 ms 312 ms 348 ms
7 133.Hssi4-0.GW1.SLT1.Alter.Net (137.39.68.10) 104 ms 121 ms 122 ms
8 pfi-gw.customer.ALTER.NET (137.39.167.18) 108 ms 171 ms 106 ms
9 207.49.13.50 (207.49.13.50) 114 ms 117 ms 112 ms
10 207.14.235.22 (207.14.235.22) 112 ms 116 ms 113 ms
11 10.0.0.2 (10.0.0.2) 116 ms 108 ms 114 ms
12 rock.sierra.net (207.135.224.247) 116 ms 112 ms 113 ms

jdp@mailhost 18 ~ > wi 10.0.0
IANA (RESERVED-6)

Netname: RESERVED-10
Netnumber: 10.0.0.0

hrmm... and the second one:

jdp@mailhost 17 ~ > t ns1.sierra.net
traceroute to ns1.sierra.net (198.60.22.2), 30 hops max, 40 byte packets
1 cisco.cyberramp.net (207.158.64.1) 2 ms 1 ms 1 ms
2 166.48.80.9 (166.48.80.9) 29 ms * 5 ms
3 bordercore1-loopback.Denver.mci.net (166.48.92.1) 210 ms 252 ms 281 ms
4 electric-light.Denver.mci.net (166.48.93.254) 274 ms 273 ms 260 ms
5 F0-0.slkcib01.eli.net (207.0.56.18) 59 ms 59 ms 62 ms
6 XMISSION-DOM.slkcib01.eli.net (207.49.20.86) 64 ms 67 ms 69 ms
7 xmission.xmission.com (198.60.22.2) 60 ms * 88 ms
jdp@mailhost 18 ~ >

enlighten me, someone...

-janet

  Janet Pippin * CyberRamp Internet Services
   Network Administrator *** 11350 Hillguard Road
     jdp@cyberramp.net * Dallas, Texas 75243-8311
  http://www.cyberramp.net * (214) 340-2020 (817) 226-2020

Paul_Ferguson3 · May 31, 1997, 11:20am

Of course, RFC1918 addresses should not appear in the global
routing table. This is a fine example of people not taking
the responsibility to ensure [filter] that if they do use
them, they do not leak.

- paul

Bil_Herd1 · May 31, 1997, 12:07pm

Of course, RFC1918 addresses should not appear in the global
routing table. This is a fine example of people not taking
the responsibility to ensure [filter] that if they do use
them, they do not leak.

A couple of weeks ago we received a complaint from a customer of a
customer. They could get to some places but not others including us.
This is the traceroute that the dialup customer generated trying to hit
one of my customers.

1 121 ms 124 ms 112 ms wchspawcsap01.bellatlantic.net[192.168.107.173]
2 114 ms 118 ms 161 ms 192.168.107.174
3 126 ms 123 ms 123 ms 206.125.197.69
4 304 ms 292 ms 261 ms ATM5-0-9.dc01.IConNet.NET [204.245.127.157]
5 132 ms 135 ms 126 ms mae-east.netaxs.net [192.41.177.87]
6 159 ms 136 ms 136 ms philly-dc-gw-t3-h3-0.netaxs.net[206.161.90.2]
7 146 ms 136 ms 138 ms 207.106.127.6
8 * * * Request timed out.
9 * * * Request timed out.

A doublecheck of the forward DNS gave me:
Name: wchspawcsap01.bellatlantic.net
Address: 192.168.107.173
Aliases:

It would seem that they not only use the RFC1918 addresses but they have
forward DNS set up for it, and evidently reverse DNS is set up internally for
line one of the traceroute to resolve. Or maybe I am missing something.

Bil