[wellylug] Routing the unroutable, aka 10.0.0.0/8
Christian Gagneraud
chgans at gna.org
Thu Sep 25 18:04:15 NZST 2014
Hi there,
I was having network problems on our local network, while
troubleshooting I realise that from here I can access lot of address
belonging to the (theoretically not routed) private network 10.0.0.0/8
And I even found that such an address was on my route to my preferred
French site:
$ traceroute linuxfr.org
traceroute to linuxfr.org (88.191.250.176), 30 hops max, 60 byte packets
1 10.64.40.2 (10.64.40.2) 0.758 ms 1.031 ms 1.295 ms
^^^^^^^^^^<-local network
2 smtp.canplay.org.nz (203.173.160.254) 23.084 ms 24.017 ms 24.948 ms
3 gi0-2-0-3.ppnzwtc01.wlg.vf.net.nz.180.109.203.in-addr.arpa
(203.109.180.210) 26.467 ms 27.429 ms 28.389 ms
4 gi0-2-0-3.ppnzwtc02.wlg.vf.net.nz (203.109.180.209) 31.280 ms
31.286 ms 31.855 ms
5 10.123.80.13 (10.123.80.13) 165.885 ms 166.496 ms 167.686 ms
^^^^^^^^^^^^<- ?!?
6 ten-0-2-0.bdr02.sjc01.ca.VOCUS.net (114.31.199.137) 168.607 ms
156.560 ms 216.389 ms
7 pos-1-0-0.bdr01.sjc01.ca.VOCUS.net.au (114.31.199.122) 216.381 ms
216.371 ms 216.361 ms
If you look at the hostnames and the latencies, you will see that
10.123.80.13 is the first IP address on this path that is located in
Australia: it's between vf.net.nz at 32ms (vodafone) and VOCUS.net at 168ms
(Vocus Australia).
If I scan 10.0.0.0/8 (using masscan [1]), says on port 80, I got a huge
amount of "Port 80: open". These port are really open but they are not
from an HTTP server
Now if i scan the same subnet several time in a row, i don't get the
same result, weird!
The only relevant result while googling for "10.123.80.13" are from
Vodafone forums where users complain about connection issues (typically
reporting a traceroute).
Any comments?
Chris
[1] https://github.com/robertdavidgraham/masscan
More information about the wellylug
mailing list