[wellylug] Routing the unroutable, aka 10.0.0.0/8

Christian Gagneraud chgans at gna.org
Thu Sep 25 18:04:15 NZST 2014


Hi there,

I was having network problems on our local network, while 
troubleshooting I realise that from here I can access lot of address 
belonging to the (theoretically not routed) private network 10.0.0.0/8

And I even found that such an address was on my route to my preferred 
French site:

$ traceroute linuxfr.org
traceroute to linuxfr.org (88.191.250.176), 30 hops max, 60 byte packets
  1  10.64.40.2 (10.64.40.2)  0.758 ms  1.031 ms  1.295 ms
                 ^^^^^^^^^^<-local network
  2  smtp.canplay.org.nz (203.173.160.254)  23.084 ms  24.017 ms  24.948 ms
  3  gi0-2-0-3.ppnzwtc01.wlg.vf.net.nz.180.109.203.in-addr.arpa 
(203.109.180.210)  26.467 ms  27.429 ms  28.389 ms
  4  gi0-2-0-3.ppnzwtc02.wlg.vf.net.nz (203.109.180.209)  31.280 ms 
31.286 ms  31.855 ms
  5  10.123.80.13 (10.123.80.13)  165.885 ms  166.496 ms  167.686 ms
                   ^^^^^^^^^^^^<- ?!?
  6  ten-0-2-0.bdr02.sjc01.ca.VOCUS.net (114.31.199.137)  168.607 ms 
156.560 ms  216.389 ms
  7  pos-1-0-0.bdr01.sjc01.ca.VOCUS.net.au (114.31.199.122)  216.381 ms 
  216.371 ms  216.361 ms

If you look at the hostnames and the latencies, you will see that 
10.123.80.13 is the first IP address on this path that is located in 
Australia: it's between vf.net.nz at 32ms (vodafone) and VOCUS.net at 168ms 
(Vocus Australia).

If I scan 10.0.0.0/8 (using masscan [1]), says on port 80, I got a huge 
amount of "Port 80: open". These port are really open but they are not 
from an HTTP server

Now if i scan the same subnet several time in a row, i don't get the 
same result, weird!

The only relevant result while googling for "10.123.80.13" are from 
Vodafone forums where users complain about connection issues (typically 
reporting a traceroute).

Any comments?

Chris

[1] https://github.com/robertdavidgraham/masscan



More information about the wellylug mailing list