On Thu, 28 Oct 2010 12:55:56 -0600 Brielle Bruns <bruns@2mbit.com> wrote:
Okay, so this has my head hurting a bit just trying to figure out just how this is possible and what kind of equipment would pull this stunt.
My initial guess was that somebody put "0.0.0.0" text as the DNS PTR RR value for that hop, however that isn't the case as both the name and the IP address of the hop are 0.0.0.0. My guess is that the ICMP error that traceroute uses to detect hops is being sourced from 0.0.0.0 for some reason. Your cable modem wouldn't be performing any RPF on incoming traffic, so there is nothing to filter out 0.0.0.0 as an invalid source address (or it may actually be valid for these ICMP errors - it's the "unspecified" address.)
Tracing from here (cableone cable modem) to the outside world, I end up with the following at the beginning of my traceroute.
1 192.168.1.1 (192.168.1.1) 2.759 ms 0.803 ms 0.769 ms 2 0.0.0.0 (0.0.0.0) 10.462 ms 9.543 ms 8.043 ms 3 192.168.32.65 (192.168.32.65) 9.984 ms 9.654 ms 9.570 ms 4 te-4-4.car2.seattle1.level3.net (4.53.146.117) 25.960 ms 21.798 ms 24.144 ms .... etc
0.0.0.0 as one of the hops. So, I pulled out LFT to make sure traceroute isn't going nuts.
Layer Four Traceroute (LFT) version 3.1 Using device en1, 192.168.1.101:53 TTL LFT trace to 207.70.17.213:80/tcp 1 192.168.1.1 0.9/0.9ms 2 /9.8/10.3ms 3 192.168.32.65 9.7/8.3ms 4 10.255.255.1 9.1/8.4ms 5 te-4-4.car2.seattle1.level3.net (4.53.146.117) 29.0/20.2ms
Fun, no entry for hop 2, plus there's an extra hop at #4. Lets use verbose.
Layer Four Traceroute (LFT) version 3.1 ... (verbosity level 2) Using device en1, 192.168.1.101:53 SENT TCP TTL=1 SEQ=648736948 FLAGS=0x2 ( SYN ) SENT TCP TTL=2 SEQ=648736949 FLAGS=0x2 ( SYN ) RCVD ICMP SEQ=648736948 SRC=192.168.1.1 PTTL=1 PSEQ=648736948 SENT TCP TTL=3 SEQ=648736950 FLAGS=0x2 ( SYN ) SENT TCP TTL=4 SEQ=648736951 FLAGS=0x2 ( SYN ) SENT TCP TTL=5 SEQ=648736952 FLAGS=0x2 ( SYN ) SENT TCP TTL=6 SEQ=648736953 FLAGS=0x2 ( SYN ) RCVD ICMP SEQ=648736949 SRC=0.0.0.0 PTTL=2 PSEQ=648736949 SENT TCP TTL=7 SEQ=648736954 FLAGS=0x2 ( SYN ) RCVD ICMP SEQ=648736950 SRC=192.168.32.65 PTTL=3 PSEQ=648736950 RCVD ICMP SEQ=648736951 SRC=10.255.255.1 PTTL=4 PSEQ=648736951 RCVD ICMP SEQ=648736953 SRC=4.68.105.30 PTTL=6 PSEQ=648736953
Am I going nuts, or is something really messed up somewhere upstream from the cable modem? To quote someone from IRC who's just as confused, "the null route just talked to me".
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org