Strange IP routing (?)

I've posted this to the NDO user forum but I might as well post it here
as well.........

Please help me understand what is going on as I am going to lose sleep
if I don't get an explaination to this!

OK, I have a network in my home, as I'm sure lots of other people
reading this do. Fair enough. Nothing special. There are only 2 or 3
computers on the network, using the 192.168.0.x IP address range, and
255.255.255.0 as the subnet. The network works fine - exactly how I want
it to.

The other day I bought a second-hand wireless application point, which I
think is faulty (but that's another matter altogether). So, I downloaded
a program called Angry IP Scanner to try and find out what IP address
it's using. I set it to scan all addresses from 192.168.0.0 to
192.168.255.255, as you do.

The scanner detected the computers on my network, but also computers on
strange IP addresses such as 192.168.3.19, for example. I know for a
fact that there is no computer on my network wth the IP address
192.168.3.19. There are lots in the 192.168.3.x range, and also quite a
few in the 192.168.7.x range, for example 192.168.7.2. I didn't let the
program scan the whole range of IP addresses but I'm sure that if I had,
it would have found many more of these. None of these are the access
point - the light on my network switch that the access point is
connected to doesn't even light up when the access point is connected
and switched on (and it's not a faulty patch cable, but like I said
before, that's another matter entirely).

Anyway, I did some tracerouting and this is what I got.

Tracing route to 192.168.3.19 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms ipcop.workgroup [192.168.0.1]
2 1835 ms 2003 ms 2046 ms ndoltd1-hg3.ilford.broadband.bt.net [217.47.119.
202]
3 1521 ms 1116 ms 1065 ms 217.47.119.162
4 1425 ms 1395 ms 1789 ms 217.47.119.234
5 1677 ms 1559 ms 1910 ms perseus-fa-0-0-5.ision.net.uk [195.7.228.35]
6 1982 ms 1899 ms 1741 ms 192.168.3.19

Trace complete.

and

Tracing route to 192.168.7.2 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms ipcop.workgroup [192.168.0.1]
2 1612 ms 1677 ms 1818 ms ndoltd1-hg3.ilford.broadband.bt.net [217.47.119.
202]
3 1547 ms 1780 ms 1910 ms 217.47.119.161
4 1722 ms 1830 ms 1753 ms 217.47.119.234
5 1376 ms 1171 ms 1743 ms perseus-fa-0-0-5.ision.net.uk [195.7.228.35]
6 1754 ms 1968 ms 1886 ms pheme-fa-2-0.ision.net.uk [195.7.224.237]
7 1721 ms 1456 ms 1553 ms thn2-gi-0-3.ndo.com [195.7.224.250]
8 1685 ms 1710 ms 1584 ms 192.168.7.2

Trace complete.

Ignore the high pings.

From this I can only conclude that I am pinging an IP address on
another NDO customer's private network. But, BY DEFINITION the IP
addresses in question are private IP addresses, and I shouldn't be able
to ping them.

So what is going on? Is anyone else able to ping these IPs? I'm
completely stumped. PLEASE can someone give me an explaination as to
what is going on?

Thanks in advance!

don't know about BT but NTL have UBR's etc on theirs
so arnt they the same think but for BT?

mike

"Anton Gÿsen" <(E-Mail Removed)> wrote in
message news:420bba93$0$7929$(E-Mail Removed)...
> I've posted this to the NDO user forum but I might as well post it here
> as well.........
>
> Please help me understand what is going on as I am going to lose sleep
> if I don't get an explaination to this!
>
> OK, I have a network in my home, as I'm sure lots of other people
> reading this do. Fair enough. Nothing special. There are only 2 or 3
> computers on the network, using the 192.168.0.x IP address range, and
> 255.255.255.0 as the subnet. The network works fine - exactly how I want
> it to.
>
> The other day I bought a second-hand wireless application point, which I
> think is faulty (but that's another matter altogether). So, I downloaded
> a program called Angry IP Scanner to try and find out what IP address
> it's using. I set it to scan all addresses from 192.168.0.0 to
> 192.168.255.255, as you do.
>
> The scanner detected the computers on my network, but also computers on
> strange IP addresses such as 192.168.3.19, for example. I know for a
> fact that there is no computer on my network wth the IP address
> 192.168.3.19. There are lots in the 192.168.3.x range, and also quite a
> few in the 192.168.7.x range, for example 192.168.7.2. I didn't let the
> program scan the whole range of IP addresses but I'm sure that if I had,
> it would have found many more of these. None of these are the access
> point - the light on my network switch that the access point is
> connected to doesn't even light up when the access point is connected
> and switched on (and it's not a faulty patch cable, but like I said
> before, that's another matter entirely).
>
> Anyway, I did some tracerouting and this is what I got.
>
> Tracing route to 192.168.3.19 over a maximum of 30 hops
>
> 1 <1 ms <1 ms <1 ms ipcop.workgroup [192.168.0.1]
> 2 1835 ms 2003 ms 2046 ms ndoltd1-hg3.ilford.broadband.bt.net [217.47.119.
> 202]
> 3 1521 ms 1116 ms 1065 ms 217.47.119.162
> 4 1425 ms 1395 ms 1789 ms 217.47.119.234
> 5 1677 ms 1559 ms 1910 ms perseus-fa-0-0-5.ision.net.uk [195.7.228.35]
> 6 1982 ms 1899 ms 1741 ms 192.168.3.19
>
> Trace complete.
>
> and
>
> Tracing route to 192.168.7.2 over a maximum of 30 hops
>
> 1 <1 ms <1 ms <1 ms ipcop.workgroup [192.168.0.1]
> 2 1612 ms 1677 ms 1818 ms ndoltd1-hg3.ilford.broadband.bt.net [217.47.119.
> 202]
> 3 1547 ms 1780 ms 1910 ms 217.47.119.161
> 4 1722 ms 1830 ms 1753 ms 217.47.119.234
> 5 1376 ms 1171 ms 1743 ms perseus-fa-0-0-5.ision.net.uk [195.7.228.35]
> 6 1754 ms 1968 ms 1886 ms pheme-fa-2-0.ision.net.uk [195.7.224.237]
> 7 1721 ms 1456 ms 1553 ms thn2-gi-0-3.ndo.com [195.7.224.250]
> 8 1685 ms 1710 ms 1584 ms 192.168.7.2
>
> Trace complete.
>
> Ignore the high pings.
>
> From this I can only conclude that I am pinging an IP address on
> another NDO customer's private network. But, BY DEFINITION the IP
> addresses in question are private IP addresses, and I shouldn't be able
> to ping them.
>
> So what is going on? Is anyone else able to ping these IPs? I'm
> completely stumped. PLEASE can someone give me an explaination as to
> what is going on?
>
> Thanks in advance!

mikeFNB wrote:

> don't know about BT but NTL have UBR's etc on theirs
> so arnt they the same think but for BT?
>
> mike

Sorry to sound like a dickhead but what's a UBR?

On Thu, 10 Feb 2005 21:14:37 +0000, Anton Gÿsen
<(E-Mail Removed)> wrote:

>mikeFNB wrote:
>
>> don't know about BT but NTL have UBR's etc on theirs
>> so arnt they the same think but for BT?
>>
>> mike
>
>Sorry to sound like a dickhead but what's a UBR?


Short for unspecified bit rate, or Class D quality of service, an ATM
bandwidth-allocation service that does not guarantee any throughput
levels and uses only available bandwidth. UBR is often used when
transmitting data that can tolerate delays.


But I've no idea what that means

--
(E-Mail Removed)<--ROT13 it
Spam Trap in Header

Freedom isn't FREE


http://borg.no-ip.com

"Anton Gÿsen" <(E-Mail Removed)> wrote in
message news:420bce6c$0$7946$(E-Mail Removed)...
> mikeFNB wrote:
> > don't know about BT but NTL have UBR's etc on theirs
> > so arnt they the same think but for BT?
>
> Sorry to sound like a dickhead but what's a UBR?

It's not really relevant, but in this case UBR stands for Universal
Broadband Router, which is what Cisco call their CMTS (Cable Modem
Termination System) equipment. In other words, it's what cable modems talk
to.

Mike's point is that NTL use private IP addresses within their network (for
cable modems and UBRs), and it seems to me that a few other ISPs do too (for
various things). It's impossible to say why you
are able to reach private addresses, and you shouldn't be able to reach them
(I can't, BTW), but the machines that respond are not necessarily a
customer's. If you're really that interested, search for information on
routing protocols and consider what might happen if there is a
misconfiguration.

Alex

UBR is not related to the actual question.
What Anton is facing is actually a neighbor who has access to those
networks with WEP disabled. Anton - see whether you can ping 3.1
address ? If you can, then you are able to reach your neighbor's
wireless access point. Neighbor won't have proper SSID as well.

- Chandar

(E-Mail Removed) wrote:

> UBR is not related to the actual question.
> What Anton is facing is actually a neighbor who has access to those
> networks with WEP disabled. Anton - see whether you can ping 3.1
> address ? If you can, then you are able to reach your neighbor's
> wireless access point. Neighbor won't have proper SSID as well.

This is what I'm trying to say, it's not another network because (a) the
access point doesn't work and (b) my PCI wireless NIC doesn't detect any
wireless networks in range, other than my laptop, when it's on (which it
wasn't).

I can ping 192.168.3.1 and the ping times are about 15-20ms, which would
be the typical ping to another user on my ISP.

Anton

Anton Gÿsen wrote:

> This is what I'm trying to say, it's not another network because (a) the
> access point doesn't work and (b) my PCI wireless NIC doesn't detect any
> wireless networks in range, other than my laptop, when it's on (which it
> wasn't).
>
> I can ping 192.168.3.1 and the ping times are about 15-20ms, which would
> be the typical ping to another user on my ISP.

Another things, the traceroutes show that the path to these addresses
are being routed through my IPCop firewall and then through my ISP, it
would seem.

Alex Fraser wrote:

> It's not really relevant, but in this case UBR stands for Universal
> Broadband Router, which is what Cisco call their CMTS (Cable Modem
> Termination System) equipment. In other words, it's what cable modems talk
> to.

Like a DSLAM? I am using ADSL FWIW.

> Mike's point is that NTL use private IP addresses within their network (for
> cable modems and UBRs), and it seems to me that a few other ISPs do too (for
> various things). It's impossible to say why you
> are able to reach private addresses, and you shouldn't be able to reach them
> (I can't, BTW), but the machines that respond are not necessarily a
> customer's. If you're really that interested, search for information on
> routing protocols and consider what might happen if there is a
> misconfiguration.

I see, but I would have thought that pings to 192.168.x.x addresses
wouldn't have been routed through the IPCop box in the first place. I
haven't got anything special configured on the IPCop box - just a PCI
ADSL modem and an ethernet card to provide routing and firewalling.

Thanks Alex. I'm still baffled, though. What occured to me is what would
happen if I was to change the IP address of a machine on my network to
one of these addresses. Not that I can really be arsed finding out,
because I'd have to change the IP address of the IPCop box as well for
it to be on the same subnet as the machine I'm using now (I think, I'm
no expert on subnets).

Anton

In MsgID<(E-Mail Removed)> within uk.comp.home-networking,
'Alex Fraser' wrote:

>Mike's point is that NTL use private IP addresses within their network (for
>cable modems and UBRs), and it seems to me that a few other ISPs do too (for
>various things). It's impossible to say why you
>are able to reach private addresses, and you shouldn't be able to reach them
>(I can't, BTW), but the machines that respond are not necessarily a
>customer's. If you're really that interested, search for information on
>routing protocols and consider what might happen if there is a
>misconfiguration.

The thing I would find worrying is that packets are finding their way back
to Anton's network. It's (as you say) fairly normal for ISPs to let you
route _to_ their private network space (though I consider it a bit dozy)
but I wouldn't be too keen on finding a route back, into my private IP
range..

An interesting question (well two actually) is what would happen if Anton
had chosen to use 192.168.0.0/16? IP clashes?

Also what services are running on the live hosts, that'd give some clue as
to what they are. To Anton, have you tried a full scan? It can't be a
problem as you have every right to scan your 'own' IP range..

--
Dave Johnson - (E-Mail Removed)