Yikes! 192.168.1.2 routed to RR!!

JmE · Post by **JmE** » Wed Nov 21, 2001 11:41 am

Okay, I'm worried...

When I do a TRACERT on my computer to my wife's non-routed IP (192.168.1.2), it shows as going to xterm2.columbus.rr.com. When I TRACERT all the other IPs on the LAN, they come back with the appropriate COMPTUERNAME. All the other computers on the LAN TRACERT to 192.168.1.2 and give the appropriate COMPUTERNAME. Only my system TRACERTs 192.168.1.2 to xterm2.columbus.rr.com.

I am really worried. Is this a security issue? If so, how can I plug it?

Insight? Info? Please...

-JmE-

BoGGy · Post by **BoGGy** » Wed Nov 21, 2001 4:45 pm

I have a Acura RSX TYPE-S

i bought it 3 weeks ago, my parents paid half and i had to pay half and insurance.

Im going to make it look bad-ass

* STREEET RACING TIME *

BoGGy · Post by **BoGGy** » Wed Nov 21, 2001 4:46 pm

WOOPS WRONG FOURM!

most routers blocks many many ports

which router do you have?

also use a firewall on every cpu
zonealarm
norton

its all good

JmE · Post by **JmE** » Wed Nov 21, 2001 6:21 pm

Using a LinkSys Router (BEFSR11). 192.168.1.2 is NOT in the DMZ. No ports are forwarded to it and all of the systems are running ZoneAlarm.

A few weeks ago, I suspected that her system had a trojan, however, I found nothing. This new xterm2.columbus.rr.com thing is starting to rekindle my suspicion.

We have more than 8 systems on the LAN and her's is the only one that TRACERTs something other than her COMPUTERNAME.

Two updates:

All the system on the LAN now TRACERT 192.168.1.2 to xterm2.columbus.rr.com.

Sometimes, the TRACERT shows that the resolved address (xterm2.columbus.rr.com) is down. This is certainly leading me to belive that her IP is linking to someone's terminal somewhere. When that other system is up, the TRACERT goes through. When that other system is down, the TRACERT still resolves the same, however, does not go through. ("The other system" being the one at the xterm2.columbus.rr.com.

Any thoughts?

-JmE-

colnago1331 · Post by **colnago1331** » Thu Nov 22, 2001 8:50 am

Is this an automatically assigned IP or did you force-assign the IP?

JmE · Post by **JmE** » Thu Nov 22, 2001 10:24 am

Behind the router, all of the LAN IP addresses are fixed. We have been running like this for years on dial up and for quite some time now on broadband.

It just seemed weird....

Now when I TRACERT 192.168.1.1 (the Linksys router), I get spider.columbus.rr.com.

Some of the other used IPs (such as 192.168.1.3, etc) now give results such as xterm3.columbus.rr.com.

Maybe this is normal??? I have never seen this before... I always would get COMPUTERNAME for TRACERT. Now I ger <something>.columbus.rr.com and I am on cinci.rr.com.

Too strange for me. Anyone know if this is normal? Perhaps some user on the Cinci RR system can TRACERT 192.168.1.2 and post what they get? (it is best to TRACERT one of the 192.168.1.xxx IP addresses that has one of your LAN computers turned on and running).

Who knows, maybe this is normal...

-JmE-

colnago1331 · Post by **colnago1331** » Thu Nov 22, 2001 4:42 pm

I don't know what "normal" is, but I can tell you this. If I open up the MS Dos prompt and type "ping xterm2.columbus.rr.com" it tells me that I'm pinging "192.168.1.2"

JmE · Post by **JmE** » Thu Nov 22, 2001 5:55 pm

Originally posted by colnago1331
I don't know what "normal" is, but I can tell you this. If I open up the MS Dos prompt and type "ping xterm2.columbus.rr.com" it tells me that I'm pinging "192.168.1.2"

Fair enough. Thanks for putting my mind at ease. As long as it isn't just my LAN that resolves that IP to xterm2, then I am satisfied. I just had never seen it do that before...

Thanks again for easing my mind.

-JmE-

MosDef112 · Post by **MosDef112** » Fri Nov 23, 2001 2:23 am

Yep, same here. xterm2.columbus.rr.com currently does resolve to 192.168.1.2. Some engineer did a nice hiccup and resolved the wrong IP to that DNS name. Likely that's the admin interface IP for that router, which is supposed to be hidden. No security compromise here, don't worry.

JmE · Post by **JmE** » Fri Nov 23, 2001 7:52 pm

Yes, I had called RR (the actual RR department, not TW) and they went to great lengths to tell me that this is normal. She kept putting me on hold, I assume to ask some of the networking gurus there. She made reference several times as to "this is why they don't support LAN users...". The problem was that I was merely attempting to make her aware that the RR DNSs were doing this. Of course, I was polite and not asking for any real resolution, the info was just an FYI to them. She also kept saying that if you TRACERT 192.168.1.xxx, you will get someone's LAN system (outside your own). I attempted to explain to her that when you enter an IP, the system goes to the DNS which is RR. I also explained to her that as far as I know the DNS should not be dealing w/ 192.168.1.xxx at all. As such, unless there was a 192.168.1.xxx on that particular LAN, then the IP would return unresolved, as it should. This all fell upon deaf ears, so, I thanked her and went on my way... what a waste of time.

I dunno, I always thought that 192.168.0.xxx and 192.168.1.xxx and certain others were supposed to be reserved...

Thanks for the replies.
-JmE-

donald_k · Post by **donald_k** » Wed Nov 28, 2001 12:17 am

Roadrunner can use the 192.169.x.x space for their own networking devices (ie. some touers that the public internet should not be able to route to). The reason roadrunner would set DNS names to their "local" routers is to make things easier when it comes to administrating the network. A person will remember a name more than some silly number. To the public internet the addresses will not resolve at all unless of course you are a Roadrunner customer as you are on their network. Here is a good example of a DNS resolution that the whole internet can see that behaves like this. Ping gateway.tbcdsb.on.ca, it will resolve 10.1.1.1 but you will not be able to ping it because it is actually set that way for their own network which is ALL NATed behind 10.1.1.1. The public IP of gateway.tbcdsb.on.ca is actually 206.186.171.34. Now they chose to have their gateway entry in their DNS server to be public and relayed to the master DNS servers whereas roadrunner made their entry "xterm2" private so it will not get relayed to the internet DNS servers. Confusing isn't it?

JmE · Post by **JmE** » Wed Nov 28, 2001 10:36 am

Thanks for the coherent reply

What really confused me about the way they did it was that I could see it. I never could before. It wasn't until I started to have trouble with a system in the DMZ that I started really looking, though...(I still can't put that IP in the DMZ or it crashes 2 segments of my LAN... it is probably unrelated, though.)

Thanks,
-JmE-