[Tfug] Comcast Anomaly

evorrie at comcast.net evorrie at comcast.net
Mon Apr 17 14:30:12 MST 2006


This is somewhat off the topic but I thought Comcast customers in Tucson and around the country would get a kick out this.  Last week, by pure coincedence I stumbled upon a private network that I was able to reach from my home network.  In other words, the only way in my mind was that I had a vpn or sometype of tunneled connection to this network.   Addresses that I was able to ping were 10.6.80.0/24 through 10.6.115.0/24.  These addresses are private, basically non-routable on the public internet.  This is impossible!  I must be going crazy.  But I was able to get to this.  So, I did a traceroute:

traceroute to 10.6.90.159 (10.6.90.159), 64 hops max, 40 byte packets
 1  172.30.125.241 (172.30.125.241)  1.717 ms  0.677 ms  1.544 ms
 2  192.168.15.1 (192.168.15.1)  3.026 ms  2.131 ms  2.045 ms
 3  73.109.0.1 (73.109.0.1)  14.727 ms  7.498 ms  8.656 ms
 4  68.87.172.197 (68.87.172.197)  8.945 ms  9.005 ms  8.396 ms
 5  68.87.172.21 (68.87.172.21)  8.762 ms  9.794 ms  11.678 ms
 6  12.127.141.61 (12.127.141.61)  13.492 ms  11.179 ms  13.543 ms
 7  gbr2-p80.phmaz.ip.att.net (12.123.142.26)  53.404 ms  51.756 ms  52.645 ms
 8  tbr2-cl1592.dlstx.ip.att.net (12.122.10.81)  53.259 ms  53.916 ms  54.987 ms
 9  tbr1-cl6.sl9mo.ip.att.net (12.122.10.89)  55.851 ms  53.547 ms  57.049 ms
10  tbr2-cl24.sl9mo.ip.att.net (12.122.9.142)  52.812 ms  54.207 ms  54.572 ms
11  tbr2-cl7.cgcil.ip.att.net (12.122.10.45)  53.164 ms  53.714 ms  52.442 ms
12  gar6-p3150.cgcil.ip.att.net (12.123.4.229)  52.991 ms  51.729 ms  52.346 ms
13  12-220-0-25.client.insightbb.com (12.220.0.25)  57.667 ms  57.802 ms  58.127 ms
14  12-220-1-238.client.insightbb.com (12.220.1.238)  58.615 ms  57.573 ms  59.127 ms
15  12-220-1-93.client.insightbb.com (12.220.1.93)  62.426 ms  84.802 ms  62.683 ms
16  * * *
17  10.6.90.159 (10.6.90.159)  67.088 ms  69.857 ms  72.274 ms

Now I really was confused.  I took out my router and firewall to test, and I still was able to get to the private network.  I asked friends, coworkers and fellow classmates about the issue.  Still nothing, everyone was confused.  So I went to my professors and I got an answer.  He lives in Vermont and I'm in Tucson.  This appears to be happening to all Comcast customers, so enjoy.
Eric

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
OK....  here are some thoughts...
 
First, let's look at the trace route. It ends on a 10-net address.  This is
a private address and there is no external (i.e., over the Internet) way to
route to it.  So, on the surface, the trace route is not possible.  
 
But wait... there's more...
 
If we look carefully at hops 13 through 15 we see that we are going through
a "client" of some kind and its address is perfectly routable.  Thinking
about that we can come to but one conclusion: these clients and,
especially, the last one comprise a gateway of some sort.  The last one at
least must be dual homed in order to allow a bridge between the routable
network and the 10-net.  
 
But this still is odd.  Why? Because you trace routed *to* the 10-net,
something one cannot normally do.  So let's take a closer look at the
entire trace route.
 
The first address (yours, I would think) is, like a 10-net, not a public
address.  That says that you are already on an internal network of some
type.  This, likely, is your ISP.  What it looks like is that your ISP has
you on an internal network and you are being moved around within that
network.  Let's test that theory a bit.
 
The next hop is a 192.168 address, also a private address.  That pretty
well says that you are inside a private - probably the ISP's - network. 
Let's keep moving down the trace.  
 
Hop 3 turns out to be a Comcast address.  From the IP I would guess that it
is a gateway (the .1 often is used by sysadmins as a gateway).  Gateway to
what?  Well, let's look at hop 4.  That also is Comcast - "PA-WEST-12". 
This, likely is a router or switch.  To where?  Let's continue.  Hop 5 is,
essentially, the same.  So we can conjecture that hop 4 goes into the
switch and hop 5 takes you out.  Out to where?
 
Hop 6 moves from Comcast to AT&T Worldnet, Comcast's ISP.  12-nets usually
are AT&T.  From hop 6 through hop 12 we stay inside the AT&T network until
we emerge at hop 13, a client at insightbbs. This is insight Communications
company and they use AT&T as their ISP.  Note the turnaround times on hops
13-15, all Insight Clients.  They are different by only a millisecond or
two.  We can conjecture that they are on the same subnet (LAN).  Insight is
an ISP that uses AT&T as its ISP.
 
Conclusion?  Your ISP (Comcast) is on the same backbone as Insight.  This
is not uncommon in cable modems.  But that is not all... read on....
 
Now, here is the interesting thing about all of this. I am on Comcast and I
just trace routed to the same address.  So what does that mean? Well,
digging a little deeper into Insight we find that they are not just an
ISP... they are the "9th-largest cable operator in the U.S., with 1.3
million customers in the states of Illinois, Indiana, Kentucky and Ohio."
 
So, now we know.... it is likely that in its service area Insight is the
cable operator for Comcast.  Bottom line? Something is misconfigured within
the Comcast/Insight enterprise and you (we) are inside the Insight internal
network, a very dangerous thing for them.  I will contact them directly and
let you all know what happens.
 
Hope you found this interesting and, perhaps, entertaining... back to your
regularly scheduled work-day <grin>.
 
- --P


More information about the tfug mailing list