Strange default route

Printable View

09-30-2007, 10:36 PM
unix

Strange default route

Hello comp.os.linux.security.

So, what I've got here is the strangest problem, I've ever had. I'm
connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux
PPPoE plugin). Until today it was set to add a default route
automatically, as the interface is set up. I have disabled this, adding
the default route semi-manually by the ip-up script, for the following
reason.

Today, when I was checking my IPv4 routing table, I have noticed the
following weirdness:

Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
217.0.116.62 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 0 lo
default 217.0.116.62 0.0.0.0 UG 0 0 0 ppp0

Look at the default route. It is using a gateway, and I don't seem to
remember setting one up. I also don't find that IP address anywhere in
'/etc' via grep. The host behind that IP address belongs to my ISP (by
what 'whois' is telling me), but weirdly it does not respond to
anything. 'nmap' yields no responses with TCP/UDP/FIN scan methods, and
my pings don't get answered by that host.

Tracing the route of that host just gives me a list of time-outs. So
either there is no route, or that host must be very near to mine.
Because of the following paragraph, I think the latter is more
realistic. Maybe you can tell a different story, talking to users of
other ISPs, i.e. not of the German company T-Online (which is closely
related to the Deutsche Telekom AG).

What makes me nervous is that I didn't have any connection problems so
far. In other words: That host actually _does_ act as a gateway and
forwards my packets as normal. Since I removed that gateway, nothing
has changed. My connection is still fine.

So my questions:
* Have you experienced similar symptoms?
* Does PPP(oE) feature mandating a default gateway to the client?
* What do non-T-Online users get, when trying to trace/contact that
host?

Currently I'm connecting those facts to the European Union's data
retention plans. You may want to have a look at the following web-sites
addressing that issue:
* [url]http://www.epic.org/privacy/intl/data_retention.html[/url]
* [url]http://www.dataretentionisnosolution.com/[/url]

Regards.
09-30-2007, 10:36 PM
unix

Re: Strange default route

Greetings ES,

Here is a trace from Edmonton, Canada.

Tracing route to 217.0.116.62 over a maximum of 30 hops

1 14 ms 14 ms 14 ms d198-166-16-1.abhsia.telus.net [198.166.16.1]

2 14 ms 14 ms 14 ms edtnabxmdr00.bb.telus.com [154.11.95.134]

3 13 ms 13 ms 14 ms edtnabkdgr01.bb.telus.com [205.233.111.108]

4 50 ms 49 ms 50 ms toroonxngr00.bb.telus.com [154.11.11.54]

5 50 ms 117 ms 78 ms 212.184.27.21

6 158 ms 158 ms 159 ms s-ea1.S.DE.net.DTAG.DE [62.154.22.138]

7 297 ms 194 ms 169 ms 217.0.116.62

Trace complete.
09-30-2007, 10:36 PM
unix

Re: Strange default route

Ertugrul Soeylemez wrote:[color=blue]
> Hello comp.os.linux.security.
>
> So, what I've got here is the strangest problem, I've ever had. I'm
> connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux
> PPPoE plugin). Until today it was set to add a default route
> automatically, as the interface is set up. I have disabled this, adding
> the default route semi-manually by the ip-up script, for the following
> reason.
>
> Today, when I was checking my IPv4 routing table, I have noticed the
> following weirdness:
>
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 217.0.116.62 * 255.255.255.255 UH 0 0 0 ppp0
> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
> loopback * 255.0.0.0 U 0 0 0 lo
> default 217.0.116.62 0.0.0.0 UG 0 0 0 ppp0
>
> Look at the default route. It is using a gateway, and I don't seem to
> remember setting one up. I also don't find that IP address anywhere in
> '/etc' via grep. The host behind that IP address belongs to my ISP (by
> what 'whois' is telling me), but weirdly it does not respond to
> anything. 'nmap' yields no responses with TCP/UDP/FIN scan methods, and
> my pings don't get answered by that host.[/color]

Come on - it is *your own* ppp0 interface.
Have a look at output of /sbin/ifconfig.

The default route should point to the next hop toward
the common Internet, and so it does. A point-to-point
connection pushes everything arriving at one end to
the other end (which is your way out to the Net).

Do you have real connectivity problems?

--

Tauno Voipio
tauno voipio (at) iki fi
09-30-2007, 10:36 PM
unix

Re: Strange default route

Tauno Voipio <tauno.voipio@INVALIDiki.fi> writes:
[color=blue]
>Ertugrul Soeylemez wrote:[color=green]
>> Hello comp.os.linux.security.
>>
>> So, what I've got here is the strangest problem, I've ever had. I'm
>> connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux
>> PPPoE plugin). Until today it was set to add a default route
>> automatically, as the interface is set up. I have disabled this, adding
>> the default route semi-manually by the ip-up script, for the following
>> reason.
>>
>> Today, when I was checking my IPv4 routing table, I have noticed the
>> following weirdness:
>>
>> Kernel IP routing table
>> Destination Gateway Genmask Flags Metric Ref Use Iface
>> 217.0.116.62 * 255.255.255.255 UH 0 0 0 ppp0
>> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
>> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
>> loopback * 255.0.0.0 U 0 0 0 lo
>> default 217.0.116.62 0.0.0.0 UG 0 0 0 ppp0
>>
>> Look at the default route. It is using a gateway, and I don't seem to
>> remember setting one up. I also don't find that IP address anywhere in
>> '/etc' via grep. The host behind that IP address belongs to my ISP (by
>> what 'whois' is telling me), but weirdly it does not respond to
>> anything. 'nmap' yields no responses with TCP/UDP/FIN scan methods, and
>> my pings don't get answered by that host.[/color][/color]
[color=blue]
>Come on - it is *your own* ppp0 interface.
>Have a look at output of /sbin/ifconfig.[/color]
[color=blue]
>The default route should point to the next hop toward
>the common Internet, and so it does. A point-to-point
>connection pushes everything arriving at one end to
>the other end (which is your way out to the Net).[/color]

To amplify, ppp is a point to point interface. It connects one computer to
another. It does not connect a computer to a network. Thus the gateway MUST
be that computer that ppp connects to .
If you have
defaultroute
as an option in /etc/ppp/options, then pppd sets this up automatically. If
you do not then it does not. Of course you will be unable to connect to
anything if it does not, but that is your problem.

Many isps disable ping response ( even though this is against internet
protocol regulations) in the belief that it enhances security (it does not,
but who are we to argue).

[color=blue]
>Do you have real connectivity problems?[/color]
[color=blue]
>--[/color]
[color=blue]
>Tauno Voipio
>tauno voipio (at) iki fi[/color]
09-30-2007, 10:36 PM
unix

Re: Strange default route

> I'm connected to the internet via PPPoE (...) Look at the default route.[color=blue]
>It is using a gateway, and I don't seem to remember setting one up. (...)
>The host behind that IP address belongs to my ISP.[/color]

You have a machine controled by your ISP as a gateway to the Internet.
Where is the problem? This is the way it is supposed to be. In fact,
ISP means 'Internet Service Provider', doesn't it?

It seems that your gateway is not answering to 'pings'. It is a
security policy pretty common nowadays.

So, nothing weird in your configuration. The really strange thing is
this one:
[color=blue]
>I have disabled this, adding the default route semi-manually by the
>ip-up script (...)[/color]

And does it work? Which is your "semi-manual default route"?
09-30-2007, 10:36 PM
unix

Re: Strange default route

Hello again,

Thank you for your replies. This is a collective post answering all
questions asked earlier. To be honest, I have been a bit over-paranoid
here. Yes, that IP address is really my PPP co-endpoint. It caused
headache to me, because it hasn't been set as the default gateway
before.

Tauno Voipio: You are right. See above. Excuse my stupidity. =)

juanvi: My current default route is the same as before, but without a
gateway:

Destination Gateway Genmask Flags Metric Ref Use Iface
default * 0.0.0.0 U 0 0 0 ppp0

Yes it works. I guess, the kernel is taking the PtP endpoint from the
interface's configuration, or the router is just ignoring the fact that
I don't provide a gateway, and just forwards my packets (that's its
intention anyway).

Regards.