Strange default route - Security

This is a discussion on Strange default route - Security ; Hello comp.os.linux.security. So, what I've got here is the strangest problem, I've ever had. I'm connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux PPPoE plugin). Until today it was set to add a default route automatically, as ...

+ Reply to Thread
Results 1 to 6 of 6

Thread: Strange default route

  1. Strange default route

    Hello comp.os.linux.security.

    So, what I've got here is the strangest problem, I've ever had. I'm
    connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux
    PPPoE plugin). Until today it was set to add a default route
    automatically, as the interface is set up. I have disabled this, adding
    the default route semi-manually by the ip-up script, for the following
    reason.

    Today, when I was checking my IPv4 routing table, I have noticed the
    following weirdness:

    Kernel IP routing table
    Destination Gateway Genmask Flags Metric Ref Use Iface
    217.0.116.62 * 255.255.255.255 UH 0 0 0 ppp0
    192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
    192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
    loopback * 255.0.0.0 U 0 0 0 lo
    default 217.0.116.62 0.0.0.0 UG 0 0 0 ppp0

    Look at the default route. It is using a gateway, and I don't seem to
    remember setting one up. I also don't find that IP address anywhere in
    '/etc' via grep. The host behind that IP address belongs to my ISP (by
    what 'whois' is telling me), but weirdly it does not respond to
    anything. 'nmap' yields no responses with TCP/UDP/FIN scan methods, and
    my pings don't get answered by that host.

    Tracing the route of that host just gives me a list of time-outs. So
    either there is no route, or that host must be very near to mine.
    Because of the following paragraph, I think the latter is more
    realistic. Maybe you can tell a different story, talking to users of
    other ISPs, i.e. not of the German company T-Online (which is closely
    related to the Deutsche Telekom AG).

    What makes me nervous is that I didn't have any connection problems so
    far. In other words: That host actually _does_ act as a gateway and
    forwards my packets as normal. Since I removed that gateway, nothing
    has changed. My connection is still fine.

    So my questions:
    * Have you experienced similar symptoms?
    * Does PPP(oE) feature mandating a default gateway to the client?
    * What do non-T-Online users get, when trying to trace/contact that
    host?

    Currently I'm connecting those facts to the European Union's data
    retention plans. You may want to have a look at the following web-sites
    addressing that issue:
    * http://www.epic.org/privacy/intl/data_retention.html
    * http://www.dataretentionisnosolution.com/


    Regards.

  2. Re: Strange default route


    Greetings ES,

    Here is a trace from Edmonton, Canada.

    Tracing route to 217.0.116.62 over a maximum of 30 hops

    1 14 ms 14 ms 14 ms d198-166-16-1.abhsia.telus.net [198.166.16.1]

    2 14 ms 14 ms 14 ms edtnabxmdr00.bb.telus.com [154.11.95.134]

    3 13 ms 13 ms 14 ms edtnabkdgr01.bb.telus.com [205.233.111.108]

    4 50 ms 49 ms 50 ms toroonxngr00.bb.telus.com [154.11.11.54]

    5 50 ms 117 ms 78 ms 212.184.27.21

    6 158 ms 158 ms 159 ms s-ea1.S.DE.net.DTAG.DE [62.154.22.138]

    7 297 ms 194 ms 169 ms 217.0.116.62

    Trace complete.

  3. Re: Strange default route

    Ertugrul Soeylemez wrote:
    > Hello comp.os.linux.security.
    >
    > So, what I've got here is the strangest problem, I've ever had. I'm
    > connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux
    > PPPoE plugin). Until today it was set to add a default route
    > automatically, as the interface is set up. I have disabled this, adding
    > the default route semi-manually by the ip-up script, for the following
    > reason.
    >
    > Today, when I was checking my IPv4 routing table, I have noticed the
    > following weirdness:
    >
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 217.0.116.62 * 255.255.255.255 UH 0 0 0 ppp0
    > 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
    > 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
    > loopback * 255.0.0.0 U 0 0 0 lo
    > default 217.0.116.62 0.0.0.0 UG 0 0 0 ppp0
    >
    > Look at the default route. It is using a gateway, and I don't seem to
    > remember setting one up. I also don't find that IP address anywhere in
    > '/etc' via grep. The host behind that IP address belongs to my ISP (by
    > what 'whois' is telling me), but weirdly it does not respond to
    > anything. 'nmap' yields no responses with TCP/UDP/FIN scan methods, and
    > my pings don't get answered by that host.


    Come on - it is *your own* ppp0 interface.
    Have a look at output of /sbin/ifconfig.

    The default route should point to the next hop toward
    the common Internet, and so it does. A point-to-point
    connection pushes everything arriving at one end to
    the other end (which is your way out to the Net).

    Do you have real connectivity problems?

    --

    Tauno Voipio
    tauno voipio (at) iki fi

  4. Re: Strange default route

    Tauno Voipio writes:

    >Ertugrul Soeylemez wrote:
    >> Hello comp.os.linux.security.
    >>
    >> So, what I've got here is the strangest problem, I've ever had. I'm
    >> connected to the internet via PPPoE (using pppd/rp-pppoe with the Linux
    >> PPPoE plugin). Until today it was set to add a default route
    >> automatically, as the interface is set up. I have disabled this, adding
    >> the default route semi-manually by the ip-up script, for the following
    >> reason.
    >>
    >> Today, when I was checking my IPv4 routing table, I have noticed the
    >> following weirdness:
    >>
    >> Kernel IP routing table
    >> Destination Gateway Genmask Flags Metric Ref Use Iface
    >> 217.0.116.62 * 255.255.255.255 UH 0 0 0 ppp0
    >> 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
    >> 192.168.0.0 * 255.255.255.0 U 0 0 0 eth1
    >> loopback * 255.0.0.0 U 0 0 0 lo
    >> default 217.0.116.62 0.0.0.0 UG 0 0 0 ppp0
    >>
    >> Look at the default route. It is using a gateway, and I don't seem to
    >> remember setting one up. I also don't find that IP address anywhere in
    >> '/etc' via grep. The host behind that IP address belongs to my ISP (by
    >> what 'whois' is telling me), but weirdly it does not respond to
    >> anything. 'nmap' yields no responses with TCP/UDP/FIN scan methods, and
    >> my pings don't get answered by that host.


    >Come on - it is *your own* ppp0 interface.
    >Have a look at output of /sbin/ifconfig.


    >The default route should point to the next hop toward
    >the common Internet, and so it does. A point-to-point
    >connection pushes everything arriving at one end to
    >the other end (which is your way out to the Net).


    To amplify, ppp is a point to point interface. It connects one computer to
    another. It does not connect a computer to a network. Thus the gateway MUST
    be that computer that ppp connects to .
    If you have
    defaultroute
    as an option in /etc/ppp/options, then pppd sets this up automatically. If
    you do not then it does not. Of course you will be unable to connect to
    anything if it does not, but that is your problem.

    Many isps disable ping response ( even though this is against internet
    protocol regulations) in the belief that it enhances security (it does not,
    but who are we to argue).




    >Do you have real connectivity problems?


    >--


    >Tauno Voipio
    >tauno voipio (at) iki fi


  5. Re: Strange default route

    > I'm connected to the internet via PPPoE (...) Look at the default route.
    >It is using a gateway, and I don't seem to remember setting one up. (...)
    >The host behind that IP address belongs to my ISP.


    You have a machine controled by your ISP as a gateway to the Internet.
    Where is the problem? This is the way it is supposed to be. In fact,
    ISP means 'Internet Service Provider', doesn't it?

    It seems that your gateway is not answering to 'pings'. It is a
    security policy pretty common nowadays.

    So, nothing weird in your configuration. The really strange thing is
    this one:

    >I have disabled this, adding the default route semi-manually by the
    >ip-up script (...)


    And does it work? Which is your "semi-manual default route"?


  6. Re: Strange default route

    Hello again,

    Thank you for your replies. This is a collective post answering all
    questions asked earlier. To be honest, I have been a bit over-paranoid
    here. Yes, that IP address is really my PPP co-endpoint. It caused
    headache to me, because it hasn't been set as the default gateway
    before.


    Tauno Voipio: You are right. See above. Excuse my stupidity. =)


    juanvi: My current default route is the same as before, but without a
    gateway:

    Destination Gateway Genmask Flags Metric Ref Use Iface
    default * 0.0.0.0 U 0 0 0 ppp0

    Yes it works. I guess, the kernel is taking the PtP endpoint from the
    interface's configuration, or the router is just ignoring the fact that
    I don't provide a gateway, and just forwards my packets (that's its
    intention anyway).


    Regards.

+ Reply to Thread