Help me! Tracert assistance.
Results 1 to 7 of 7

Thread: Help me! Tracert assistance.

  1. #1
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762

    Help me! Tracert assistance.

    Hello fellow members of antionline.com I need some help with an issue. I was at my cousins house today and we were checking some stuff out on his notebook. I went to www.ipchicken.com to obtain his WAN IP address. I went home and I was doing 'basic' stuff with the IP address. My question is my county's courthouse monitoring my cousins traffic? Reason I ask check out the results.

    I used tracert for 'XP'. Here is the output:

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\cn22>tracert x.x1.2x.2xx

    Tracing route to c-x-x-x9-x2.hsd1.fl.comcast.net [8.5.x.x]
    over a maximum of 30 hops:

    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 1 ms 1 ms 1 ms 192.168.1.1
    edited for security purposes of course.
    4 41 ms 39 ms 40 ms crflftmy02 [71.3.0.57]
    5 64 ms 62 ms 63 ms sl-gw25-atl-6-2.sprintlink.net [144.228.100.201]

    6 61 ms 62 ms 63 ms sl-bb21-atl-5-0.sprintlink.net [144.232.22.13]
    7 63 ms 63 ms 62 ms sl-bb22-atl-15-0.sprintlink.net [144.232.12.150]

    8 79 ms 80 ms 78 ms sl-bb23-fw-13-0.sprintlink.net [144.232.8.67]
    9 62 ms 64 ms 63 ms sl-bb21-fw-13-0.sprintlink.net [144.232.11.245]

    10 62 ms 61 ms 62 ms sprint-gw.dlstx.ip.att.net [192.205.32.69]
    11 90 ms 89 ms 88 ms tbr1-p011701.dlstx.ip.att.net [12.123.16.10]
    12 91 ms 92 ms 91 ms tbr2-cl12.hs1tx.ip.att.net [12.122.10.130]
    13 91 ms 90 ms 90 ms tbr1-cl2382.hs1tx.ip.att.net [12.122.9.169]
    14 89 ms 90 ms 88 ms tbr1-cl1476.ormfl.ip.att.net [12.122.4.102]
    15 88 ms 87 ms 87 ms 12.123.33.25
    16 91 ms 92 ms 92 ms 12.116.33.194
    17 95 ms 95 ms 95 ms te-8-4-ar01.bonitasprngs.fl.naples.comcast.net [
    xx.xx.xxx.xx]
    18 107 ms 113 ms 119 ms te-9-2-ur01.somecocourt.fl.sarasota.comcast.net [x (these last two were the county courts)
    .0.000.00]
    19 117 ms 117 ms 117 ms fe-0-0-ubr01.somecocourt.fl.sarasota.comcast.net [x (edited for security purposes)
    x.x.x7.x]
    20 * * * Request timed out.
    21 * * * Request timed out.
    22 * * * Request timed out.
    23 * * * Request timed out.
    24 * * * Request timed out.
    25 * * * Request timed out.
    26 * * * Request timed out.
    27 * * * Request timed out.
    28 * * * Request timed out.
    29 * * * Request timed out.
    30 * * * Request timed out.

    Trace complete.
    Do you think county court is monitoring/traffic on my cousins system? He was previously in trouble with the law before and is still on felony probation, but is soon to be free and clear. What is your guys/gals take on this? All help is greatly appreciated.

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    119
    Well unless you provide the full trace it is rather hard to say what those hops actually are. I highly doubt comcast is routing his traffic to the county court, because if he was being monitored it wouldnt be so obvious. In addition most county courts don't have the necessary gear and/or knowledge to monitor anybodys connection.


    Have you tried to trace route to an addy like 4.2.2.2 from his computer? Oh and the most important question, did his arrest stem from a computer crime?

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    In some ways, I wish bytewrangler had never posted the Kevin Poulsen article here on finding those who are watching you by using tracert...

    Before I get into reasons, let me tell you that a traceroute with hops in the middle editted is completely useless... I can't tell you what it is if you hide the address from me... without those no one would be able to tell you anything from that... I can explain to you what the addresses are if you give them to me...but I can also tell you without seeing them that no one is snooping on the connection...


    FACT
    The internet is a large rambling cloud... There is no guarentee of the route that traffic will take... It could very from day to day, from tracert to tracert or from packet to packet... The majority of routing protocols make decisions a lot like electricity does... they take the path of least resistance. Sure there could be static routes in place and their are routing protocols that just plain suck...but for the most part... traffic on the internet varies...

    FACT
    There are many simpler and easier ways to watch someones actions on the internet, especially if you have access to the backbone and they don't require rerouting traffic... You could do it and hide the fact that you were doing it.

    FACT
    Finding eavesdroppers by tracert came from Kevin Poulsen... He's a nobody... His IT fame is comparible to the other Kevin.... Poulsen and Mitnick are nothing but washed up losers.. SecurityFocus and then Wired grabbed Poulsen because his name is associated with the media...because he's infamous... It's like getting OJ Simpson to cover the forensics of murder investigations... or Karla Homolka to talk about why Sex Predators are dangerous... Poulsen is a media grab with no real IT intelligence.

    So unless you want to give me the "county courthouse" hostname and why you think it's the county courthouse...you'll have to take my word that your theory is only good enough for the trash..

    Peace,
    HT

    [Edit]
    Sample Traceroute to the last valid IP in your traceroute
    Code:
    desktop:~ # traceroute te-8-4-ar01.bonitasprngs.fl.naples.comcast.net
    traceroute to te-8-4-ar01.bonitasprngs.fl.naples.comcast.net (68.87.236.21), 30 hops max, 40 byte packets
     1  m0n0wall.local (192.168.1.1)  0.917 ms   1.331 ms   0.831 ms
     2  10.194.238.1 (10.194.238.1)  9.767 ms   12.345 ms   12.079 ms
     3  gw04-vlan201.etob.phub.net.cable.rogers.com (66.185.90.129)  14.727 ms   14.456 ms   18.733 ms
     4  gw03.etob.phub.net.cable.rogers.com (66.185.93.161)  16.030 ms   15.990 ms   15.437 ms
     5  gw02.bloor.phub.net.cable.rogers.com (66.185.82.102)  15.101 ms   9.582 ms   9.300 ms
     6  66.185.80.45 (66.185.80.45)  13.853 ms   16.808 ms   16.209 ms
     7  igw01.vaash.phub.net.cable.rogers.com (66.185.80.190)  35.478 ms   35.585 ms   35.270 ms
     8  * * *
     9  ge5-3-1-1000m.ar1.dca3.gblx.net (67.17.107.13)  25.667 ms   29.228 ms   27.020 ms
    10  att-3.ar1.DCA3.gblx.net (208.50.13.254)  37.839 ms   40.271 ms   34.865 ms
    11  tbr2-p033401.wswdc.ip.att.net (12.123.8.118)  67.186 ms   71.147 ms   69.454 ms
    12  tbr1-cl17.attga.ip.att.net (12.122.10.70)  71.771 ms   70.344 ms   68.948 ms
    13  tbr2-cl1474.ormfl.ip.att.net (12.122.12.122)  73.504 ms   70.795 ms   71.209 ms
    14  12.123.33.29 (12.123.33.29)  64.210 ms   67.468 ms   74.150 ms
    15  12.116.33.194 (12.116.33.194)  79.330 ms   76.533 ms   76.561 ms
    16  * * *
    17  * * *
    18  * * *
    19  * * *
    20  * * *
    21  * * *
    22  * * *
    23  * * *
    24  * * *
    25  * * *
    26  * * *
    27  * * *
    28  * * *
    29  * * *
    30  * * *
    desktop:~ #
    [/Edit]
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  4. #4
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    762
    Since your willing to help me I will help you. I just wasnt sure how smart it is posting this type of information on a security site such as AO.

    Anyways, here it is:

    C:\Documents and Settings\Michael>tracert xx.x.x

    Tracing route to c-xx-xx-xx-xx.hsd1.fl.comcast.net [x.x.xxx.xxx]
    over a maximum of 30 hops:

    1 <1 ms <1 ms <1 ms 192.168.0.1
    2 1 ms 1 ms 1 ms 192.168.1.1
    4 41 ms 39 ms 40 ms crflftmy02 [71.3.0.57]
    5 64 ms 62 ms 63 ms sl-gw25-atl-6-2.sprintlink.net [144.228.100.201]

    6 61 ms 62 ms 63 ms sl-bb21-atl-5-0.sprintlink.net [144.232.22.13]
    7 63 ms 63 ms 62 ms sl-bb22-atl-15-0.sprintlink.net [144.232.12.150]

    8 79 ms 80 ms 78 ms sl-bb23-fw-13-0.sprintlink.net [144.232.8.67]
    9 62 ms 64 ms 63 ms sl-bb21-fw-13-0.sprintlink.net [144.232.11.245]

    10 62 ms 61 ms 62 ms sprint-gw.dlstx.ip.att.net [192.205.32.69]
    11 90 ms 89 ms 88 ms tbr1-p011701.dlstx.ip.att.net [12.123.16.10]
    12 91 ms 92 ms 91 ms tbr2-cl12.hs1tx.ip.att.net [12.122.10.130]
    13 91 ms 90 ms 90 ms tbr1-cl2382.hs1tx.ip.att.net [12.122.9.169]
    14 89 ms 90 ms 88 ms tbr1-cl1476.ormfl.ip.att.net [12.122.4.102]
    15 88 ms 87 ms 87 ms 12.123.33.25
    16 91 ms 92 ms 92 ms 12.116.33.194
    17 95 ms 95 ms 95 ms te-8-4-ar01.bonitasprngs.fl.naples.comcast.net [
    68.87.236.21]
    18 107 ms 113 ms 119 ms te-9-2-ur01.leecocourt.fl.naples.comcast.net [68
    .87.236.34]
    19 117 ms 117 ms 117 ms fe-0-0-ubr01.leecocourt.fl.naples.comcast.net [6
    8.87.237.54]

    20 * * * Request timed out.
    21 * * * Request timed out.
    22 * * * Request timed out.
    23 * * * Request timed out.
    24 * * * Request timed out.
    25 * * * Request timed out.
    26 * * * Request timed out.
    27 * * * Request timed out.
    28 * * * Request timed out.
    29 * * * Request timed out.
    30 * * * Request timed out.

    Trace complete.
    Thanks, cn22 ( I only edited my IP and my cousins IP) i left the information you asked for. Cheers, Michael

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Originally posted here by Computernerd22
    Since your willing to help me I will help you. I just wasnt sure how smart it is posting this type of information on a security site such as AO.
    You aren't posting your information so there's no harm in it...

    Check out -- http://www.pcguide.com/vb/showthread.php?p=291034 <-- another person with that as well as bonita springs.

    It's just the name that's be assigned to that region...

    [code]
    desktop:~ # nslookup 68.87.237.58
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    58.237.87.68.in-addr.arpa name = fe-0-1-ubr02.leecocourt.fl.naples.comcast.net.

    desktop:~ # nslookup 68.87.237.57
    Server: 192.168.1.1
    Address: 192.168.1.1#53

    Non-authoritative answer:
    57.237.87.68.in-addr.arpa name = ge-2-38-ur01.leecocourt.fl.naples.comcast.net.
    [/quote]

    There's too others that resolve to the same thing... you've got nothing to worry about..

    Take a look at mine... you'll notice

    Etob and bloor are two prefixes near the start...

    Etob = Etobicoke
    Bloor = Bloor St

    I don't live in Etobicoke and I definately don't live on Bloor St.... but I don't get all concerned....

    I realize that even though I'm in Toronto... the closest hop for me would be Etobicoke (essentially it is Toronto).... and Bloor St. is a fairly close major street (15 minutes by bus)... so my local loop makes its way to a router in Etobicoke... which works it's way up to somewhere Bloor..

    A Quick search of google will confirm this

    333 Bloor Street East
    Toronto, Ontario
    M4W 1G9
    Fax: (416) 935-4875
    The address for Rogers Cable (my provider).... So most likely I go to the closest "switching station" (Etobicoke) and then travel to the hub for the area... which is at their headquarters...

    I wouldn't be too concerned about it.

    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi, HT~ why don't we tell the guy the truth?

    After all, it must be about 16 years since the CANBRIT Agency started monitoring ALL Americans and reasonable facsimilies? (assuming that there is such a thing )

    On a slightly more serious note (I have just spent 2 hours with an id10t, and even the fees don't make that feel any better) could this not just be a linguistics thing?

    Like "court" is the same as "drive" or "avenue" or "square" or "road" or "park" or "street"

    Like it is a partial address indicator

    Anyways, have you any suggestions regarding that partial time envelope blackout............. I honestly cannot get my satellite to go any faster
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    I wouldn't worry about it. "leecocourt" has turned up in a few tracert's from the looks of it:

    http://www.google.com/search?hl=en&q...=Google+Search

    Comcast could well have a network node in the courthouse, something akin to a radio station having an antenna on their roof.

    If the authorities are watching your cousin, the first place they'll start is his isp. Most of the important stuff we do on the net is logged. And a lot of the unimportant too. And it's the isp that'll match his name to an ip addy.

    Got logs?
    “Everybody is ignorant, only on different subjects.” — Will Rogers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides