I can ping a host that should not exist!

scilek · Mar 19, 2020, 7:47 PM

Today, I set up a router for some acquaintance of mine who also happens to be a small business owner. I took it to his place and installed it without a problem. He wants to be able to connect to some assets at his workplace from anywhere he likes. I opened the HTTPS and SSH ports temporarily so that I could finish the rest of the work in the comfort of my house. I got home and connected to the router. I created and OpenVPN server and connected to the router without a problem. Then I started pinging one of the machines on the local network continuously:

ping 172.16.0.2. -t -w 500

Everything was working fine. So I was happy having set up yet another router. I disconnected from the OpenVPN server and then started closing my open windows. But when I got too the cmd window, I was horrifed! It was still successfully pinging 172.16.0.2! How could that be?

I checked all my interfaces but none of them was configured to172.16.0.2. Then it occurred to me to use tracert to trace to the host and this was what I got:

C:\>tracert -d 172.16.0.2

Tracing route to 172.16.0.2 over a maximum of 30 hops

 1    <1 ms    <1 ms    <1 ms  192.168.255.1
 2    44 ms    45 ms    44 ms  212.156.201.190
 3    47 ms    48 ms    48 ms  81.212.2.189
 4    48 ms    50 ms    49 ms  81.212.25.136
 5    47 ms    45 ms    44 ms  81.212.218.208
 6    48 ms    46 ms    46 ms  81.212.199.1
 7    55 ms    55 ms    52 ms  212.156.109.137
 8    48 ms    47 ms    47 ms  172.16.0.2

Trace complete.

I know this is not an OpenVPN issue, but still I wonder how on earth could that be? One of the first thing I learned from the book was that private IP addresses are not supposed to show up on the Internet. Does this have and explanation or did someone make a really big mistake somewhere? Does anyone have any idea what is going on?

johnpoz · Mar 19, 2020, 7:52 PM

Get with your ISP.. I would assume this company

Turk Telekomunikasyon Anonim Sirketi

That is who owns the 212.156 address space you list.. And that is your next hop.. And then you come right back around to same address space.

And that 81.212 is also their space..

inetnum: 81.212.0.0 - 81.212.255.255
netname: TTNET
descr: Turk Telekom A.S.

So yeah your router will send that traffic to your isp, because hey it just knows it doesn't have a local route - so it sends it to your ISP... your isp should just really drop it, since it should not show its customers any routers to their internal networks, etc. But looks like you bounce around their network and then hit something in their network with that IP..

Contact them about it.

scilek · Mar 19, 2020, 8:00 PM

So yeah your router will send that traffic to your isp, because hey it just knows it doesn't have a local route - so it sends it to your ISP... your isp should just really drop it, since it should not show its customers any routers to their internal networks, etc. But looks like you bounce around their network and then hit something in their network with that IP..

So that is not supposed to happen, right? Someone made a very big mistake somewhere and this is an embarrassing situation for a multi-billion dollar company, right?

johnpoz · Mar 19, 2020, 8:05 PM

Yeah it shouldn't happen no ;) Do large corps make mistakes - sure all the time!

But keep in mind you are actually connected to "their" network - so they can use rfc1918 space in that network for sure... Look at your dhcp server you get from your isp, quite often this is a rfc1918 IP address..

scilek · Mar 19, 2020, 8:06 PM

@johnpoz said in I can ping a host that should not exist!:

Yeah it shouldn't happen no ;) Do large corps make mistakes - sure all the time!

Well that's a load off my mind! I was beginning to question my networking expertise! I spent hours trying to fix my own PC...

johnpoz · Mar 19, 2020, 8:07 PM

If in your trace you had bounced around to other networks - then that would be a concern... But you look to just stay in the Turk Telekom network...