Join 3,438 readers in helping fund MetaFilter (Hide)


What did you do with your snow day?
February 9, 2013 1:37 PM   Subscribe

Fun With Traceroute
posted by eviemath (23 comments total) 19 users marked this as a favorite

 
I'm supposed to sit around and traceroute shit?
posted by nathancaswell at 1:52 PM on February 9, 2013 [3 favorites]


I'm supposed to sit around and traceroute shit?
here, for lazy peoples.
posted by juv3nal at 1:59 PM on February 9, 2013 [4 favorites]


I am not that bored.
posted by desjardins at 1:59 PM on February 9, 2013 [1 favorite]


Ok, this is neat. I wish I had the available address space to do something like this.
posted by yeoz at 2:09 PM on February 9, 2013


That was pretty great.
posted by Pope Guilty at 2:26 PM on February 9, 2013


A most excellent use of precious IP address space!
posted by zachlipton at 2:32 PM on February 9, 2013 [3 favorites]


You could do it with ipv6 space.
posted by hattifattener at 2:48 PM on February 9, 2013 [1 favorite]


None of the hostnames resolve for me. I'm bored enough to traceroute stuff but I'm not bored enough to fire up dig and figure out why it is broken.
posted by Ad hominem at 2:52 PM on February 9, 2013


Can I unflag this? On first read I thought it was just like, oh, someone discovered their computer has a command line. But then later I came back and actually ran the example...
posted by indubitable at 3:51 PM on February 9, 2013 [2 favorites]


-m200, I shutter to think of the quality of service for someone that needed that many hops for the text to play out. -m60 was fine for me.

Not to spoiler, but since people seem to mistake this post: Some guy rigged a /24 to bounce around in such a way that the reverse dns forms a longer message. It's cute but pretty nerdy.
posted by cj_ at 4:24 PM on February 9, 2013 [3 favorites]


I was expecting to have to resize to 80x24 for the ASCII-art version involving a lightsaber battle a la ascii matrix.

Still fun though!
posted by pulposus at 4:37 PM on February 9, 2013 [3 favorites]


I burst out into uncontrollable giggles when the message started...

Took 61 hops for me, as a reference.
posted by inparticularity at 4:40 PM on February 9, 2013 [1 favorite]


Not to spoiler, but since people seem to mistake this post: Some guy rigged a /24 to bounce around in such a way that the reverse dns forms a longer message. It's cute but pretty nerdy.

I'd like to picture a rack of 48 decommissioned Cisco 2600 routers in some basement somewhere, but I fear this was done with sorcery.
posted by gjc at 5:48 PM on February 9, 2013


Sorry, but I'm afraid I'm far too much of a "noob" to unleash the terrifying ninjitsu hacking power of Tracer T!
posted by Rhaomi at 6:02 PM on February 9, 2013 [1 favorite]


A snowstorm in 1978 resulted in CBBS, the first computerized bulletin board. Sometimes a bit of extreme weather can be a good thing if used properly.
posted by MikeWarot at 6:39 PM on February 9, 2013 [4 favorites]


I was expecting to have to resize to 80x24 for the ASCII-art version involving a lightsaber battle

For that you'll have to telnet to towel.blinkenlights.nl
posted by junco at 6:57 PM on February 9, 2013 [3 favorites]


Does Tracer T = Tracer Tong?
posted by nathancaswell at 7:03 PM on February 9, 2013 [1 favorite]


I was expecting that somehow this would route My house->Chicago->New York->UK->several European and Asian countries->Australia->LA->Chicago->destination or something like that.

This was a lot more fun.
posted by double block and bleed at 7:51 PM on February 9, 2013


Indeed. He explains it here.
It is accomplished using many vrfs on (2) Cisco 1841s. For those less technical, VRFs are essentially private routing tables similar to a VPN. When a packet destined to 216.81.59.173 (AKA obiwan.scrye.net) hits my main gateway, I forward it onto the first VRF on the “ASIDE” router on 206.214.254.1. That router then has a specific route for 216.81.59.173 to 206.214.254.6, which resides on a different VRF on the “BSIDE” router. It then has a similar set up which points it at 206.214.254.9 which lives in another VPN on “ASIDE” router. All packets are returned using a default route pointing at the global routing table. This was by design so the packets TTL expiration did not have to return fully through the VRF Maze.
posted by cj_ at 1:59 PM on February 10, 2013


Ok, so if I understand this correctly: when the packets hits his main gateway to the IP address on his network, he sends it to one of two routers, each router being the destination for a number of different IPs. When it hits router A, it sends it to B, which sends it back to A, and back and forth for a while (once for each line in the crawl), each time to a new IP that is always bound to one of the two routers. He does this by setting up custom routing tables for each individual IP, telling it to bounce to the other one.

By doing this bouncing then, he can produce a custom sequence of IP addresses. Each one of those IP addresses is then registered with his DNS server as having an address which is the line from the opening crawl, which traceroute uncovers when doing a reverse DNS. Right?

I'm honestly a little unclear about how the reverse DNS process works here. I guess I just don't know enough about reverse DNS. When you send out a reverse DNS query, does it go to the DNS root servers who say, "Oh, you're looking for the DNS name for IP address X? Well, DNS server Y is taking care of that, go ask it instead of me for the full details", where Y is his (or his company's) own server, which is why it can give such goofy responses? Does that about sum it up?
posted by gkhan at 3:19 PM on February 10, 2013


gkhan: Yes.

Reverse DNS works on the .arpa top-level domain (originally for the famous Advanced Research Projects Agency, this now stands for Address and Routing Parameter Area). To do an rDNS query, you reverse the dotted-quad notation for the IP and append '.in-addr.arpa' and submit that to any regular old DNS server. The root servers delegate authority over zones of this TLD to servers controlled by the owners of the IP space the same way forward DNS domains are delegated.

The obvious problem with this is that it becomes difficult to split authority over CIDR blocks smaller than a /24. The not-so-obvious hack to work around that is to create a zone with a custom name like 16-29.23.16.172.in-addr.arpa to represent 172.16.23.16/29, set up the corresponding reverse DNS names (16.23.16.172.in-addr.arpa, 17.23.16.172.in-addr.arpa, …) as CNAMEs for that new name (i.e. 16.23.16.172.in-addr.arpa points to 16.16-29.23.16.172.in-addr.arpa), and then hand off authority over that zone to your customer who wants to run their own reverse DNS. Clever, really.
posted by spitefulcrow at 3:48 PM on February 10, 2013


The details are a little invoved, but the short version is: like forward DNS, reverse is delegated, generally in large blocks. If you have an ISP willing to pay ball (NB: ComCast residential and the like are not such an ISP, plus you need a static IP address) you can get a slice of the pie that corresponds to your ip delegated and run it yourself, but in this case the company he consults for allowed him to hijack one of their unused /24's (block of 256 ips). Roughly, what goes on behind the scenes can be seen from, for example, this query (note the AUTHORITY section): $ dig 105.224.125.74.in-addr.arpa. PTR
posted by cj_ at 3:55 PM on February 10, 2013


scooped!
posted by cj_ at 3:55 PM on February 10, 2013


« Older Submitted for your enjoyment: The misadventures of...  |  Since March 21, 1994, when the... Newer »


This thread has been archived and is closed to new comments