Theme

Welcome · log in · join	food

Home

Reviews

Speed Test

	All Forums		Hot Topics		Gallery

Search similar:

Forums → US ISPs cable →

Charter Spectrum → [HSI] My Charter traffic is being intercepted?!

uniqs
1282

« [NEWS] Charter Adds 87,900 Broadband Users In Q1 • Red Light on Modem »

folio join:2011-05-01 Kalamazoo, MI	folio Member 2011-May-1 11:33 pm [HSI] My Charter traffic is being intercepted?! After doing a traceroute out to www.yahoo.com, I noticed an INTRAnet address 1 hop beyond my home router. 1 1 ms 1 ms 1 ms 192.168.2.1 2 10 ms 11 ms 9 ms 10.178.64.1 3 12 ms 11 ms 11 ms swc02klmzmi-gbe-1-3.klmz.mi.charter.com [96.34.36.44] ... ... Then, I went to »www.whatismyip.com/ and noticed that my return traffic IP address doesn't even match the IP address of my outgoing traffic, being a 97.92.x.x Charter address instead. My traffic is being intercepted!! I am seriously creeped out about this.
	actions · 2011-May-1 11:33 pm ·
JTY join:2004-05-29 Ellensburg, WA	JTY Member 2011-May-2 12:22 am The IP of hop 2 is the CMTS, and they almost always have a private IP assigned to them.
	actions · 2011-May-2 12:22 am ·
Civrock Premium Member join:2005-06-25 Wilkesboro, NC	Civrock to folio Premium Member 2011-May-2 12:25 am to folio The first hop after your home network, if there's anything between computer and modem, should always be the CMTS. EDIT: Typed it, left the desk, and posted when I returned. I see someone else answered that one already.
	actions · 2011-May-2 12:25 am ·
ipv4izdead @telus.net	ipv4izdead to folio Anon 2011-May-2 12:28 am to folio hop2. internal(non-internet) address is a way to save on IP4 address and leave them for users. in the rogers forum, someone noted that hop two was department of defense(DOD), that rogers had foolishly made as a non-routable IP for hop 2. »Why is my first hop to a DoD assigned IP address?
	actions · 2011-May-2 12:28 am ·
folio join:2011-05-01 Kalamazoo, MI	folio to Civrock Member 2011-May-2 2:40 am to Civrock I can understand saving IPv4 addresses by NAT from the CMTS, but having a different address for the return route is what made it alarming. It still looks like interception.
	actions · 2011-May-2 2:40 am ·
AJR2 join:2009-03-18 Alabaster, AL	AJR2 Member 2011-May-2 9:43 am It is asymmetric routing, nothing more. It isn't anything to be worried about.
	actions · 2011-May-2 9:43 am ·
zed2608 Premium Member join:2007-09-30 Cleveland, TN	zed2608 to folio Premium Member 2011-May-2 10:30 am to folio if charter wanted to intercept the trafic they can without you being able to dectect it without you ever knowing with the right dpi implementation it could be possble to intercept anything and youed never know
	actions · 2011-May-2 10:30 am ·
koma3504 Advocate Premium Member join:2004-06-22 Granbury, TX	koma3504 to folio Premium Member 2011-May-2 12:05 pm to folio Can we see the whole trace to yahoo??? Tracing route to any-fp.wa1.b.yahoo.com [209.191.122.70] over a maximum of 30 hops: 1 Router Request timed out. 2 4 ms 4 ms 4 ms Firewall 3 * * * Modem 4 12 ms 16 ms 10 ms acr01nrictx-gbe-8-10.ftwo.tx.charter.com [96.3 113.12] 5 13 ms 22 ms 12 ms 96-34-113-47.static.unas.tx.charter.com [96.34 13.47] 6 38 ms 61 ms 34 ms dtr01ftwotx-tge-4-2.ftwo.tx.charter.com [96.34 13.8] 7 15 ms 19 ms 14 ms 96-34-113-66.static.unas.tx.charter.com [96.34 13.66] 8 15 ms 17 ms 15 ms bbr01ftwotx-tge-0-0-5-0.ftwo.tx.charter.com [9 34.2.32] 9 16 ms 17 ms 16 ms 96-34-3-73.static.unas.mo.charter.com [96.34.3 3] 10 14 ms 16 ms 13 ms 96-34-149-26.static.unas.mo.charter.com [96.34 49.26] 11 29 ms 19 ms 16 ms ae-1-d110.msr2.mud.yahoo.com [216.115.104.101] 12 17 ms 18 ms 19 ms te-6-2.fab2-a-gdc.mud.yahoo.com [209.191.78.15 13 15 ms 16 ms 17 ms te-9-1.bas-c2.mud.yahoo.com [68.142.193.11] 14 16 ms 16 ms 15 ms ir1.fp.vip.mud.yahoo.com [209.191.122.70] Trace complete. I have 7 hops within charter this is Normal.
	actions · 2011-May-2 12:05 pm ·
DocDrew How can I help? Premium Member join:2009-01-28 SoCal Ubee E31U2V1 Technicolor TC4400 Linksys EA6900	DocDrew Premium Member 2011-May-2 1:01 pm said by koma3504: Tracing route to any-fp.wa1.b.yahoo.com [209.191.122.70] over a maximum of 30 hops: 1 Router Request timed out. 2 4 ms 4 ms 4 ms Firewall 3 * * * Modem 4 12 ms 16 ms 10 ms acr01nrictx-gbe-8-10.ftwo.tx.charter.com [96.3 113.12] Hop 3 in your trace is the CMTS, not your modem.
	actions · 2011-May-2 1:01 pm ·
DocDrew	DocDrew to folio Premium Member 2011-May-2 1:08 pm to folio said by folio: After doing a traceroute out to www.yahoo.com, I noticed an INTRAnet address 1 hop beyond my home router. 1 1 ms 1 ms 1 ms 192.168.2.1 2 10 ms 11 ms 9 ms 10.178.64.1 3 12 ms 11 ms 11 ms swc02klmzmi-gbe-1-3.klmz.mi.charter.com [96.34.36.44] The 10. address is the gateway for the modem link on the CMTS.
	actions · 2011-May-2 1:08 pm ·
compuguybna join:2009-06-17 Nashville, TN	compuguybna to folio Member 2011-May-2 1:19 pm to folio Are you visting websites you SHOULD NOT be visiting? Not sure why this creeps you out. said by folio: After doing a traceroute out to www.yahoo.com, I noticed an INTRAnet address 1 hop beyond my home router. My traffic is being intercepted!! I am seriously creeped out about this.
	actions · 2011-May-2 1:19 pm ·
koma3504 Advocate Premium Member join:2004-06-22 Granbury, TX	koma3504 to DocDrew Premium Member 2011-May-2 2:08 pm to DocDrew no it is the modem cause its the device right in front of the firewall box. `Tracing route to 192.168.100.1 over a maximum of 30 hop 1 Router Request timed out. 2 3 ms 3 ms 3 ms Firewall Box 3 7 ms 4 ms 5 ms 192.168.100.1` Here is a tracroute from firewall box Hope 2 is the same Ip as I posted in my results above. 209.191.122.70 (ir1.fp.vip.mud.yahoo.com) 1 * * * 2 96.34.113.12 9.606 ms 9.151 ms 10.170 ms 3 96.34.113.47 17.181 ms 11.268 ms 9.066 ms 4 96.34.113.8 11.916 ms 8.225 ms 12.538 ms 5 96.34.113.20 12.932 ms 96.34.113.37 9.022 ms 96.34.113.20 10.415 ms 6 96.34.2.32 31.967 ms 36.944 ms 96.34.113.22 13.323 ms 7 96.34.3.73 15.249 ms 21.391 ms 96.34.2.162 13.971 ms 8 96.34.3.71 11.469 ms 96.34.149.26 11.871 ms 13.532 ms 9 96.34.149.26 11.772 ms 11.792 ms 216.115.104.101 15.705 ms 10 209.191.78.155 14.076 ms 209.191.78.139 12.341 ms 209.191.78.155 12.808 ms 11 209.191.78.141 12.768 ms 209.191.78.169 16.280 ms 14.004 ms 12 * 209.191.78.169 13.138 ms 68.142.193.11 12.047 ms 13 * * * 14 * * * 15 * * * 16 * * * `A traceroute from firewall box to modem 192.168.100.1 (Reverse lookup failed) 1 192.168.100.1 1.086 ms 2.037 ms 0.938 ms` `A traceroute to Cm Ip address the modem gets. 10.108.130.xx (Reverse lookup failed) 1 10.108.130.xx 8.659 ms 2.083 ms 1.011 ms`
	actions · 2011-May-2 2:08 pm ·
DocDrew How can I help? Premium Member join:2009-01-28 SoCal Ubee E31U2V1 Technicolor TC4400 Linksys EA6900 4 edits	DocDrew Premium Member 2011-May-2 3:09 pm said by koma3504: no it is the modem cause its the device right in front of the firewall box. Tracing route to 192.168.100.1 over a maximum of 30 hop 1 Router Request timed out. 2 3 ms 3 ms 3 ms Firewall Box 3 7 ms 4 ms 5 ms 192.168.100.1 Here is a tracroute from firewall box Hope 2 is the same Ip as I posted in my results above. 209.191.122.70 (ir1.fp.vip.mud.yahoo.com) 1 * * * 2 96.34.113.12 9.606 ms 9.151 ms 10.170 ms 3 96.34.113.47 17.181 ms 11.268 ms 9.066 ms 192.168.100.1 is the LAN side gateway of the modem. 10.108.130.xx is the WAN side IP of your modem. Neither will show up in a trace unless directly traced or pinged. The 3rd hop in your original trace is the CMTS and it's configured not to respond to pings. It corresponds to folio's 2nd hop in his original trace. Hop 4, named acr01nrictx-gbe-8-10.ftwo.tx.charter.com [96.34.113.12] is the Gigabit Ethernet (GBE) interface of the CMTS or next device it's connected to. This corresponds to folio's 3rd hop in his original trace. said by koma3504: A traceroute to Cm Ip address the modem gets. 10.108.130.xx (Reverse lookup failed) 1 10.108.130.xx 8.659 ms 2.083 ms 1.011 ms Now tracert to the default gateway for your modem's management (WAN) IP (might be 10.108.130.1, if the subnet mask is 255.255.255.0) and see if that responds to pings. That would be the 3rd hop in your trace. The default gateway (on the CMTS) for your modem WAN IP.
	actions · 2011-May-2 3:09 pm ·
HFCNUT82 join:2007-12-13	HFCNUT82 Member 2011-May-3 1:56 pm First hop - Your router gateway IP..traffic leaving your LAN to a different IP subnet ...IE...the internet through Charter's network. Second hop - Cable modem gateway IP used on the cable/DOCSIS side. The IP is configured on a cable bundle interface on the CMTS. There are different Bundles depending if the device is residential, commercial, static IP, phone modems (MTA), DVRs get them too Third hop - Like Dr Drew said, that hop is the connection from the CMTS to the core or distribution portion of Charters network. Based on the hostname swc02klmzmi-gbe-1-3: 98% chance its a layer 3 switch on Gigabit ethernet slot 1 port 3 The reason why it doesn't match on the return is that more than likely it is load balancing and the active routes can change given the load of the interface. Also, you could have 2 -4 links connecting back to a CMTS from the core or distribution layer given the amount of traffic coming from it. So it could just be a different interface the route is passing through, normally the IP space would be closer to the same range for easier administration but it could be a new space/block being used. Hope this helps
	actions · 2011-May-3 1:56 pm ·

Forums → US ISPs cable → Charter Spectrum	« [NEWS] Charter Adds 87,900 Broadband Users In Q1 • Red Light on Modem »