|reply to grasmussen |
Re: Questionable IP address outside service provider's gateway
said by grasmussen:Not sure what you mean by "scanning traffic." There is nothing special about the Private Address blocks. If this was something nefarious why would the attacker make it so obvious? If this was a CALEA tap you would never see it.
Is it possible that someone could be scanning traffic through this 192.168.x.x hop for the purpose of recording private info such as online bank account information?
The 184.108.40.206/22 and 220.127.116.11/22 IPs belong to Fibernet. Looks like Hop 5 is the interface between your ISP and wholesale ISP Fibernet.
Likewise on my traceroute 18.104.22.168/21 is Fibernet.
KISS - keep it simple stupid - Your ISP is using private IPs for routers within their network - nothing wrong with that. Using private IPs and exposing them to the Internet - a big no no. I should not be able to see hop 17 on my traceroute 192.168.1.2. As mentioned the fact you can see 192.168.1.5 and 192.168.1.1 is normal since you are internal to the ISP's network
The choice of particular private IP address block is unusual in that most home routers also use the 192.168/16 block making collision with customer LAN address more likely. Remember the benefit of Private Addresses is that the block can be used multiple times by multiple entities. However each user must keep the block hidden from the Internet.
If you are interested in the gory details of the side effects of using Private IPs within ISP core, RFC 6752 discusses the issue. I found it interesting reading. I had not paid much attention to the down side until I responded to your problem. BTW I am not an ISP nor do I play one on TV so this is new territory for me.