Monthly Archives: July 2014

M1 routers misbehaving

Was doing a routine scan when I spotted an unfamiliar address on the network: 192.168.200.1. Strangely arp doesn’t reveal its MAC address, which seems odd given that this is a private IP address used internally.

Traceroute reveals the truth:

> tracert 192.168.200.1

Tracing route to 192.168.200.1 over a maximum of 30 hops

1 3 ms 4 ms 3 ms 10.0.0.2
2 * * * Request timed out.
3 213 ms 5 ms 5 ms 158.210-193-4.unknown.qala.com.sg [210.193.4.158]
4 3 ms 3 ms 3 ms 157.210-193-4.unknown.qala.com.sg [210.193.4.157]
5 104 ms 4 ms 5 ms 217.203-211-158.unknown.qala.com.sg [203.211.158.217]
6 88 ms 5 ms 22 ms 214.203-211-158.unknown.qala.com.sg [203.211.158.214]
7 25 ms 5 ms 14 ms 192.168.200.1

Trace complete.

It seems someone has a misconfigured or misbehaving router that’s exposing private IP addresses. Let’s hope it is not storing something incredibly important.