Was doing a routine scan when I spotted an unfamiliar address on the network: 192.168.200.1. Strangely arp doesn’t reveal its MAC address, which seems odd given that this is a private IP address used internally.
Traceroute reveals the truth:
> tracert 192.168.200.1
Tracing route to 192.168.200.1 over a maximum of 30 hops
1 3 ms 4 ms 3 ms 10.0.0.2
2 * * * Request timed out.
3 213 ms 5 ms 5 ms 158.210-193-4.unknown.qala.com.sg [210.193.4.158]
4 3 ms 3 ms 3 ms 157.210-193-4.unknown.qala.com.sg [210.193.4.157]
5 104 ms 4 ms 5 ms 217.203-211-158.unknown.qala.com.sg [203.211.158.217]
6 88 ms 5 ms 22 ms 214.203-211-158.unknown.qala.com.sg [203.211.158.214]
7 25 ms 5 ms 14 ms 192.168.200.1
Trace complete.
It seems someone has a misconfigured or misbehaving router that’s exposing private IP addresses. Let’s hope it is not storing something incredibly important.