Strange Chinese IP's in traceroute?

[delta9]

Hey

first of all, sorry if this is the wrong forum category.
Recently i did a traceroute to my providers homepage and saw some strange ip addresses, here is the output:

Code: Select all

delta9@netbook ~ $ traceroute aon.at
traceroute to aon.at (195.3.96.72), 30 hops max, 60 byte packets
 1  DD-WRT (192.168.1.1)  1.143 ms  1.895 ms  2.038 ms
 2  dsldevice.lan (10.0.0.138)  55.488 ms  55.193 ms  54.058 ms
 3  113.67.91.160 (113.67.91.160)  30.485 ms 113.70.44.160 (113.70.44.160)  31.837 ms 113.71.176.192 (113.71.176.192)  32.552 ms
 4  195.3.66.133 (195.3.66.133)  19.999 ms  21.821 ms  24.391 ms
 5  AUX10-LKREBC10.highway.telekom.at (195.3.68.61)  48.377 ms  50.161 ms  50.391 ms
 6  195.3.118.182 (195.3.118.182)  36.015 ms  28.154 ms  29.900 ms
 7  172.18.96.235 (172.18.96.235)  81.617 ms  73.965 ms  72.844 ms

• DD-WRT (192.168.1.1) - my linksys wrt54gs running dd-wrt micro
• dsldevice.lan (10.0.0.138 ) - the modem i got from my provider - speedtouch 546v6

All those 113.xxx addresses looked kinda suspicious to me, so i did some whois query's:
http://whois.domaintools.com/113.67.91.160

Code: Select all

inetnum:      113.64.0.0 - 113.95.255.255
netname:      CHINANET-GD
descr:        CHINANET Guangdong province network
descr:        Data Communication Division
descr:        China Telecom
country:      CN
admin-c:      CH93-AP
tech-c:       IC83-AP
remarks:      service provider
status:       ALLOCATED PORTABLE
mnt-by:       APNIC-HM
mnt-lower:    MAINT-CHINANET-GD
mnt-routes:   MAINT-CHINANET-GD

What do you guys think? Have i been hacked or am i just paranoid?
The strange thing is btw, that those ip's change all the time. I even get some from Taiwan sometimes (xxxx.veetime.com or sth??)
And the problem isnt OS specific, on Windows the traceroute looks the same.

Want to hear your opinions.

mtr.png

[Elisa]

I suppose it depends on some conditions:

1st where u are (IP, country) or if u ran through a proxy, what's the proxy IP ? Or in what country the proxy is ?

E.g. I got this results:

Code: Select all

Tracing route to 195.3.96.72

Hop	Time	Host	IP	Location
1	0.511	10.0.0.1	10.0.0.1	, ,
2	0.778	xo-gateway	140.239.191.1	Los Angeles, CA, United States
3	24.87	ip65-47-242-9.z242-47-65.customer.algx.net	65.47.242.9	Los Angeles, CA, United States
4	8.267	207.88.81.197.ptr.us.xo.net	207.88.81.197	, , United States
5	43.017	vb1400.rar3.la-ca.us.xo.net	216.156.0.113	, , United States
6	42.076	vb15.rar3.dallas-tx.us.xo.net	207.88.12.45	, , United States
7	42.052	ae0d1.cir1.dallas2-tx.us.xo.net	207.88.13.125	, , United States
8	53.223	206.111.5.206.ptr.us.xo.net	206.111.5.206	, , United States
10	174.206	Vlan1252.icore1.FR1-Frankfurt.as6453.net	206.82.139.33	Montreal, QC, Canada
11	179.693	Vlan1656.icore1.F2C-Frankfurt.as6453.net	195.219.180.106	, , Germany
12	174.857	ix-10-0.icore1.F2C-Frankfurt.as6453.net	195.219.148.66	, , Germany
13	190.87	195.3.68.21	195.3.68.21	, , Austria
14	190.012	195.3.118.182	195.3.118.182	, , Austria
21	N/A	members.aon.at	195.3.96.72	, , 

from web trct - http://whatismyipaddress.com/traceroute-tool

or from terminal

Code: Select all

traceroute to aon.at (195.3.96.72), 30 hops max, 60 byte packets
 1  * * *
 2  ... :-) ...  223.927 ms  224.116 ms  224.304 ms
 3  ... :-) ...  224.643 ms  224.842 ms  225.032 ms
 4  at-vie01a-rd1-xe-10-3-0.aorta.net (213.46.160.137)  225.240 ms  225.634 ms  225.833 ms
 5  at-vie05b-ri1-ge-2-0.aorta.net (213.46.173.202)  226.024 ms  226.474 ms  315.770 ms
 6  vix2.highway.telekom.at (193.203.0.11)  390.231 ms  166.893 ms  167.143 ms
 7  LIX2-LLEORO02.highway.telekom.at (195.3.68.117)  167.148 ms  181.994 ms  181.989 ms
 8  195.3.118.182 (195.3.118.182)  181.988 ms  182.115 ms  181.924 ms
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

So, there is used the nearest resolvers to you, I suppose

[delta9]

Hey Elisa, thanks for the quick reply!

I'm from Austria, my IP is 188.22.68.62 (its dynamic btw) and i'm not using a proxy.
Those IP's dont only appear when i traceroute to my providers homepage, here is the output to google for example:

Code: Select all

delta9@netbook ~ $ traceroute google.com
traceroute to google.com (209.85.149.99), 30 hops max, 60 byte packets
 1  DD-WRT (192.168.1.1)  1.164 ms  1.895 ms  3.013 ms
 2  dsldevice.lan (10.0.0.138)  42.612 ms  41.971 ms  41.363 ms
 3  113.73.40.160 (113.73.40.160)  15.430 ms 113.63.168.0 (113.63.168.0)  21.566 ms 113.64.202.0 (113.64.202.0)  22.214 ms
 4  195.3.66.133 (195.3.66.133)  20.402 ms  22.134 ms  23.544 ms
 5  AUX10-LKREBC10.highway.telekom.at (195.3.68.61)  69.622 ms  70.120 ms  70.610 ms
 6  195.3.68.22 (195.3.68.22)  48.507 ms  44.214 ms  46.124 ms
 7  72.14.198.241 (72.14.198.241)  48.623 ms  41.280 ms  34.092 ms
 8  72.14.238.46 (72.14.238.46)  36.040 ms  38.053 ms  40.230 ms
 9  216.239.48.11 (216.239.48.11)  53.705 ms  41.478 ms  43.065 ms
10  216.239.48.5 (216.239.48.5)  43.001 ms  43.441 ms  43.942 ms
11  209.85.254.21 (209.85.254.21)  54.709 ms  55.221 ms  55.626 ms
12  209.85.149.99 (209.85.149.99)  53.496 ms  55.888 ms  56.966 ms

Do u notice all those 113.xx addresses which are different now? I dont think thats normal, but maybe i'm just wrong
The whois-database might be outdated and those ip's arent even from china? I have no idea honestly haha ..
Thanks

[Elisa]

Try check yet what's your gate and/or DNS.
If I should travel through China servers, then I'd rather changed the DNS or use Tor technology

[delta9]

From my modem:

IP-Address: 188.22.68.62
Primary DNS: 195.3.96.67
Secondary DNS: 213.33.98.136

Hmm seems normal to me
I guess i will try using some other dns server

[unexistance]

Hi,

It should be normal, you can't exactly controls where your data passes through that's the nature of Internet / router / www

Regards,

[delta9]

hey unexistance,

yeah i see
but i dont get it why my data goes through china when i trace my providers local servers, just doesnt make any sense to me

thanks

[Elisa]

Hi,
It should be normal, you can't exactly controls where your data passes through that's the nature of Internet / router / www
Regards,

Not "exactly" but it's a wired bul...sh... when he is in local area and have to travel through all the world!
I do suppose his ISP is nice f...d loser with a 'particular' settings... (question is 'why' they have such ... settings ?)

[piquat]

Heh, I wonder if this has to do with a news story I caught about a week or so ago?

Apparently a LOT of traffic got routed through china. Nobody is really sure how or why...

Search the major news outlets.