anon
@foebud.org
| Why does the 3800HGV-B contact these IPs?
enabled detailed log from /management, reboot the RG, and be amazed
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.209.190.67. RC=14
whois 136.209.190.67
OrgName: Headquarters, USAISC
OrgID: HEADQU-3
Address: NETC-ANC CONUS TNOSC
City: Fort Huachuca
StateProv: AZ
PostalCode: 85613-5000
Country: US
NetRange: 136.209.0.0 - 136.209.255.255
CIDR: 136.209.0.0/16
NetName: USAREUR509A
NetHandle: NET-136-209-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:
RegDate: 1993-11-04
Updated: 2008-02-27
OrgTechHandle: JIMAD-ARIN
OrgTechName: DUNSCOMBE, JIM A
OrgTechPhone: +1-520-538-9762
OrgTechEmail: DOMAIN-REQUEST@aims7.army.mil
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: REGISTRA@nic.mil
************************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.177.186.67. RC=14
whois 136.177.186.67
OrgName: United States Geological Survey
OrgID: USGS-1
Address: 809 National Center
City: Reston
StateProv: VA
PostalCode: 20192
Country: US
NetRange: 136.177.0.0 - 136.177.255.255
CIDR: 136.177.0.0/16
NetName: GEODEN
NetHandle: NET-136-177-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: DNS.ER.USGS.GOV
NameServer: DNS.WR.USGS.GOV
Comment:
RegDate: 1989-09-12
Updated: 2008-04-04
OrgTechHandle: HOSTM550-ARIN
OrgTechName: Hostmaster
OrgTechPhone: 303-236-4109
OrgTechEmail: hostmaster@usgs.gov
*******************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.25.191.67. RC=14
whois 136.25.191.67
OrgName: Ford Motor Company
OrgID: FORDMO
Address: P.O. Box 2053, RM E-1121
City: Dearborn
StateProv: MI
PostalCode: 48121-2053
Country: US
NetRange: 136.1.0.0 - 136.140.255.255
CIDR: 136.1.0.0/16, 136.2.0.0/15, 136.4.0.0/14, 136.8.0.0/13, 136.16.0.0/12, 136.32.0.0/11, 136.64.0.0/10, 136.128.0.0/13, 136.136.0.0/14, 136.140.0.0/16
NetName: FORD-NETS
NetHandle: NET-136-1-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: DNS004.FORD.COM
NameServer: DNS003.FORD.COM
Comment:
RegDate: 1989-08-22
Updated: 1999-12-01
RTechHandle: ZF4-ARIN
RTechName: DNS Administrator
RTechPhone: +1-313-390-3476
RTechEmail: dnsadmin@ford.com
OrgAbuseHandle: ZF4-ARIN
OrgAbuseName: DNS Administrator
OrgAbusePhone: +1-313-390-3476
OrgAbuseEmail: dnsadmin@ford.com
OrgNOCHandle: ZF4-ARIN
OrgNOCName: DNS Administrator
OrgNOCPhone: +1-313-390-3476
OrgNOCEmail: dnsadmin@ford.com
OrgTechHandle: ZF4-ARIN
OrgTechName: DNS Administrator
OrgTechPhone: +1-313-390-3476
OrgTechEmail: dnsadmin@ford.com
******************************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.41.193.67. RC=14
whois 136.41.193.67
OrgName: Ford Motor Company
OrgID: FORDMO
Address: P.O. Box 2053, RM E-1121
City: Dearborn
StateProv: MI
PostalCode: 48121-2053
Country: US
NetRange: 136.1.0.0 - 136.140.255.255
CIDR: 136.1.0.0/16, 136.2.0.0/15, 136.4.0.0/14, 136.8.0.0/13, 136.16.0.0/12, 136.32.0.0/11, 136.64.0.0/10, 136.128.0.0/13, 136.136.0.0/14, 136.140.0.0/16
NetName: FORD-NETS
NetHandle: NET-136-1-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: DNS004.FORD.COM
NameServer: DNS003.FORD.COM
Comment:
RegDate: 1989-08-22
Updated: 1999-12-01
RTechHandle: ZF4-ARIN
RTechName: DNS Administrator
RTechPhone: +1-313-390-3476
RTechEmail: dnsadmin@ford.com
OrgAbuseHandle: ZF4-ARIN
OrgAbuseName: DNS Administrator
OrgAbusePhone: +1-313-390-3476
OrgAbuseEmail: dnsadmin@ford.com
OrgNOCHandle: ZF4-ARIN
OrgNOCName: DNS Administrator
OrgNOCPhone: +1-313-390-3476
OrgNOCEmail: dnsadmin@ford.com
OrgTechHandle: ZF4-ARIN
OrgTechName: DNS Administrator
OrgTechPhone: +1-313-390-3476
OrgTechEmail: dnsadmin@ford.com
*************************************************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.217.186.67. RC=14
whois 136.217.186.67
OrgName: Headquarters, USAISC
OrgID: HEADQU-3
Address: NETC-ANC CONUS TNOSC
City: Fort Huachuca
StateProv: AZ
PostalCode: 85613-5000
Country: US
NetRange: 136.217.0.0 - 136.217.255.255
CIDR: 136.217.0.0/16
NetName: USAREUR9
NetHandle: NET-136-217-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:
RegDate: 1993-11-04
Updated: 2008-02-27
OrgTechHandle: JIMAD-ARIN
OrgTechName: DUNSCOMBE, JIM A
OrgTechPhone: +1-520-538-9762
OrgTechEmail: DOMAIN-REQUEST@aims7.army.mil
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: REGISTRA@nic.mil
******************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.161.193.67. RC=14
whois 136.161.193.67
OrgName: PSI Network One
OrgID: PNO-2
Address: 165 Jordan Road
City: Troy
StateProv: NY
PostalCode: 12180
Country: US
NetRange: 136.161.0.0 - 136.161.255.255
CIDR: 136.161.0.0/16
NetName: PSINET1
NetHandle: NET-136-161-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
Comment:
RegDate: 1989-09-19
Updated: 1991-01-03
RTechHandle: PSI-NISC-ARIN
RTechName: IP Allocation
RTechPhone: +1-877-875-4311
RTechEmail: ipalloc@cogentco.com
***********************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.217.191.67. RC=14
whois 136.217.191.67
OrgName: Headquarters, USAISC
OrgID: HEADQU-3
Address: NETC-ANC CONUS TNOSC
City: Fort Huachuca
StateProv: AZ
PostalCode: 85613-5000
Country: US
NetRange: 136.217.0.0 - 136.217.255.255
CIDR: 136.217.0.0/16
NetName: USAREUR9
NetHandle: NET-136-217-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:
RegDate: 1993-11-04
Updated: 2008-02-27
OrgTechHandle: JIMAD-ARIN
OrgTechName: DUNSCOMBE, JIM A
OrgTechPhone: +1-520-538-9762
OrgTechEmail: DOMAIN-REQUEST@aims7.army.mil
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: REGISTRA@nic.mil |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | Is there any chance that it is contacting an NTP time server in order to set its time? |
|
netboy34
join:2001-08-29
Kennesaw, GA
1 edit | Looks like time servers to me too, but they aren't responding to time requests... might be old servers (as all of them are .67) that 2-wire used to use |
|
agent_smith
@all.de
| reply to anon
last i checked sntpc was the ntp daemon, not vrsip
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp1.sbcglobal.net': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp2.sbcglobal.net': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp3.2wire.com': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp4.2wire.com': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp.ucsd.edu': Host name lookup failure |
|
um_ok
@blutmagie.de | reply to anon
so no one knows...just some conspiracy theories about old 2-wire military grade ntp servers
sad |
|
nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL | It has something to do with VOIP. I don't know enough about VOIP to know what it is looking for.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.0; firefox 3.0.15 |
|
anon
@com.br | reply to anon
at&t techs that lurk here wont touch this thread with a 10ft pole |
|
ozzy6900
join:2005-01-11
West Haven, CT
 ·AT&T U-Verse
| reply to anon
Anon,
I talked with the VoIP guys, and they tell me that these IP addresses (136.xxx.xxx.xxx) are internal SBC/ATT VoIP addresses. You cannot use WHOIS to see who they belong to because they are IP's that sit behind the AT&T network. They tell me that the RG searches numerous internal IP addresses for VoIP when it boots up and there is nothing to worry about as long as your VoIP is operational. I checked my log and I too, have a ton of internal IP's being accessed (I have VoIP). |
|
Golden_One
@sbcglobal.net
| reply to anon
I completely agree, with ATT history of spying and helping spy, and looking into some of these hosts and IPs, there is obviously A LOT more here then meats the eye.. and not in a good way...... This further adds why ATT forces all traffic to be processed by the RG.... |
|
ozzy6900
join:2005-01-11
West Haven, CT
·AT&T U-Verse
| Golden_One, this has nothing to do with spying. Every AT&T Central Office has an IP address. Every facet of service from AT&T has an IP address. None of these addresses are accessible unless you are within the proper AT&T Network (there are literally thousands of AT&T networks).
For example, you could have a public IP of 102.143.34.121 and behind that have a range of IP's such as 136.14.222.0 - 200. No one could access the 136 IP's unless they were first accepted into the 102 gateway.
My PC at AT&T has an IP address. If you look it up in WHOIS, it comes up to a fish and tackle store somewhere in Florida. My PC IP address is withint the internal network of AT&T, deep in the subnets. So trying to look up these internal IP's with WHOIS will get you no where. |
|
scooby
Premium
join:2001-05-01
Schaumburg, IL | reply to anon
This makes sense but why are they not using RFC1918 space? 136/8 is public IP space that dozens of companies and organizations use. |
|
ozzy6900
join:2005-01-11
West Haven, CT
·AT&T U-Verse
| said by scooby  :This makes sense but why are they not using RFC1918 space? 136/8 is public IP space that dozens of companies and organizations use. Let me put it to you this way. The only controlled IP addresses are Public IP Addresses. Once behind a public gateway, you can use any IP address that you want with your subnets. This is because, there is no way they can be visible to the Internet. It's like mailing a letter to your home. It is mailed to the mailing address (gateway) and not to your son's room (internal IP address). We do not "see" where your son's room is but we count on you to deliver it there.
|
|
scooby
Premium
join:2001-05-01
Schaumburg, IL
| I did not say it could not be done. It is just extremely bad practice and _SHOULD_ not be done. Lots of good conversations about this on NANOG. Check the archives. Pretty much everyone gets smacked around for suggesting using non RFC1918 space even for internal use.
»en.wikipedia.org/wiki/Private_network |
|
anon
@blutmagie.de
| reply to ozzy6900
well, i suppose i believe you...why would they leave breadcrumbs like that when they have secret NSA rooms..
either way, my voip hardly works. It sounds like robots / cutting in and out every 30ms.
never had these problems with other voip providers |
|
ozzy6900
join:2005-01-11
West Haven, CT
·AT&T U-Verse
| reply to scooby
said by scooby :I did not say it could not be done. It is just extremely bad practice and _SHOULD_ not be done. Lots of good conversations about this on NANOG. Check the archives. Pretty much everyone gets smacked around for suggesting using non RFC1918 space even for internal use. » en.wikipedia.org/wiki/Private_network 1. Do you have any idea how large the AT&T Network is?
2. Do you have any idea how many IP addresses we use both public and internal? Trust me, you do not. I've been with them for 30 years and I still cannot keep up with their growth!
3. The RFC1918 is followed whenever possible but this is mostly for Class C & D users (by the way, don't trust wikipedia rather open your Cisco manual for the REAL truth). AT&T is a Class A, B, AA & AB user (along with Verizon and ex-SBC) so they can pretty much do as they wish due to their network status. Cisco and Oracle use internal network addresses that if you do a WHOIS comes back to public addresses in for the State of CA. |
|
ATTdarkroom
@sbcglobal.net
| reply to anon
Imagine that, an ATT employee doing damage control before this blows out of hand. While I have worked on the backend of ATTs network, so there is some truth to what ozzy6900, Golden_Boy is somewhat correct also. Though its obvious neither have any clue about the ATT internal network backend and how things work and are setup. Before you ask, because of my contract, I'm not at liberty to say (that would be illegal) and I apologize. |
|
ozzy6900
join:2005-01-11
West Haven, CT
·AT&T U-Verse
| reply to anon
You know what, you people are correct. I haven't a clue what I am talking about. I only work in the business and deal with this daily but I know nothing. So do me a favor, those of you who IM me to come and help with a thread, don't bother anymore. Go call on the annons to site their opinions. I am done with this mess.
Finis |
|
ATTdarkroom
@sbcglobal.net
| said by ozzy6900 :You know what, you people are correct. I haven't a clue what I am talking about. I only work in the business and deal with this daily but I know nothing. So do me a favor, those of you who IM me to come and help with a thread, don't bother anymore. Go call on the annons to site their opinions. I am done with this mess. Finis Look, someone pointed me to post here, I don't work under ATT, but ATT does contact me to do a lot of network work for them, thats all I have to say. |
|
anon
@blutmagie.de | reply to ozzy6900
aww, he's raging...
anyway, say you are correct, it doesn't matter because you cant defend the secret nsa rooms and the telecom immunity.
a home user just has to take steps to poison their database |
|
ATTdarkroom
@sbcglobal.net
| said by anon :
aww, he's raging...
anyway, say you are correct, it doesn't matter because you cant defend the secret nsa rooms and the telecom immunity.
a home user just has to take steps to poison their database
Looks like someone may understand my carefully worded and placed hints on parts of the topic |
|
