Why does the 3800HGV-B contact these IPs?
Links: home · search · speed test · login · more ·
Links: Reply New Topic
Forums » AT&T » AT&T U-verse » Why does the 3800HGV-B contact these IPs?
page: 1 · 2
anon @ 5th Nov 02:59PM:
Why does the 3800HGV-B contact these IPs?
enabled detailed log from /management, reboot the RG, and be amazed
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.209.190.67. RC=14
whois 136.209.190.67
OrgName: Headquarters, USAISC
OrgID: HEADQU-3
Address: NETC-ANC CONUS TNOSC
City: Fort Huachuca
StateProv: AZ
PostalCode: 85613-5000
Country: US
NetRange: 136.209.0.0 - 136.209.255.255
CIDR: 136.209.0.0/16
NetName: USAREUR509A
NetHandle: NET-136-209-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:
RegDate: 1993-11-04
Updated: 2008-02-27
OrgTechHandle: JIMAD-ARIN
OrgTechName: DUNSCOMBE, JIM A
OrgTechPhone: +1-520-538-9762
OrgTechEmail: DOMAIN-REQUEST@aims7.army.mil
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: REGISTRA@nic.mil
************************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.177.186.67. RC=14
whois 136.177.186.67
OrgName: United States Geological Survey
OrgID: USGS-1
Address: 809 National Center
City: Reston
StateProv: VA
PostalCode: 20192
Country: US
NetRange: 136.177.0.0 - 136.177.255.255
CIDR: 136.177.0.0/16
NetName: GEODEN
NetHandle: NET-136-177-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: DNS.ER.USGS.GOV
NameServer: DNS.WR.USGS.GOV
Comment:
RegDate: 1989-09-12
Updated: 2008-04-04
OrgTechHandle: HOSTM550-ARIN
OrgTechName: Hostmaster
OrgTechPhone: 303-236-4109
OrgTechEmail: hostmaster@usgs.gov
*******************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.25.191.67. RC=14
whois 136.25.191.67
OrgName: Ford Motor Company
OrgID: FORDMO
Address: P.O. Box 2053, RM E-1121
City: Dearborn
StateProv: MI
PostalCode: 48121-2053
Country: US
NetRange: 136.1.0.0 - 136.140.255.255
CIDR: 136.1.0.0/16, 136.2.0.0/15, 136.4.0.0/14, 136.8.0.0/13, 136.16.0.0/12, 136.32.0.0/11, 136.64.0.0/10, 136.128.0.0/13, 136.136.0.0/14, 136.140.0.0/16
NetName: FORD-NETS
NetHandle: NET-136-1-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: DNS004.FORD.COM
NameServer: DNS003.FORD.COM
Comment:
RegDate: 1989-08-22
Updated: 1999-12-01
RTechHandle: ZF4-ARIN
RTechName: DNS Administrator
RTechPhone: +1-313-390-3476
RTechEmail: dnsadmin@ford.com
OrgAbuseHandle: ZF4-ARIN
OrgAbuseName: DNS Administrator
OrgAbusePhone: +1-313-390-3476
OrgAbuseEmail: dnsadmin@ford.com
OrgNOCHandle: ZF4-ARIN
OrgNOCName: DNS Administrator
OrgNOCPhone: +1-313-390-3476
OrgNOCEmail: dnsadmin@ford.com
OrgTechHandle: ZF4-ARIN
OrgTechName: DNS Administrator
OrgTechPhone: +1-313-390-3476
OrgTechEmail: dnsadmin@ford.com
******************************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.41.193.67. RC=14
whois 136.41.193.67
OrgName: Ford Motor Company
OrgID: FORDMO
Address: P.O. Box 2053, RM E-1121
City: Dearborn
StateProv: MI
PostalCode: 48121-2053
Country: US
NetRange: 136.1.0.0 - 136.140.255.255
CIDR: 136.1.0.0/16, 136.2.0.0/15, 136.4.0.0/14, 136.8.0.0/13, 136.16.0.0/12, 136.32.0.0/11, 136.64.0.0/10, 136.128.0.0/13, 136.136.0.0/14, 136.140.0.0/16
NetName: FORD-NETS
NetHandle: NET-136-1-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: DNS004.FORD.COM
NameServer: DNS003.FORD.COM
Comment:
RegDate: 1989-08-22
Updated: 1999-12-01
RTechHandle: ZF4-ARIN
RTechName: DNS Administrator
RTechPhone: +1-313-390-3476
RTechEmail: dnsadmin@ford.com
OrgAbuseHandle: ZF4-ARIN
OrgAbuseName: DNS Administrator
OrgAbusePhone: +1-313-390-3476
OrgAbuseEmail: dnsadmin@ford.com
OrgNOCHandle: ZF4-ARIN
OrgNOCName: DNS Administrator
OrgNOCPhone: +1-313-390-3476
OrgNOCEmail: dnsadmin@ford.com
OrgTechHandle: ZF4-ARIN
OrgTechName: DNS Administrator
OrgTechPhone: +1-313-390-3476
OrgTechEmail: dnsadmin@ford.com
*************************************************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.217.186.67. RC=14
whois 136.217.186.67
OrgName: Headquarters, USAISC
OrgID: HEADQU-3
Address: NETC-ANC CONUS TNOSC
City: Fort Huachuca
StateProv: AZ
PostalCode: 85613-5000
Country: US
NetRange: 136.217.0.0 - 136.217.255.255
CIDR: 136.217.0.0/16
NetName: USAREUR9
NetHandle: NET-136-217-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:
RegDate: 1993-11-04
Updated: 2008-02-27
OrgTechHandle: JIMAD-ARIN
OrgTechName: DUNSCOMBE, JIM A
OrgTechPhone: +1-520-538-9762
OrgTechEmail: DOMAIN-REQUEST@aims7.army.mil
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: REGISTRA@nic.mil
******************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.161.193.67. RC=14
whois 136.161.193.67
OrgName: PSI Network One
OrgID: PNO-2
Address: 165 Jordan Road
City: Troy
StateProv: NY
PostalCode: 12180
Country: US
NetRange: 136.161.0.0 - 136.161.255.255
CIDR: 136.161.0.0/16
NetName: PSINET1
NetHandle: NET-136-161-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS.PSI.NET
NameServer: NS2.PSI.NET
Comment:
RegDate: 1989-09-19
Updated: 1991-01-03
RTechHandle: PSI-NISC-ARIN
RTechName: IP Allocation
RTechPhone: +1-877-875-4311
RTechEmail: ipalloc@cogentco.com
***********************
ERR P0000-00-00T00:00:27 vrsip: Port 0: Failed to get local IP addr 136.217.191.67. RC=14
whois 136.217.191.67
OrgName: Headquarters, USAISC
OrgID: HEADQU-3
Address: NETC-ANC CONUS TNOSC
City: Fort Huachuca
StateProv: AZ
PostalCode: 85613-5000
Country: US
NetRange: 136.217.0.0 - 136.217.255.255
CIDR: 136.217.0.0/16
NetName: USAREUR9
NetHandle: NET-136-217-0-0-1
Parent: NET-136-0-0-0-0
NetType: Direct Assignment
NameServer: NS01.ARMY.MIL
NameServer: NS02.ARMY.MIL
NameServer: NS03.ARMY.MIL
Comment:
RegDate: 1993-11-04
Updated: 2008-02-27
OrgTechHandle: JIMAD-ARIN
OrgTechName: DUNSCOMBE, JIM A
OrgTechPhone: +1-520-538-9762
OrgTechEmail: DOMAIN-REQUEST@aims7.army.mil
OrgTechHandle: REGIS10-ARIN
OrgTechName: Registration
OrgTechPhone: +1-800-365-3642
OrgTechEmail: REGISTRA@nic.mil
reply
nwrickert @ 5th Nov 04:04PM:
Re: Why does the 3800HGV-B contact these IPs?
Is there any chance that it is contacting an NTP time server in order to set its time?
reply
netboy34 @ 5th Nov 05:02PM:
Re: Why does the 3800HGV-B contact these IPs?
Looks like time servers to me too, but they aren't responding to time requests... might be old servers (as all of them are .67) that 2-wire used to use
reply
anon @ 5th Nov 05:38PM:
Re: Why does the 3800HGV-B contact these IPs?
last i checked sntpc was the ntp daemon, not vrsip
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp1.sbcglobal.net': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp2.sbcglobal.net': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp3.2wire.com': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp4.2wire.com': Host name lookup failure
ERR P0000-00-00T00:01:04 sntpc: Failed to resolve ntpserver 'ntp.ucsd.edu': Host name lookup failure
reply
anon @ 6th Nov 10:48PM:
Re: Why does the 3800HGV-B contact these IPs?
so no one knows...just some conspiracy theories about old 2-wire military grade ntp servers
sad
reply
nwrickert @ 6th Nov 11:14PM:
Re: Why does the 3800HGV-B contact these IPs?
It has something to do with VOIP. I don't know enough about VOIP to know what it is looking for.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 11.0; firefox 3.0.15
reply
anon @ 7th Nov 06:51PM:
Re: Why does the 3800HGV-B contact these IPs?
at&t techs that lurk here wont touch this thread with a 10ft pole
reply
ozzy6900 @ 8th Nov 10:12AM:
Re: Why does the 3800HGV-B contact these IPs?
Anon,
I talked with the VoIP guys, and they tell me that these IP addresses (136.xxx.xxx.xxx) are internal SBC/ATT VoIP addresses. You cannot use WHOIS to see who they belong to because they are IP's that sit behind the AT&T network. They tell me that the RG searches numerous internal IP addresses for VoIP when it boots up and there is nothing to worry about as long as your VoIP is operational. I checked my log and I too, have a ton of internal IP's being accessed (I have VoIP).
reply
anon @ 8th Nov 11:09AM:
Re: Why does the 3800HGV-B contact these IPs?
I completely agree, with ATT history of spying and helping spy, and looking into some of these hosts and IPs, there is obviously A LOT more here then meats the eye.. and not in a good way...... This further adds why ATT forces all traffic to be processed by the RG....
reply
ozzy6900 @ 8th Nov 07:14PM:
Re: Why does the 3800HGV-B contact these IPs?
Golden_One, this has nothing to do with spying. Every AT&T Central Office has an IP address. Every facet of service from AT&T has an IP address. None of these addresses are accessible unless you are within the proper AT&T Network (there are literally thousands of AT&T networks).
For example, you could have a public IP of 102.143.34.121 and behind that have a range of IP's such as 136.14.222.0 - 200. No one could access the 136 IP's unless they were first accepted into the 102 gateway.
My PC at AT&T has an IP address. If you look it up in WHOIS, it comes up to a fish and tackle store somewhere in Florida. My PC IP address is withint the internal network of AT&T, deep in the subnets. So trying to look up these internal IP's with WHOIS will get you no where.
reply
scooby @ 8th Nov 07:26PM:
Re: Why does the 3800HGV-B contact these IPs?
This makes sense but why are they not using RFC1918 space? 136/8 is public IP space that dozens of companies and organizations use.
reply
ozzy6900 @ 8th Nov 07:43PM:
Re: Why does the 3800HGV-B contact these IPs?
said by scooby :
This makes sense but why are they not using RFC1918 space? 136/8 is public IP space that dozens of companies and organizations use.
Let me put it to you this way. The only controlled IP addresses are Public IP Addresses. Once behind a public gateway, you can use any IP address that you want with your subnets. This is because, there is no way they can be visible to the Internet. It's like mailing a letter to your home. It is mailed to the mailing address (gateway) and not to your son's room (internal IP address). We do not "see" where your son's room is but we count on you to deliver it there.
reply
scooby @ 8th Nov 07:56PM:
Re: Why does the 3800HGV-B contact these IPs?
I did not say it could not be done. It is just extremely bad practice and _SHOULD_ not be done. Lots of good conversations about this on NANOG. Check the archives. Pretty much everyone gets smacked around for suggesting using non RFC1918 space even for internal use.
»en.wikipedia.org/wiki/Private_network
reply
anon @ 8th Nov 08:24PM:
Re: Why does the 3800HGV-B contact these IPs?
well, i suppose i believe you...why would they leave breadcrumbs like that when they have secret NSA rooms..
either way, my voip hardly works. It sounds like robots / cutting in and out every 30ms.
never had these problems with other voip providers
reply
ozzy6900 @ 8th Nov 08:52PM:
Re: Why does the 3800HGV-B contact these IPs?
said by scooby :I did not say it could not be done. It is just extremely bad practice and _SHOULD_ not be done. Lots of good conversations about this on NANOG. Check the archives. Pretty much everyone gets smacked around for suggesting using non RFC1918 space even for internal use.
»
en.wikipedia.org/wiki/Private_network 1. Do you have any idea how large the AT&T Network is?
2. Do you have any idea how many IP addresses we use both public and internal? Trust me, you do not. I've been with them for 30 years and I still cannot keep up with their growth!
3. The RFC1918 is followed whenever possible but this is mostly for Class C & D users (by the way, don't trust wikipedia rather open your Cisco manual for the REAL truth). AT&T is a Class A, B, AA & AB user (along with Verizon and ex-SBC) so they can pretty much do as they wish due to their network status. Cisco and Oracle use internal network addresses that if you do a WHOIS comes back to public addresses in for the State of CA.
reply
anon @ 9th Nov 04:33AM:
Re: Why does the 3800HGV-B contact these IPs?
Imagine that, an ATT employee doing damage control before this blows out of hand. While I have worked on the backend of ATTs network, so there is some truth to what ozzy6900, Golden_Boy is somewhat correct also. Though its obvious neither have any clue about the ATT internal network backend and how things work and are setup. Before you ask, because of my contract, I'm not at liberty to say (that would be illegal) and I apologize.
reply
ozzy6900 @ 9th Nov 07:13AM:
Re: Why does the 3800HGV-B contact these IPs?
You know what, you people are correct. I haven't a clue what I am talking about. I only work in the business and deal with this daily but I know nothing. So do me a favor, those of you who IM me to come and help with a thread, don't bother anymore. Go call on the annons to site their opinions. I am done with this mess.
Finis
reply
anon @ 9th Nov 08:55AM:
Re: Why does the 3800HGV-B contact these IPs?
said by ozzy6900 :
You know what, you people are correct. I haven't a clue what I am talking about. I only work in the business and deal with this daily but I know nothing. So do me a favor, those of you who IM me to come and help with a thread, don't bother anymore. Go call on the annons to site their opinions. I am done with this mess.
Finis
Look, someone pointed me to post here, I don't work under ATT, but ATT does contact me to do a lot of network work for them, thats all I have to say.
reply
anon @ 9th Nov 08:55AM:
Re: Why does the 3800HGV-B contact these IPs?
aww, he's raging...
anyway, say you are correct, it doesn't matter because you cant defend the secret nsa rooms and the telecom immunity.
a home user just has to take steps to poison their database
reply
anon @ 9th Nov 09:45AM:
Re: Why does the 3800HGV-B contact these IPs?
said by anon :
aww, he's raging...
anyway, say you are correct, it doesn't matter because you cant defend the secret nsa rooms and the telecom immunity.
a home user just has to take steps to poison their database
Looks like someone may understand my carefully worded and placed hints on parts of the topic
reply
anon @ 9th Nov 02:12PM:
msg deleted
deleted by a moderator
reply
anon @ 9th Nov 02:28PM:
msg deleted
deleted by a moderator
reply
Thank you for using lo-fi dslreports.com - report bugs
© 99-2009 silver matrix LLC