Multiple private addresses in my traceroute results

First of all, I am aware this question has been asked before in here, here and here. But it didn't have the answer I needed.

so here are my traceroute results:

 1     4 ms     5 ms     4 ms  homerouter.cpe [192.168.1.1]
 2     *        *        *     Timeout 
 3    33 ms    43 ms    36 ms  10.110.17.53
 4   235 ms    39 ms   241 ms  10.110.17.53
 5    46 ms   191 ms   211 ms  10.110.24.169
 6    32 ms    18 ms    23 ms  10.110.24.58
 7   146 ms   211 ms   183 ms  10.110.24.65
 8    24 ms    40 ms    39 ms  172.28.150.5
 9    22 ms    20 ms    26 ms  172.28.16.1
10    52 ms    27 ms    38 ms  172.28.16.2
11    39 ms    34 ms    37 ms  172.17.116.10
12    66 ms    90 ms    66 ms  be4591.ccr22.mrs01.atlas.cogentco.com [149.14.125.9]
13    78 ms    45 ms    75 ms  be2255.rcr21.mil01.atlas.cogentco.com [154.54.39.18]
14    71 ms    65 ms    66 ms  149.14.135.18
15    54 ms    65 ms    54 ms  151.101.193.69

As you can see there are multiple private IP addresses in hops 3-7, and their latency is pretty high, which led me to believe that this may be a sort of Man In The Middle attack or something like that, as a user mentioned this possibility in this question.

So what I'd like to know is whether this is a Man In The Middle attack, and if so how can I fix it ?

Amosimo

Posted 2019-03-15T22:23:57.330

Reputation: 23

Answers

There are multiple private IP adresses in hops 3-7

Your ISP is using Carrier Grade NAT:

Carrier-grade NAT (CGN), also known as large-scale NAT (LSN), is an approach to IPv4 network design in which end sites, in particular residential networks, are configured with private network addresses that are translated to public IPv4 addresses by middlebox network address translator devices embedded in the network operator's network, permitting the sharing of small pools of public addresses among many end sites.

Source Carrier-grade NAT - Wikipedia

Their latency is pretty high

That is an issue you could raise with your ISP, although in this case it is not having much effect on time taken to reach your final destination.

More than likely those intermediate routers are slow responding to pings as they have been configured to prioritise through traffic (and that is increasing the latency).

Is this a Man In The Middle attack, and if so how can I fix it?

It isn't, and there is nothing for you to fix.

DavidPostill

Posted 2019-03-15T22:23:57.330

Reputation: 118 938

"More than likely those intermediate routers are slow responding to pings as they have been configured to prioritize through traffic." is more than likely a big part of the latency. – DrZoo – 2019-03-15T22:56:26.700

@DrZoo Yeah, reworded a bit to clarify. – DavidPostill – 2019-03-15T22:58:27.150

Ok, most likely it's your ISP that has its access network using private IPs. Let's suppose you are a victim of a MITM attack, first of all try looking, from the router, to the ports that the ip 10.110.17.53 has opened and check if they're compatible with a router (i.e. standard external routing protocols such as BGP)

It's more subtle than you think, though

The identification of a MITM attack is not that easy, because the attacker could be just reading and forwarding packets (No tampering on the packet data). In this case, though, if I'd be the evil one, I'd not have answered with an ICMP time-to-live exceeded packet (which is what is done by traceroute) and I'd have set iptables to increase by 1 the TTL of packets going through me, so that I'm invisible to the network.

I hope to have answered fully

pittix

Posted 2019-03-15T22:23:57.330

Reputation: 91

is there a specific way of knowing the ports opened by this IP address ? – Amosimo – 2019-03-16T08:28:58.280

nmap tool is pretty good. If you want the GUI, zenmap is the program you are looking for – pittix – 2019-03-16T10:15:15.363

Configure your Switch for port mirroring to a specific port and then use Wireshark to capture all of the traffic from that port and look for ARP spoofing in your capture.

Brad

Posted 2019-03-15T22:23:57.330

Reputation: 241