Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Late to the party, but here's some traceroutes run from AT&T Gigapower with their router entirely bypassed via an 802.1x MitM:

    # traceroute 1.0.0.1
    traceroute to 1.0.0.1 (1.0.0.1), 30 hops max, 60 byte packets
     1  45-18-124-1.lightspeed.austtx.sbcglobal.net (45.18.124.1)  59.462 ms  61.348 ms  63.373 ms
     2  71.149.77.208 (71.149.77.208)  1.304 ms  1.695 ms  1.957 ms
     3  75.8.128.136 (75.8.128.136)  1.329 ms  1.682 ms  1.393 ms
     4  12.83.68.145 (12.83.68.145)  2.673 ms  2.661 ms  2.648 ms
     5  12.123.18.233 (12.123.18.233)  8.877 ms  12.753 ms  8.800 ms
     6  192.205.36.206 (192.205.36.206)  6.663 ms  6.375 ms  6.680 ms
     7  66.110.56.158 (66.110.56.158)  6.885 ms  6.725 ms  6.436 ms
     8  1dot1dot1dot1.cloudflare-dns.com (1.0.0.1)  6.855 ms  6.557 ms  6.662 ms

    # traceroute 1.1.1.1
    traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
     1  45-18-124-1.lightspeed.austtx.sbcglobal.net (45.18.124.1)  163.322 ms  163.927 ms  174.243 ms
     2  71.149.77.208 (71.149.77.208)  1.346 ms  1.779 ms  2.035 ms
     3  75.8.128.136 (75.8.128.136)  1.215 ms  1.214 ms  1.564 ms
     4  12.83.68.137 (12.83.68.137)  1.495 ms 12.83.68.145 (12.83.68.145)  2.289 ms 12.83.68.137 (12.83.68.137) 2.283 ms
     5  12.123.18.233 (12.123.18.233)  7.783 ms  11.766 ms  11.757 ms
     6  192.205.36.206 (192.205.36.206)  6.163 ms  6.160 ms  6.202 ms
     7  66.110.56.158 (66.110.56.158)  6.909 ms  6.931 ms  6.423 ms
     8  1dot1dot1dot1.cloudflare-dns.com (1.1.1.1)  6.922 ms  6.492 ms  7.075 ms

    ; <<>> DiG 9.9.5-9+deb8u14-Debian <<>> cloudflare.com @1.1.1.1
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15100
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1536
    ;; QUESTION SECTION:
    ;cloudflare.com.			IN	A
    
    ;; ANSWER SECTION:
    cloudflare.com.		53	IN	A	198.41.214.162
    cloudflare.com.		53	IN	A	198.41.215.162
    
    ;; Query time: 7 msec
    ;; SERVER: 1.1.1.1#53(1.1.1.1)
    ;; WHEN: Thu May 03 13:40:52 UTC 2018
    ;; MSG SIZE  rcvd: 75

    ; <<>> DiG 9.9.5-9+deb8u14-Debian <<>> cloudflare.com @1.0.0.1
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61685
    ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
    
    ;; OPT PSEUDOSECTION:
    ; EDNS: version: 0, flags:; udp: 1536
    ;; QUESTION SECTION:
    ;cloudflare.com.			IN	A
    
    ;; ANSWER SECTION:
    cloudflare.com.		66	IN	A	198.41.214.162
    cloudflare.com.		66	IN	A	198.41.215.162
    
    ;; Query time: 7 msec
    ;; SERVER: 1.0.0.1#53(1.0.0.1)
    ;; WHEN: Thu May 03 13:40:39 UTC 2018
    ;; MSG SIZE  rcvd: 75
I'm not going to paste the output, but `curl https://1.1.1.1/` works as well.

Doesn't look like it's anything onn AT&T's internal network.



I have AT&T Gigapower as well (I'm also in Austin). Can you give a description of the 802.1x bypass? What's the advantage?


See http://www.dslreports.com/forum/r30708210-AT-T-Residential-G...

You can also do essentially the same thing with a userspace 802.1x proxy like this one: https://github.com/SeanMollet/1x_prox

Bypassing the router ensures that stupid router firmware does not do stupid things to my packets, such as special handling of public IPs.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: