• OUR SERVICES
• PRICING
• ABOUT US
• SUPPORT
• PARTNERS
• CONTACT

Using Traceroute

Traceroute is a UNIX utility that traces the path that network traffic takes through a TCP/IP network to get to a given TCP/IP address. Our reason for using this utility is to identify the ISP that owns or provides connectivity to the TCP/IP addresses and web sites we identified from our examination of the Spam.

Note that you can traceroute to a domain name, or web site address (ie. www.trip.net), which will tell you the TCP/IP address associated with that domain name as well as the rest of the traceroute information below.

First off, let's assume we identified an Open Relay at 210.14.249.124. We run:

# traceroute 210.14.249.124

traceroute to 210.14.249.124 (210.14.249.124), 30 hops max, 38 byte packets
1  router (216.251.128.254)  0.350 ms  0.170 ms  0.171 ms
2  soho-gw.peer1.net (64.69.67.133)  0.374 ms  0.329 ms  0.312 ms
3  POS0-0.sea-gsr-a.peer1.net (64.69.67.94)  3.731 ms  3.781 ms  3.956 ms
4  500.Serial1-11.GW7.SEA1.ALTER.NET (157.130.191.5)  4.646 ms  6.740 ms  4.023 ms
5  146.ATM2-0.XR1.SEA1.ALTER.NET (152.63.105.178)  4.529 ms  4.366 ms  4.881 ms
6  0.so-0-0-0.XL1.SEA1.ALTER.NET (152.63.106.225)  4.078 ms  4.662 ms  5.982 ms
7  0.so-0-0-0.TL1.POR3.ALTER.NET (152.63.107.145)  8.168 ms  7.611 ms  8.376 ms
8  0.so-1-2-0.TL1.SAC1.ALTER.NET (146.188.177.246)  19.619 ms  25.395 ms  18.801 ms
9  0.so-7-0-0.XL1.PAO1.ALTER.NET (152.63.54.133)  22.751 ms  22.846 ms  22.153 ms
10  POS1-0.XR1.PAO1.ALTER.NET (152.63.54.74)  21.675 ms  23.823 ms  22.092 ms
11  189.ATM7-0.GW8.PAO1.ALTER.NET (152.63.52.65)  23.604 ms  23.696 ms  22.893 ms
12  hkt-gw.customer.ALTER.NET (157.130.194.74)  22.649 ms  22.637 ms  23.564 ms
13  pos7-3.tmhstcbr01.hkt.net (202.84.249.25)  179.549 ms  180.322 ms  180.284 ms
14  pos0-1.tmhbr03.hkt.net (207.176.97.130)  179.421 ms  178.947 ms  179.192 ms
15  205.252.128.237 (205.252.128.237)  181.396 ms  180.663 ms  185.673 ms
16  202.84.172.18 (202.84.172.18)  191.858 ms  508.587 ms  422.419 ms
17  211.163.255.253 (211.163.255.253)  494.713 ms  386.150 ms  387.621 ms
18  210.14.227.8 (210.14.227.8)  394.327 ms  392.528 ms  392.101 ms
19  210.12.254.178 (210.12.254.178)  416.577 ms  415.634 ms  415.108 ms
20  210.14.249.124 (210.14.249.124)  425.019 ms  423.487 ms  423.006 ms

    

In this example, we look at the last few hops. The first hops belong to our system and our ISP. The middle bunch are transit providers, or international ISPs. The last few however, belong to the owner of the Open Relay and their immediate, upstream ISP. In this case we will want to check out 210.12.254.178. If the second to last IP address looked very close to the address of the Open Relay, we might want to go back to the third to last.

Sam Spade can do a traceroute for you. Put the IP Address or fully-qualified host name in the box next to the Traceroute button, and click the button.

[ Back to Skyway West Knowledge Center ]

[ Back to Spam Resource Page ]

Please send corrections or suggestions for improvements in this page to abuse@skywaywest.com