Results 1 to 14 of 14

Thread: What is this "Route Object"?

  1. #1
    Join Date
    Jan 2008
    Location
    Middle Earth
    Posts
    10
    Rep Power
    0

    What is this "Route Object"?

    Hi, newbie.

    When my client (exp: 192.168.1.1) behind a home router tries to access my web server (exp: OpenDNS), in addition to:

    From 192.168.1.1 to OpenDNS, TCP 80

    another connection is created

    From 192.168.1.1 to 203.106.85.67 TCP 80

    This 203.106.85.67, doesnt have a domain name, and from APNIC whois, it turns out to be a "TMNET route object", owned by ACER-TMNET.

    Whenever the client opens a http or even https connection, this additional connection to this "TMNET route object" is created.

    What is this "route object" from TMNET?
    And why/how is it iniating a connection to my client?

  2. #2
    Join Date
    Jan 2008
    Location
    Middle Earth
    Posts
    10
    Rep Power
    0
    Sorry, but i cant edit my previous post. The link "OpenDNS" is supposed to be just some domain name - blahblah DOT com DOT my

  3. #3
    Join Date
    Jul 2007
    Location
    Johor Bahru
    Posts
    200
    Rep Power
    151
    Hehehe, sounds so complicated that I wonder anyone can help. I myself don't even know what a route object is!

  4. #4
    Join Date
    Mar 2008
    Location
    pd
    Posts
    497
    Rep Power
    148
    We love a mystery! The route object you got from whois is for the network 203.106.0.0/16. The more specific info from whois above that is for 203.106.85.0/8 - or is it 24? I can never remember which way round the mask works.

    If your computer is connecting to 'ACER SALES & SERVICES SDN BHD' is it phoning home? Maybe ET references have been lost in time, like tears in the rain. Time to watch a movie, I think.

    Anyway. Is your PC an Acer? What exactly is it doing when it connects to Acer? Got any Acer extensions on your browser? Tried a different browser? Tried Wireshark to see what it sends to Acer?

    Usually your router is 192.168.1.1 - is the connection from your router to Acer, or your PC to Acer? Maybe your router isn't a router but an ADSL modem - is it connected by USB or ethernet?

    That's all I've got. Hope it helps!

  5. #5
    Join Date
    Jul 2007
    Location
    Johor Bahru
    Posts
    200
    Rep Power
    151
    Wow, Seanie! You are real tech-savvy! I underestimated the participants here. The fact that I don't even know what is route object is doesn't mean everyone will not know, hehehe.

  6. #6
    Join Date
    Mar 2008
    Location
    pd
    Posts
    497
    Rep Power
    148
    Um, well actually, I have a PhD in Computing, but not the 'right sort' of computing. Having focussed for so long on a kind of computing that was of interest to nobody but me, I'm playing catch-up on industry buzzwords. But I do dimly remember some lectures from long ago about whois and network addresses. The 'Route Object' the OP refers to is just a name given by TM to an IP range they own. They could have called it 'Fred' just as meaningfully. The IP he looked up is within a smaller range, within that range of TM's, and seems to belong to Acer. I suspect he has some Acer supportware running.

  7. #7
    Join Date
    Jan 2008
    Location
    Middle Earth
    Posts
    10
    Rep Power
    0
    Thanks for the replies everyone.

    No the pc is not Acer. And AFAIK theres no software installed on the pc thats related Acer. Most of all, this problem occured only recently.

    I'm still trying to troubleshoot and findout if its the pc problem.

    Has anyone experienced the same problem?
    Any suggestions is appreciated.

  8. #8
    Join Date
    Jan 2007
    Location
    -
    Posts
    365
    Rep Power
    160
    Are you still able to access your website even with the second connection?

    There could be some program on your PC which is making the second connection. Or maybe there is something wrong with your router. Connect your PC directly to the Net by-passing the router to see what happens.

    If the router has a built-in firewall, set it to block the second IP and see what happens. Or install a software firewall on your PC and block traffic for the second IP connection and see what happens.

  9. #9
    Join Date
    Mar 2008
    Location
    pd
    Posts
    497
    Rep Power
    148
    Did you check your Task Manager to see what's running? Any Acer-related stuff in there? How about your control panel, add/remove software (can't remember exactly what it's called) any Acer stuff installed? Out of interest, what does What Is My IP Address? - IP Address Lookup, Info, Speed Test, and more tell you your ip address is?

  10. #10
    Join Date
    Jan 2008
    Location
    Middle Earth
    Posts
    10
    Rep Power
    0
    Hi, sorry for the late reply.

    I've tried with different PC (not Acer), running different clean-installed OS (ubuntu-linux, xp, vista, win98), i am very certain that this is not the client pc problem.

    whatismyip.com, auditmypc.com, etc, all show my routers ip, my local ip is hidden.

    All my traffics, in particular downloads have to go through this 203.106.85.67 (or .50, .51, etc)
    For example if i try to download stuffs from microsoft.com (us website):

    A connection to microsoft.com:80 is created and then closed, and then
    a connection to 203.106.85.67:80 is created, the file i download has to go through 203.106.85.67:80.

    Browsing http://203.106.85.67, shows it is indeed a web-server, or perhaps a proxy server? Is it a man-in-the-middle? I'm getting paranoid.

    If any of you guys or people you know have any idea what this "TMNET Route Object", please shed some light on the subject.

    Best regards.

  11. #11
    Join Date
    Mar 2008
    Location
    pd
    Posts
    497
    Rep Power
    148
    The TMNet Route Object is of no interest. It's the wider network block that the machine you're worried about is located in. The 203.106.85.67 is a host in the 203.106.85.0 - 203.106.85.255 network range, which itself is located in a larger network address range that TM happen to refer to as "TMnet route object". They could have called it "Purple Leaping Durian" just as meaningfully. Nobody, except maybe a few people at TM, knows what "TMnet route object" means, and maybe they've even forgotten at TM. You're looking at the wrong information. I don't why the word 'Acer' appears in the whois report, but then again, it's a free-format name, so perhaps we shouldn't have read so much into it.

    On the Internet, nobody knows your local IP address. Your router 'pretends' to originate all traffic from your LAN, assigning a new port each time it gets some traffic from the LAN, and sending out network packets from that port on its WAN interface. This is Network Address Translation (NAT). When the reply comes back, it comes back to the same port on the router it left from. The router uses the port to remember which LAN host the packet originally came from and forwards the packet to that LAN host. Whatismyip can only tell you what your router's IP address is.

    From your description of what's happening, it sounds like a proxy cache. Use cURL:

    Code:
    sean@taiguima:~$ curl -v -v http://203.106.85.67/
    * About to connect() to 203.106.85.67 port 80 (#0)
    *   Trying 203.106.85.67... connected
    * Connected to 203.106.85.67 (203.106.85.67) port 80 (#0)
    > GET / HTTP/1.1
    > User-Agent: curl/7.18.0 (i486-pc-linux-gnu) libcurl/7.18.0 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.1
    > Host: 203.106.85.67
    > Accept: */*
    > 
    * HTTP 1.0, assume close after body
    < HTTP/1.0 400 Bad Request
    < Server: AkamaiGHost
    < Mime-Version: 1.0
    < Content-Type: text/html
    < Content-Length: 187
    < Expires: Wed, 04 Jun 2008 23:33:29 GMT
    < Date: Wed, 04 Jun 2008 23:33:29 GMT
    < Connection: close
    < 
    <HTML><HEAD>
    <TITLE>Invalid URL</TITLE>
    </HEAD><BODY>
    <H1>Invalid URL</H1>
    The requested URL "/", is invalid.<p>
    Reference #9.3f556acb.1212622409.0
    </BODY></HTML>
    * Closing connection #0
    It's an Akamai GHost server. No need for paranoia, unless you fear Akamai.

  12. #12
    Join Date
    Jan 2007
    Location
    -
    Posts
    365
    Rep Power
    160
    Quote Originally Posted by rbt123 View Post
    Hi, Browsing http://203.106.85.67, shows it is indeed a web-server, or perhaps a proxy server? Is it a man-in-the-middle? I'm getting paranoid.
    Are you on a Streamyx connection or another ISP? Did you try to connect directly by-passing your router? If you don't have any problem, then it could be your router configured to use a proxy server?

  13. #13
    Join Date
    Mar 2008
    Location
    pd
    Posts
    497
    Rep Power
    148
    From what I can read online GHost servers don't need to be explicitly chosen, they just sit there silently intercepting traffic to bring large sites' content closer to visitors. TM will like this sort of thing, because it will reduce load on their overseas connections. Now if only they'd put a few big Azureus servers in their datacentres...

    It would be interesting to know exactly how it works - whether redirects are being used, or whether its anycast DNS or something. Not interesting enough for me to find out for myself, mind!

  14. #14
    Join Date
    Jan 2008
    Location
    Middle Earth
    Posts
    10
    Rep Power
    0
    Thanks for all replies.

    mylinear: I've tested, same result whether the client pc is behind a router or directly connected to streamyx

    seanie: Thanks for the informative reply! Its the first time i've every heard of AkamaiGHost cache server. Now i know what it is i can rest at ease.

    Thanks again everyone.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 6
    Last Post: 29-07-2008, 05:23 PM
  2. Free - "One Step To eBay Riches"+"Money From Home" + Rights
    By tukshad in forum Other Webmaster-related Services and Promotion
    Replies: 0
    Last Post: 25-11-2005, 10:21 PM
  3. "apple" or "mac" domain name
    By lcf in forum Domain Names
    Replies: 5
    Last Post: 06-09-2005, 10:18 PM
  4. Replies: 10
    Last Post: 12-06-2003, 09:16 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Search Engine Optimization by vBSEO 3.5.0 RC1 PL1

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39