Rendered at 19:57:20 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
Animats 16 hours ago [-]
Is this the hardware you have? [1]
That's some kind of encryption box. It has a "zeroize" button, to clear the keys in an emergency. It might have something that forces uniform latency to make traffic analysis more difficult. Some cryptosystems are totally synchronous, and send random bits at a constant rate when there's no data.
>The latency is what is getting me though. 0.4 round trip every time. Tested from multiple machines including a phone on LTE to get the same response time. That should theoretically mean I am right next to the machine which doesn't make sense across three different connections.
It means your 3 different connections have decent connectivity to whatever host currently responds to ping for that IP. You cant really derive much more than that from a ping. If it has been there since 1994 it might have been decommed and the IP reassigned. I would suggest a scream test to be honest, especially if you have orders to remove it anyway, seeing if the pings stop responding when you remove the power or networking will tell you more.
mmastrac 17 hours ago [-]
CyberChron. If you don't need to know, don't ask.
And you're also assuming that all the pings are being returned by this box.
cbarrick 17 hours ago [-]
Well now I gotta ask. What's up with CyberChron?
The only thing I can find on Google is a website straight out of 1999 and lawsuit from 1995. They're obviously a US military contractor, but that's all I can tell.
dsl 15 hours ago [-]
[flagged]
sans_souse 12 hours ago [-]
Grossly incompetent is a pretty harsh label after they went thru the trouble of explaining how they arrived at their guesses.
userbinator 16 hours ago [-]
The latency is what is getting me though. 0.4 round trip every time. Tested from multiple machines including a phone on LTE to get the same response time.
0.4 what latency? 0.4 s or 0.4 ms, or something else? Because if it's 0.4 ms, that seems to be very local, and possibly even impossible on LTE because of network latency. I'm not even sure 5G manages to get under 1 ms of latency.
elevation 4 hours ago [-]
I had the same thought: the device OP used for LTE testing may have been still connected to a local link and was routing packets over that instead.
mianos 15 hours ago [-]
CVC3000, they should send some guys in dark suits and glasses to pick it up.
DANmode 4 hours ago [-]
Is that humor, to you?
bombcar 17 hours ago [-]
Could the latency consistency be something designed to make it difficult to pinpoint its location? It sounds like you found the hardware and are just wondering what it is?
Well ain't this place a geographical oddity! 0.4ms from everywhere!
VladVladikoff 17 hours ago [-]
Wouldn’t that mean all upstream providers are all in on it? Participating in the charade and returning ICMP packets preemptively?
bombcar 10 hours ago [-]
Unless it’s some equipment that exists at multiple endpoints at the same address.
VladVladikoff 17 hours ago [-]
Lots of ASNs in 46.28.0.0/16
What’s the actual netblock?
bananamogul 16 hours ago [-]
Would looking at the device's MAC address (which you can get from arp) help? That would give you at least the manufacturer of the network interface.
This is assuming you're on the same subnet.
zamadatix 12 hours ago [-]
0.4 ms over LTE doesn't make sense, even if the device (or another device with the same IP) was at the base of the tower you were connected to. If you figure out what's going wrong with that test it might make a lot more sense.
I think this doesn't make sense.
Is there actually a realistic mechanism that makes this possible, or is there a gap in my hardware knowledge?
protocolture 15 hours ago [-]
Wild speculation:
The IP is currently assigned to some router in a nearby carrier network that has decent connectivity to everything. Potentially the mobile carrier.
The OP happens to be connected to wifi at the DC. Tests across the mobile carrier network didnt take place thanks to route preference over wifi.
Something in carrier land is responding to the IP. It might be assigned in a stupid fashion, like every PE router is responding to it. Or anycast or something.
The OP has the ip address assigned to his laptop and phone. His own devices are responding to the pings.
OP might be using a different ping client that he isnt used to, and is taking 40ms as .4 ms. He doesn't really give us the measurement, just the value.
OP might be using a VPN and the VPN gateway router is responding to this ip with pings for whatever reason. Or the VPN client software has assigned this ip to his laptop.
geocar 15 hours ago [-]
Yes: This is how Anycast works.
The same IP block is announced from multiple geographic locations, and so IP traffic will be routed to the nearest.
zamadatix 12 hours ago [-]
Even then, 0.4 ms round trip with the LTE tower itself doesn't make sense. The LTE stack just isn't designed for that.
geocar 10 hours ago [-]
That is a good point. If I ping the router 2m away from me in the airbnb (on Ethernet) I am staying in I'm getting 0.8msec. If it is really 0.4msec over some kind of consumer wireless, it is physically inside the phone.
I think more likely got something wrong with the units; System.Net.Networkinformation.ping reports in whole seconds (so this is ~400ms) for example. Maybe it is some weird tool or typo.
jdw64 14 hours ago [-]
So there's something called Anycast. Thank you. But does that work on LTE as well?
geocar 12 hours ago [-]
Yes. And you can see it in action by using a "public looking glass" service and typing in an IP address to see which ASN (autonomous system number) announce it and who they peer with. Your mobile operator might even be operating one.
For example, go to https://lg.he.net choose BGP Summary IPv4 and plug in a well-known anycast address like 8.8.8.8 (operated by Google) or 1.1.1.1 (operated by cloudflare) and try a few different routers in different parts of the world, and you will see lots of different neighbors claim to be directly connected to these addresses -- something that should be very strange if you thought (for example) that an IP address had a geographic location at a particular point-in-time.
You can also try this for some of the addresses in this range and see that some of the addresses are like this.
jdw64 12 hours ago [-]
It was something I didn't know much about, so thank you for taking the time to comment. Thanks to your comment, I've learned something I was missing. Have a great day
userbinator 14 hours ago [-]
Yes, as well as DSL lines, 56k modems, and whatever else you can use to connect to the Internet.
866-RON-0-FEZ 12 hours ago [-]
A picture would be nice and avoid a lengthy game of Hacker News Charades.
geocar 15 hours ago [-]
Can you see if the media is carrying 802.1Q traffic tagged 986?
devmor 17 hours ago [-]
Is it in what looks like a luggage/waterproof case? If so, that’s milspec networking hardware.
That's some kind of encryption box. It has a "zeroize" button, to clear the keys in an emergency. It might have something that forces uniform latency to make traffic analysis more difficult. Some cryptosystems are totally synchronous, and send random bits at a constant rate when there's no data.
[1] https://www.artisantg.com/TestMeasurement/89462-1/Cyberchron...
It means your 3 different connections have decent connectivity to whatever host currently responds to ping for that IP. You cant really derive much more than that from a ping. If it has been there since 1994 it might have been decommed and the IP reassigned. I would suggest a scream test to be honest, especially if you have orders to remove it anyway, seeing if the pings stop responding when you remove the power or networking will tell you more.
And you're also assuming that all the pings are being returned by this box.
The only thing I can find on Google is a website straight out of 1999 and lawsuit from 1995. They're obviously a US military contractor, but that's all I can tell.
https://en.wikipedia.org/wiki/Anycast
Well ain't this place a geographical oddity! 0.4ms from everywhere!
This is assuming you're on the same subnet.
https://en.wikipedia.org/wiki/Cc:Mail
If so, you should be able to telnet to that IP on port 3264 [https://www.ietf.org/rfc/rfc1700]
The IP is currently assigned to some router in a nearby carrier network that has decent connectivity to everything. Potentially the mobile carrier.
The OP happens to be connected to wifi at the DC. Tests across the mobile carrier network didnt take place thanks to route preference over wifi.
Something in carrier land is responding to the IP. It might be assigned in a stupid fashion, like every PE router is responding to it. Or anycast or something.
The OP has the ip address assigned to his laptop and phone. His own devices are responding to the pings.
OP might be using a different ping client that he isnt used to, and is taking 40ms as .4 ms. He doesn't really give us the measurement, just the value.
OP might be using a VPN and the VPN gateway router is responding to this ip with pings for whatever reason. Or the VPN client software has assigned this ip to his laptop.
The same IP block is announced from multiple geographic locations, and so IP traffic will be routed to the nearest.
I think more likely got something wrong with the units; System.Net.Networkinformation.ping reports in whole seconds (so this is ~400ms) for example. Maybe it is some weird tool or typo.
For example, go to https://lg.he.net choose BGP Summary IPv4 and plug in a well-known anycast address like 8.8.8.8 (operated by Google) or 1.1.1.1 (operated by cloudflare) and try a few different routers in different parts of the world, and you will see lots of different neighbors claim to be directly connected to these addresses -- something that should be very strange if you thought (for example) that an IP address had a geographic location at a particular point-in-time.
You can also try this for some of the addresses in this range and see that some of the addresses are like this.