networking - What is 67.63.55.3?

08
2014-07
  • baum

    On my Mac, if I ping a single-word domain, I see:

    PING asdfsad (67.63.55.3): 56 data bytes
64 bytes from 67.63.55.3: icmp_seq=0 ttl=241 time=93.308 ms
64 bytes from 67.63.55.3: icmp_seq=1 ttl=241 time=96.837 ms

    etc.

    This happens, as far as I can tell, for any single word.

    I would expect it to return Unknown Host or some similar error. So why this IP?

    Things I have determined:

    A whois lookup tells me that it is related to Blucora... I've never heard of them before.

    Traceroute returns:

    Traceroute has started…

traceroute to hjhgfjh (67.63.55.3), 64 hops max, 72 byte packets

 1  10.0.1.1 (10.0.1.1)  1.114 ms  0.770 ms  0.729 ms
 2  10.240.184.81 (10.240.184.81)  8.935 ms  9.032 ms  10.116 ms
 3  433be0e1.cst.lightpath.net (67.59.241.225)  15.735 ms  11.319 ms  10.576 ms
 4  rtr1-ge1-3.mhe.whplny.cv.net (67.83.230.1)  14.493 ms  11.433 ms  15.134 ms
 5  r1-ge6-1.cst.nrwlct.cv.net (65.19.121.161)  16.598 ms  18.305 ms
    65.19.121.37 (65.19.121.37)  14.023 ms
 6  64.15.3.241 (64.15.3.241)  16.570 ms
    64.15.3.230 (64.15.3.230)  17.813 ms
    64.15.3.218 (64.15.3.218)  14.089 ms
 7  64.15.0.102 (64.15.0.102)  37.643 ms  37.702 ms  34.019 ms
 8  chi2-pr1-ae5-115.us.twtelecom.net (66.192.252.97)  35.458 ms  35.082 ms  34.808 ms
 9  sea1-ar3-xe-1-0-0-0.us.twtelecom.net (66.192.250.14)  98.257 ms  94.150 ms  116.695 ms
10  66-193-100-94.static.twtelecom.net (66.193.100.94)  94.599 ms  92.712 ms  94.271 ms
11  tuk01ef01-reth4.0.inspinc.ad (67.63.56.61)  95.860 ms  96.067 ms  96.450 ms
12  67.63.55.3 (67.63.55.3)  93.160 ms  92.671 ms  98.431 ms

    So this establishes that it is an ISP thing, not an issue with my router/computer, right? Though isn't odd that my request is handled seemingly without an error, routed through my ISP (Optimum), though to Cablevision and tw Telecomm?

    Then there is that last domain, inspinc.ad, which also tracks back to Blucora... visiting inspinc.ad doesn't work, and I can't ping it, but inspinc.com as well as inspinc.eu return Status: OK with no other information.

    In my googling I was unable to find any answers, but I did find numerous results of people having this IP show up with invalid pings.

    • Answers
  • NReilingh

    The issue here is that your DNS server is returning that address for gibberish domain requests.

    If you run nslookup asdfsad in Terminal you'll see what DNS server is being queried.

    When you access that IP in a web browser, you get back a not found page from Optimum online. My guess is that Optimum is your ISP, and they have configured your DNS servers to return a customized page to your browser when you access a domain that doesn't exist, rather than just let the browser fail.

    You can experiment with defining your own DNS servers to override this behavior. People will commonly use OpenDNS services if they don't like or trust their ISPs, and OpenDNS will also catch common misspellings and redirect you to the right place (this also makes your browser safer if a misspelled domain is taken over by a phisher). Google also provides an easy-to-remember public DNS.

    OpenDNS:

    208.67.222.222
208.67.220.220

    Google Public DNS:

    8.8.8.8
8.8.4.4
  • baum

    Well, it turns out Optimum isn't as bad* as I thought. When navigating to one of these non-existent domains in my browser, I am shown the hijacked Optimum DNS Assistance page... with an option to opt-out of the service!

    So opt out I did, and now all of my invalid DNS lookups return NXDOMAIN, as they should.

    Granted, this only applies to Optimum customers, but it does serve as a reminder to look for a simpler solution first...

    I'm going to leave NReilingh's answer as the accepted answer because that applies for everyone, not just Optimum customers.

    *they're still pretty bad.


    • Related Question

    ubuntu - pings for unknown hosts ping 8.15.7.100
  • Questioner

    Running Ubuntu 9.04. I can ping hosts all day long but when I try to ping a host that doesn't exist, it instead sends pings to 8.15.7.100, which turns in to packet loss, but I'd prefer it if it told me the host cannot be found.

    $ ping google.com
PING google.com (66.249.90.104) 56(84) bytes of data.
64 bytes from lga15s04-in-f104.1e100.net (66.249.90.104): icmp_seq=1 ttl=55 time=31.3 ms

$ ping somehost
PING somehost (8.15.7.100) 56(84) bytes of data.

    I'm new to Ubuntu so this might be a feature, but anything I can do about it?


    • Related Answers
  • quack quixote

    You'll need to determine where your system is getting the weird IP.

    Some ISPs configure their DNS servers to hijack DNS responses for non-existent domain names. Their purpose is generally to send a web-browser to a "search" site to make money by displaying advertisements. Unfortunately, this practice breaks the NXDOMAIN response that DNS would otherwise use to tell your computer that there's no DNS entry for the host.

    If somehost isn't a full domain name, it's more likely your system or local DNS server is misconfigured. You can use dig to query DNS servers to help troubleshoot; see the DiG HowTo and man dig for details.

  • JMac

    It's the ISP; playing tricks.

    See the following article:

    http://www.michaelgeist.ca/content/view/3199/125/

    Rogers Cable uses 8.15.7.107

  • MariusMatutiae

    This has certainly nothing to do with your pc/OS/router. I run several Linux systems, none of them replied the way yours does. As pointed out already, this is, most likely, a trick played by your ISP.

    There are two things that you can do about this. On the one hand, you can study your ISP's behaviour by downloading, installing and running Namebench, a Google test to compare your current ISP's DNS performance against Google's. Besides just timing several possibilites, it also tries to establish whether your ISP performs any kind of filtering, by trying to identify commonly blocked URLs. The report of the test will clarify what your ISP is really up to.

    If the outcome of this is not fully satisfactory to you, you may wish to install DNSCrypt, a software package available for several OSes (Windows and MacOS users can find it here) which allows you to encrypt all of your DNS traffic and move it to a seldom-used port. This allows you to bypass ISP's filters which recognize either filter or protocol, and get access to one of a series of providers (chief among them is OpenDNS) willing to provide encrypted DNS resolution. This will restore full capabilities to your pc/LAN, whatever.

  • nik

    I did a whois lookup on the 'resolved' IP -- 8.15.7.100,

    IP address :            8.15.7.100    
IP country code:        US  
IP address country:     United States  
IP address state:       California  
IP address city:        Beverly Hills  
IP postcode:            90212  
IP address latitude:    34.0607
IP address longitude:   -118.4032
ISP of this IP :        Level 3 Communications
Organization:           Co-Location.com 

Level 3 Communications, Inc. LVLT-ORG-8-8 (NET-8-0-0-0-1)
8.0.0.0 - 8.255.255.255

Co-Location.com Inc. LVLT-COLOC-1-8-15-7-96 (NET-8-15-7-96-1)
8.15.7.96 - 8.15.7.127

    This may be familiar to you -- like Quack describes.
    This maybe something configured along with your ISP related network setup.

    If this reference is not familiar to your, you should dig this up for details.
    It is always important to know where your unresolved network paths lead to.