Results 1 to 4 of 4
  1. #1

    Suspicious Traceroute

    I recently bought a VPS through PhotonVPS so I could setup a VPN to access Hulu and Netflix as I'm in Australia. It was working great and I was able to stream at 1080p without a problem. But then out of no where it suddenly went so slow that I couldn't load a simple page anymore.

    When I first did a speed test I was getting around 12MB/s which is what I should have been getting. But now I'm getting a lot slower


    Code:
    [email protected]:~# speedtest
    Retrieving speedtest.net configuration...
    Retrieving speedtest.net server list...
    Testing from Psychz Networks...
    Selecting best server based on ping...
    Hosted by Sumner Communications (Wellington, KS) [88.77 km]: 21.299 ms
    Testing download speed........................................
    Download: 21.00 Mbit/s
    Testing upload speed..................................................
    Upload: 4.30 Mbit/s
    I could be wrong but if its getting the best server based on ping wouldnt it select the closest one? Also, is that 88.77km the distance between the servers? If so then something doesn't seem right since I know the distance between KS and LA isn't 88.77km.


    I decided to do a traceroute on my VPS IP and the last hop looks suspicious to me.

    Code:
    Hop	(ms)	(ms)	(ms)		     IP Address	Host name
    1 	  0 	  0 	  0 	     206.123.64.46	   -  
    2 	  0 	  0 	  0 	     64.124.196.225	  xe-4-2-0.er2.dfw2.us.above.net  
    3 	  1 	  1 	  1 	     206.223.118.61	  equinix.tge9-3.ar1.dfw1.us.nlayer.net  
    4 	  1 	  0 	  1 	     69.31.63.184	  ae1-30g.cr1.dfw1.us.nlayer.net  
    5 	  36 	  36 	  36 	     69.22.142.21	  xe-5-3-0.cr1.lax1.us.nlayer.net  
    6 	  36 	  36 	  80 	     69.31.124.114	  ae4-50g.cr1.lax2.us.nlayer.net  
    7 	  Timed out 	  Timed out 	  Timed out 	    	   -  
    8 	  36 	  36 	  36 	     192.210.61.90	  unassigned.psychz.net  
    9 	  36 	  36 	  36 	     23.228.235.42	  mail.xukezx.com  
    Trace complete

    I don't own xukezx.com. I've never seen that domain before. But it looks like the traffic is going to the Psychz network like it's meant to then somehow going to mail.xukezx.com.

  2. #2
    Join Date
    Jun 2003
    Location
    Los Angeles, CA
    Posts
    1,511
    Do you have a ticket number we can look at?
    Psychz Networks - Dedicated Servers, Co-location | GigePipe - High Bandwidth Servers | PhotonVPS - SSD Cloud
    True Layer 7 DDoS Mitigation | BGP Optimized by Noction Intelligent Routing | Asia-Pacific Low Latency Routes
    Los Angeles, CA (US West) | Dallas, TX (US East) | Ashburn, VA (US East)

  3. #3
    Join Date
    May 2012
    Location
    Canada
    Posts
    100
    Is the IP ending in .42 (the last "questionable" hop) your VPS IP? If so, then you simply need to update it's rDNS entry.
    IroncladServers.ca - Shared.Reseller.VPS.Dedi.Colo
    Solid Canadian & US network, 24.7.365 support, 100% owned & maintained

  4. #4
    Hey Jimmy, my ticket number is 570056



    @ironclad My IP ends in .78

Similar Threads

  1. lfd Suspicious File Alert‏ File: /tmp/.tmp Suspicious directory
    By critical mass in forum Hosting Security and Technology
    Replies: 13
    Last Post: 01-30-2012, 09:11 PM
  2. suspicious ip ?
    By jjk2 in forum Web Hosting
    Replies: 14
    Last Post: 07-13-2008, 11:18 PM
  3. Very Suspicious Signup
    By qubefactor in forum Running a Web Hosting Business
    Replies: 13
    Last Post: 07-07-2004, 03:42 PM
  4. Does this look suspicious?
    By Synthetic in forum Web Hosting
    Replies: 11
    Last Post: 04-24-2002, 03:24 AM
  5. This looks quite suspicious. :)
    By NetXL in forum Web Hosting
    Replies: 56
    Last Post: 12-30-2001, 07:26 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •