On a contract job clearing out a data center doing routine stuff like taking inventory and audits before we decommission hardware. The issue is there is one node that keeps coming back that isn't in the documentation. ip is in the 46.28.x.x range Its not in the facilities registry though. Ran it through RIPE and ARIN to find nothing.
The latency is what is getting me though. 0.4 round trip every time. Tested from multiple machines including a phone on LTE to get the same response time. That should theoretically mean I am right next to the machine which doesn't make sense across three different connections.
Checked the physical hardware and it's nothing I've ever seen before. Not standard 1U or 2U ports maybe proprietary. serial format is:
CC-[4 digits]-[2 digits]-[6 alphanumeric]
CC prefix doesn't math Cisco, Ibm, Dec, 3com or anything. went back through the facility's historical logs. node appears in their earliest available records, which go back to 1994. facility was built in 1997.
has anyone seen a CC- serial prefix before? or have an explanation for the latency consistency?
And you're also assuming that all the pings are being returned by this box.
The only thing I can find on Google is a website straight out of 1999 and lawsuit from 1995. They're obviously a US military contractor, but that's all I can tell.
48/8 was originally allocated to BBN. They were a major defense contractor and are now part of Raytheon.
CyberChron developed electronics that were designed for rugged environments. Think bouncing around inside of a tank or being accidentally dropped while loading crypto keys onto the radios of a fighter jet.
It means your 3 different connections have decent connectivity to whatever host currently responds to ping for that IP. You cant really derive much more than that from a ping. If it has been there since 1994 it might have been decommed and the IP reassigned. I would suggest a scream test to be honest, especially if you have orders to remove it anyway, seeing if the pings stop responding when you remove the power or networking will tell you more.
https://en.wikipedia.org/wiki/Cc:Mail
If so, you should be able to telnet to that IP on port 3264 [https://www.ietf.org/rfc/rfc1700]
https://en.wikipedia.org/wiki/Anycast
That's some kind of encryption box. It has a "zeroize" button, to clear the keys in an emergency. It might have something that forces uniform latency to make traffic analysis more difficult. Some cryptosystems are totally synchronous, and send random bits at a constant rate when there's no data.
[1] https://www.artisantg.com/TestMeasurement/89462-1/Cyberchron...
The IP is currently assigned to some router in a nearby carrier network that has decent connectivity to everything. Potentially the mobile carrier.
The OP happens to be connected to wifi at the DC. Tests across the mobile carrier network didnt take place thanks to route preference over wifi.
Something in carrier land is responding to the IP. It might be assigned in a stupid fashion, like every PE router is responding to it. Or anycast or something.
The OP has the ip address assigned to his laptop and phone. His own devices are responding to the pings.
OP might be using a different ping client that he isnt used to, and is taking 40ms as .4 ms. He doesn't really give us the measurement, just the value.
OP might be using a VPN and the VPN gateway router is responding to this ip with pings for whatever reason. Or the VPN client software has assigned this ip to his laptop.
Well ain't this place a geographical oddity! 0.4ms from everywhere!
This is assuming you're on the same subnet.