Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Millions of Internet Addresses Are Lying Idle

timothy posted more than 5 years ago | from the gathering-their-strength-for-hallowe'en dept.

The Internet 500

An anonymous reader writes "The most comprehensive scan of the entire internet for several decades shows that millions of allocated addresses simply aren't being used. Professor John Heidemann from the University of Southern California (USC) used ICMP and TCP to scan the internet. Even though the last IPv4 addresses will be handed out in a couple of years, his survey reveals that many of the addresses allocated to big companies and institutions are lying idle. Heidemann says: 'People are very concerned that the IPv4 address space is very close to being exhausted. Our data suggests that maybe there are better things we should be doing in managing the IPv4 address space.' So, is it time to reclaim those unused addresses before the IPv6 crunch?"

cancel ×

500 comments

Sorry! There are no comments related to the filter you selected.

screw ipv4 (5, Insightful)

k3v0 (592611) | more than 5 years ago | (#25385409)

lets just switch to IPv6, it's more functional and future proof

Re:screw ipv4 (5, Funny)

Anonymous Coward | more than 5 years ago | (#25385495)

Hello. I am Hunvi Maguay, premier of Swaziland. If you have an unused IP address we will buy it from you for $6,000,000 right now. In order for us to send you the money, please send us your bank account number along with proof of identity. Your Social Security number would be good. Please tell us your mother's maiden name too. Hurry, our offer will not last long.

Re:screw ipv4 (0)

Anonymous Coward | more than 5 years ago | (#25385867)

Bank account number: 16777216
Social Security Number: 1048576
Mother's Maiden Name: Fookyu

Re:screw ipv4 (2, Interesting)

Finallyjoined!!! (1158431) | more than 5 years ago | (#25385587)

Right....

So you've configured all of your network equipment to use IPv6 then.

Tell me: What is your IPv6 address, what's the address of your router/gateway and what's the size of block you are using?

Re:screw ipv4 (1)

Spazztastic (814296) | more than 5 years ago | (#25385663)

Have you?

Because I sure as hell haven't.

Re:screw ipv4 (5, Insightful)

Finallyjoined!!! (1158431) | more than 5 years ago | (#25385859)

Internally yes. Externally no. However my point was; everyone who stands up and says "Screw IPv4 let's move to IPv6" should be sat in front of a border router & told to get on with it.

Everyone can eat salami, precious few can make it.

Re:screw ipv4 (5, Funny)

cream wobbly (1102689) | more than 5 years ago | (#25386237)

Not everyone can eat salami.

  • people who observe moral prohibitions on eating salami
  • the dead
  • people born without faces
  • people who can't afford to eat salami
  • people with irrational fear of sausages

You really ought to do more research before making such wild claims.

Re:screw ipv4 (4, Interesting)

Synn (6288) | more than 5 years ago | (#25385685)

Nobody has configured for IPv6 because there's been no forced set date to switch over so everyone is still just using IPv4 which is working just fine.

But when the date comes it'll be a long weekend for a lot of admins, but I'm guessing the switch will happen just fine.

Re:screw ipv4 (2, Informative)

Anonymous Coward | more than 5 years ago | (#25385927)

Indeed.

So why isn't IPv6 widely adopted yet?

Because

1> IPv4 still works fine AND
2> It costs money to implement IPv6 AND
3> Implementation cost of IPv6 is more likely to drop than to raise over time.

The implementation cost is most likely to drop, hardware prices have nothing but dropped ever since there was hardware for sale. Another couple of years from now the price of those routers will probably be cut in half again.

So there's nothing strange going on, it's just business as usual. If someone somehow finds more IPv4 address space to use they'll probably claim they've saved the entire internet from collapsing but in my opinion it'll just postpone the switch to IPv6 and save everybody a couple of bucks.

Re:screw ipv4 (1)

madhurms (736552) | more than 5 years ago | (#25385813)

Yeah. If you have to spend time and money, why not spend it completely on IPV6; instead of a combination of IPV6 + IPV4.

After all you will eventually run out of IPV4 addresses and HAVE to use IPV6. So start now and finish IPV6 implementation faster.

Simpler Politics (4, Insightful)

Midnight Thunder (17205) | more than 5 years ago | (#25386169)

lets just switch to IPv6, it's more functional and future proof

Yup and it is probably much simpler. Trying to reclaim addresses involves political issues, finding out who to talk to, bureaucracy and some technical issues. Switching to IPv6 is about technical stuff and just getting going. You are going to have to switch to IPv6 at some point, so why spend energy twice?

Credit crunch (5, Insightful)

Harmonious Botch (921977) | more than 5 years ago | (#25385425)

This is curiously similar to the current credit crunch. When a fix is not guaranteed to happen soon, people start hoarding.

Re:Credit crunch (4, Interesting)

toleraen (831634) | more than 5 years ago | (#25385487)

I was going to use the oil analogy. It's going to run out eventually, so why not switch to something better now before we run out?

Re:Credit crunch (1)

Bill, Shooter of Bul (629286) | more than 5 years ago | (#25385729)

Because everyone will have to buy new hardware that will properly handle ip6. Those that might be volume buyers of Ip6 enabled hardware are the same ones that have excess ip 4 addresses. So, they have little motivation to switch, and the demand for Ip6 hardware remains low while price remains high.

Re:Credit crunch (1)

gbjbaanb (229885) | more than 5 years ago | (#25386163)

because, to continue your oil analogy, no-one will change until the cost of this increasingly-scare resource rises to a point where its cheaper to migrate to IPv6.

So - when your ISP says, you can have 1 shared IP, but if you want a static one it'll cost you $10 a month.. you'll start thinking about how you can get IPv6 and moving to a competitor who provides it, assuming you can get a home router that supports it... and then other ISPs will see the migration and start offering IPv6 as features, and then we'll be there.

It'll just take those market forces, so if you want to help things along, grab as many static IPs as you can.

Re:Credit crunch (4, Interesting)

Samantha Wright (1324923) | more than 5 years ago | (#25385505)

That's a little silly. These allocations were made in the 70s and 80s, before the Internet really existed outside of the US. At the time, the recipients of the addresses were those who were most likely to use them. No hoarding is going on.

Re:Credit crunch (1, Interesting)

Harmonious Botch (921977) | more than 5 years ago | (#25385709)

That's a little silly. These allocations were made in the 70s and 80s, before the Internet really existed outside of the US. At the time, the recipients of the addresses were those who were most likely to use them. No hoarding is going on.

Really? There are potential buyers - people who would pay for the IPs. But the owners are not selling - at any price. That is hoarding.

Re:Credit crunch (4, Insightful)

Chaos Incarnate (772793) | more than 5 years ago | (#25386167)

That is hoarding.

No, that's life outside a police state.

Give back class As (5, Insightful)

Neil Watson (60859) | more than 5 years ago | (#25385427)

Perhaps some of the institutions that still have class A networks reserved from the old days, with no reasonable need for them, should give them back.

Re:Give back class As (5, Informative)

Anonymous Coward | more than 5 years ago | (#25385683)

Yup, I work for one of them, GE - the entire "3.x" class-A network, 16million addresses - most of our internal network is those 3.x addresses, behind firewalls so basically useless - and even better, I pinged a few external GE sites I know of, and none of them even use 3.x addresses!!

maybe 500K employee's & contractors, even add 500K more for servers and unallocated IP's in the ranges, that's still 15*million* unused. Besides which, we could easily run on 10.x internal networking and NAT/Proxy to outside.

Don't be in a hurry to get them back though... its not a priority! (haha)

Re:Give back class As (4, Insightful)

t0rkm3 (666910) | more than 5 years ago | (#25385935)

As a network security guy in a company with 9 Class B's that are used within the company. (1 is Internet facing) The internal usage of public IP address space is justified by one thing, acquisitions. Every time a company is bought up by our company we have to integrate them into our network. We are already using some RFC1918 space at stub networks(plants/refineries) and for VoIP applications. However, the challenge of integrating 25,000 new IP devices with a conflicting address scope per merger is painful and wasteful.

Re:Give back class As (2, Informative)

Bill Barth (49178) | more than 5 years ago | (#25386003)

Isn't this what DHCP is for? I'm a little surprised you have 25k boxes come in via a merger with static addresses.

Re:Give back class As (0)

Anonymous Coward | more than 5 years ago | (#25385885)

Many companies also have multiple /16 and shorter in active use as isolated intranets, and there's more than a few universities that don't need all of their /16 either (and yes, I've personally seen both).

Re:Give back class As (3, Interesting)

mordred99 (895063) | more than 5 years ago | (#25385957)

Hell .. some of the companies have all their stuff on public IPs. Once in particular (I won't say who) I can get to the manufacturing PLCs since they use public IPs on everything. I can shut off their machines if I wanted to. Yes I used to do security for them, but I was let go because I brought up too many things that would cost them money. Their security manager said "If I don't know about it, and something goes wrong, we can pay to fix it then. However it is cheaper to not tell upper management about it, as they will be forced to act and the last thing we need to do is spend money." Yeah .. I left.

Return the 10.0.x.x range!!! (0)

Anonymous Coward | more than 5 years ago | (#25386039)

'cos I'm sure they aren't being used!

Re:Give back class As (1)

WMIF (1175429) | more than 5 years ago | (#25386137)

The ISP's aren't helping much either. At my old company, I was looking to provide some ingress redundancy in the event of failure to the main pipe. We only had a /28 block of addresses so our ISP was not interested in BGP route exchanges. Our sales engineer suggested that we move to a /24 block for no extra cost, which would then allow what I wanted to do. I thought about it, but decided not to because I wasn't even using all of my /28.

And for just 10 dollars a month... (4, Funny)

lobiusmoop (305328) | more than 5 years ago | (#25385431)

you can give one of these poor unwanted IP's a home.

Re:And for just 10 dollars a month... (1)

The Moof (859402) | more than 5 years ago | (#25385717)

Funny you mention that. I asked AT&T about getting a static IP address.

They told me only business class accounts can get static addresses.

Re:And for just 10 dollars a month... (3, Funny)

NeverVotedBush (1041088) | more than 5 years ago | (#25386183)

Do I get a picture of it and a thank-you letter?

Leftovers from before NAT? (2, Interesting)

LeotheQuick (657964) | more than 5 years ago | (#25385461)

Maybe these addresses are simply leftovers from before people started to make wide use of NAT, which cut down a whole lot on the # of addresses in circulation

Re:Leftovers from before NAT? (0)

Anonymous Coward | more than 5 years ago | (#25386249)

No, these are addresses assigned to the few companies who registered addresses in the early days of the internet. Who'd imagine every hot dog stand would want an IP in those days.

Even without NAT they could assign an IP to every router, server, desktop and coffee machine they have and still not use even 10% of their address space. They were stuck-up greedy bastards.

Look I've got a Class A! Mine's bigger than yours!

Pedantic Correction for the Headline (-1)

77Punker (673758) | more than 5 years ago | (#25385463)

"Lying" in the headline should be "laying". The addresses are not liars. They are laying in wait for a user to use them.

Re:Pedantic Correction for the Headline (1)

Surt (22457) | more than 5 years ago | (#25385549)

I'm sure the headline just means that they are actually in use, falsifying their idleness.

Re:Pedantic Correction for the Headline (0)

Anonymous Coward | more than 5 years ago | (#25385643)

Oh dear, I think you should lie down and think about that a bit harder.

Re:Pedantic Correction for the Headline (0)

Anonymous Coward | more than 5 years ago | (#25385651)

No, it shouldnt. Lay is when you're doing it to something else. "I lie down." "I lay down my arms."

Re:Pedantic Correction for the Headline (3, Informative)

NeverVotedBush (1041088) | more than 5 years ago | (#25386217)

It's best, however, when you are laying someone else -- as in "I'm laying your girlfriend." "I got laid by your wife."

Wrong! Lying is the correct form. (4, Informative)

DigitalReverend (901909) | more than 5 years ago | (#25385767)

http://www.grammarmudge.cityslide.com/articles/article/992333/8992.htm [cityslide.com]

http://www.askoxford.com/betterwriting/classicerrors/grammartips/lyingandlaying [askoxford.com]

If you are in the process of putting something down, you are laying it down, but that object once it is there, it is lying. The verb lay has a direct object that the action is performed on. He is laying the book credenza. She is laying her purse on the counter. Once it has been laid, it is now lying. The book is lying on the credenza. The purse is lying on the counter. IP addresses are lying unused.

http://en.wikipedia.org/wiki/Laying [wikipedia.org]

Re:Wrong! Lying is the correct form. (2, Funny)

nameendingwith (1272536) | more than 5 years ago | (#25386225)

Once it has been laid, it is now lying.

So in other words, there are no Slashdot users that are lying. If they say they are lying, then they are lying.

Re:Wrong! Lying is the correct form. (0)

Anonymous Coward | more than 5 years ago | (#25386231)

I believe many people get confused because the past tense of "lie" is "lay".

Re:Pedantic Correction for the Headline (1)

Tack (4642) | more than 5 years ago | (#25385821)

The general problem with being a Grammar Nazi is that you had better be sure you're right. (And you're not.)

Re:Pedantic Correction for the Headline (0)

Anonymous Coward | more than 5 years ago | (#25385825)

No, "lying" is correct.

Lay has an object. Lie does not.

You lay bricks, but you lie on your couch.

Re:Pedantic Correction for the Headline (1)

Vortran (253538) | more than 5 years ago | (#25385873)

How could an IP address be laying? How does an IP address lay anything? Do they lay bricks? Are they hoping to GET layed? Did one of these lying addresses lay you upside the head?

If you're going to wax pedantic, first try being right.

Re:Pedantic Correction for the Headline (1)

geminidomino (614729) | more than 5 years ago | (#25385895)

Informative? No. Wrong, actually.

"To Lay" is an transitive verb. You lay down arms, lay down the law, lay that cute blond from accounting.

"To lie", in the sense of adopting a prone or supine position, is an intransitive verb. You lie down and put your hands behind your head, or lie under said cute blond.

Re:Pedantic Correction for the Headline (1)

geminidomino (614729) | more than 5 years ago | (#25385915)

and like all grammar corrections (I don't think it was a flame), mine contains one of its own. It should be "is a transitive verb."

Re:Pedantic Correction for the Headline (0)

Anonymous Coward | more than 5 years ago | (#25386143)

Wrong. Lay/laying is a transitive verb, i.e., "lay down arms".

Lie/lying has multiple meanings, including:

5. to speak falsely or utter untruth knowingly, as with intent to deceive.

3. to be or remain in a position or state of inactivity, subjection, restraint, concealment, etc.: to lie in ambush.

http://dictionary.reference.com/browse/lie

Millions of Internet Addresses Are Lying Vacant (1)

mcgrew (92797) | more than 5 years ago | (#25385485)

Sounds like Detroit or East Saint Louis.

Why bother? (4, Insightful)

Timothy Brownawell (627747) | more than 5 years ago | (#25385491)

Would giving them back do anything other than encourage network providers to procrastinate on IPv6 for another couple years?

Re:Why bother? (1)

watice (1347709) | more than 5 years ago | (#25385943)

Isn't that a good thing? I imagine there are going to be serious security issues when ipv6 is implemented and EVERYTHING is routable. The average joe who has no idea what a firewall is will suffer the most. I definetly think we should stick out with ipv4 a while longer, I don't know about the accuracy of this guy's "icmp probe of the internet" though.

Re:Why bother? (1)

FeepingCreature (1132265) | more than 5 years ago | (#25386097)

This is eerily similar to the "bailout" VS "let them fail" discussion.

IBM, Ford, Microsoft, etc. (3, Insightful)

Spazztastic (814296) | more than 5 years ago | (#25385499)

If the big fortune 100 companies would dump their IP blocks that they don't use more then 10% of the whole sensationalist scare of "OH MY GOD WE'RE RUNNING OUT OF ADDRESSES" wouldn't even be relevant.

Also, to quote someone from the last three articles related to IPv4 running out, it seems like one of these articles shows up on the main page at least once per month and nothing has changed.

I don't see why any company, even in the expandable future, would use every address in a /8 subnet... unless they have everything open to the internet, which is moronic.

Re:IBM, Ford, Microsoft, etc. (1)

Spazztastic (814296) | more than 5 years ago | (#25385555)

Before some grammar Nazi pounces me, I meant "Foreseeable future." Not expandable.

Re:IBM, Ford, Microsoft, etc. (0)

Anonymous Coward | more than 5 years ago | (#25385937)

I work for a big company that spends a lot of time buying or selling off bits and pieces of the company. We use our Class B for infrastructure stuff and private 10.x.x.x space for clients. That way if we get bought again, there's no chance of our WAN links, server ip's, etc. overlapping with the company we have to merge with... even though we only have a couple hundred of our registered addresses facing the public internet.

NAT is a hack. (2, Interesting)

SanityInAnarchy (655584) | more than 5 years ago | (#25386197)

Granted, it may be cheaper, in the short term, to use NAT than to upgrade to ipv6.

But imagine if no one was using NAT anywhere. This would have two effects:

First, techniques like Skype's UDP hole-punching would be completely unnecessary. You wouldn't even need a central server -- you could just use protocols like SIP the way they were meant to be used.

Port forwarding would be a thing of the past. Far more peer-to-peer technologies would just work.

Second, we'd run out of IPv4 a lot faster.

Wow... (0)

Anonymous Coward | more than 5 years ago | (#25385509)

ICMP _and_ TCP. That's really high-tech.

Why is anyone surprised? (4, Insightful)

gstoddart (321705) | more than 5 years ago | (#25385519)

People setting up networks aren't trying to use every single address in their space.

It's far easier to use an entire a.b.c.* as a logical sub-domain than fiddling with netmasks and all that stuff so that a.b.c.1 and a.b.c.200 are on different subnets.

The amount of work people would need to invest to use every single IP address with no holes would be cumbersome. (I'm not saying you can't do it, it's just tedious.) And, you never know when you're going to need to allocate more machines -- I remember getting blocks of IP addresses for static machines in case I needed another machine in the future.

Now, why most people aren't using 10.*.*.* as their internal stuff I'll never know. Since the overwhelming majority of machines on the internet aren't (and shouldn't) be directly routable, it's an awful waste to not have organizations behind NAT-ed firewalls and not drawing from the common pool of route-able IP addresses.

Cheers

Re:Why is anyone surprised? (4, Informative)

Finallyjoined!!! (1158431) | more than 5 years ago | (#25385783)

Quite right, there's no reason whatsoever why 98% of users shouldn't be behind NAT gateways. I've seen stupid situations where bloody printers are assigned a public IP - so people can print to them over the internet - Whaaat??? Furthermore pretty much all VPN client software (excluding Microsoft shite, of course) is NAT-T aware.

One other point, not related to the above, TFA states they are using icmp to determine if a host is alive. Really? What is the margin for error here? Pretty much every device I configure with a public IP & connected to the net, will not respond to icmp (except from designated hosts/host blocks) Guess we can take their figures with a pinch of salt then.

Re:Why is anyone surprised? (2, Insightful)

spaceyhackerlady (462530) | more than 5 years ago | (#25385841)

Now, why most people aren't using 10.*.*.* as their internal stuff I'll never know. Since the overwhelming majority of machines on the internet aren't (and shouldn't) be directly routable, it's an awful waste to not have organizations behind NAT-ed firewalls and not drawing from the common pool of route-able IP addresses.

This is exactly how the company I work for does it. We use one public IP address, and our computers (all private IPs, as they should be) are NATted behind our router. I do the same thing at home, partly to circumvent how many computers my ADSL provider will let me plug in to their connection without giving them more money. :-)

If everybody did things like this we would need a lot fewer IP addresses.

...laura

Re:Why is anyone surprised? (1)

mce (509) | more than 5 years ago | (#25385919)

Now, why most people aren't using 10.*.*.* as their internal stuff I'll never know. Since the overwhelming majority of machines on the internet aren't (and shouldn't) be directly routable, it's an awful waste to not have organizations behind NAT-ed firewalls and not drawing from the common pool of route-able IP addresses.

Mainly for historical reasons. My previous employer managed to get a B block back in the 1980s. After all, they planned on needing more than 256 addresses, so they would need it... At some point in the early 1990s, they finally managed to clean up the entire network to have logical and consistent addressing (it was a truly horrible mess before that), and since they had the B range, they used it. A few people already understood back then that this was a waste, but IT didn't listen. By now, they have many thousands of machines. All of them nicely firewalled and DMZ-ed, of course but, from an effort point of view, I can fully understand that they're not interested in changing the whole setup all over again.

Re:Why is anyone surprised? (0)

Anonymous Coward | more than 5 years ago | (#25385995)

My former company is now sitting on two IP blocks (at least) of 64K addresses each, with no earthly reason why they're still allocating public addresses internally. The good news is that they're moving towards using 10.* addresses. The bad news is that I doubt they're going to return those blocks to ARIN any time soon.

-- Bill

Many addr's may be behind firewalls... (5, Informative)

Anonymous Coward | more than 5 years ago | (#25385539)

We get this all the time from our ISP's. "Our scans reveal that you're not using much of the space we've allocated to you." In reality, those IP's are behind firewalls that only permit certain customers to reach them. Otherwise they don't respond - even to pings. The IP's appear dead to everyone except authorized users, and our ISP's aren't authorized.

Re:Many addr's may be behind firewalls... (3, Funny)

Timothy Brownawell (627747) | more than 5 years ago | (#25385803)

I wonder what the opposite strategy would do... have the firewall intercept pings, but instead of just dropping them, pretend to be the target and answer them itself.

Re:Many addr's may be behind firewalls... (1)

Volante3192 (953645) | more than 5 years ago | (#25386019)

Heh, the following companies should get alerts like that: GE, IBM, Xerox, HP, Apple, Ford, Halliburton...each of those have a full Class A block, HP has two even. (What, they want each printer of theirs sold to have a unique public IP?...)

I don't think those /29 and /30 blocks are the problem. it's all these unsaturated class As.

Reliable? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25385569)

I, for one, question the reliability of this data since the machines that are occupying those addresses are probably firewalled.

Fallow-Field Legislation (2, Interesting)

VE3OGG (1034632) | more than 5 years ago | (#25385585)

In the oil-business (and in many other fixed-resource industries, more then likely) there is a particular kind of legislation that would likely work very well in such a situation. It is known as 'fallow field legislation'.

It works like this:

If a company finds (or buys) rights to an oil field, they are given five years to start producing from it. If they do not, cannot, or are otherwise unwilling after those 5 years, the rights are revoked and the government (or governing body) will find someone who will and can.

Fast forward to IPv4 -- any address that isn't being used (and by used I mean that there is no web presence, to use of e-mail, etc.) after a certain time period (perhaps 1-2 year(s)) then the address is revoked and put back into the public pool.

Obviously, the easiest way to get around this little regulation would be to put up a place holder page, or redirect it to the main site. This would be much trickier. Likewise, it would not stop the name squatters (and increasingly the registrars) from putting up those SPAM pages, but like I said, it would fix the problem of people just sitting on a resource without using it.

My $0.02

Re:Fallow-Field Legislation (1)

mcelrath (8027) | more than 5 years ago | (#25385901)

This sounds like a great idea for IP=Intellectual Property.

If you do not, or cannot make money from your IP "rights" within the last 5 years, then that IP enters the public domain.

Re:Fallow-Field Legislation (0)

Anonymous Coward | more than 5 years ago | (#25386077)

Sig error:

Ignoring the amusing abuse of exponents that leads to (1=-1), how do you get from that to (1=0)? You can get to (2=0), or (-1=0)....

Re:Fallow-Field Legislation (0)

Anonymous Coward | more than 5 years ago | (#25385923)

Fast forward to IPv4 -- any address that isn't being used (and by used I mean that there is no web presence, to use of e-mail, etc.) after a certain time period (perhaps 1-2 year(s)) then the address is revoked and put back into the public pool.

yeah lets just start assigning single-ip blocks revoked from large corporations, that wont completely kill routers by causing excessively complex routing tables.

It's also pretty hard to define 'web presence'. If I have a quake server running every friday night, do I get to keep the ip? What about a vpn service that only allows the IPs I authorize to connect to it? That would appear entirely dead to the rest of the internet but is certainly in use.

His research is invalid!! (1, Informative)

Anonymous Coward | more than 5 years ago | (#25385603)

I have 2 class C ranges, and if he scanned mine he would have only got a handful of ICMP replys. I intentionally block ICMP on the majority of my IP's because it's nobody's business if I have anything on it.
I'm willing to bet that I'm not the only one blocking ICMP! Not by a LONG SHOT!

TCP and ICMP (4, Insightful)

IceCreamGuy (904648) | more than 5 years ago | (#25385611)

I drop ICMP entirely, and besides our website and mailservers, we don't have any standard tcp ports open on any of our other external IPs. I really can't imagine it's that much different for other medium and large businesses; am I to believe they nmapped the entire Internet? (It's clear FTA that they did not) To me, these findings are not that surprising in the security-oriented world we live in today.

Re:TCP and ICMP (1, Informative)

Anonymous Coward | more than 5 years ago | (#25385835)

Do you realize that dropping all ICMP breaks PMTUD among other things?
Don't block all ICMP just block the ICMP you don't want.

Re:TCP and ICMP (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25385855)

If none of the ports are open on any of your external IPs, then why do you need to have more than one external IP?

Re:TCP and ICMP (5, Informative)

Anonymous Coward | more than 5 years ago | (#25385889)

I drop ICMP entirely

Then you're an idiot [freelabs.com] who has no business managing a firewall.

No! (0)

Anonymous Coward | more than 5 years ago | (#25385657)

Or yes if you want to watch sysadmins scramble to save the day in the final hour.
Hmm, wait thats how we solve all tasks that donÂt generate imediate revenue.

Bankrupt companies (2, Interesting)

sunderland56 (621843) | more than 5 years ago | (#25385673)

What happens to the IP addresses allocated to companies that are now (a) bankrupt, or (b) bought out by larger companies, or (c) allocated to companies now significantly smaller in size? There must be a significant pool of addresses that could be reclaimed there.

e.g. dec.com, compaq.com, sco.com, sgi.com....

The simplest solution is to... (1, Insightful)

Jodka (520060) | more than 5 years ago | (#25385697)

Raise prices.

Raising the price of an IP address increases the incentive to not to waste the IP address.

Panic is good. (1)

Jack9 (11421) | more than 5 years ago | (#25385715)

How long did it take for the world to believe that the moon was a hunk of desolate rock as opposed to a god or made out of cheese? World perception is important and there's a lot of people who understand the IPv4 is running out. Not needed or advised to try and slow down adoption by yelling "wait wait wait we can still cheat to tread water longer" when the ocean is getting bigger by the day.*

//*on the spot metaphor

Re:Panic is good. (1)

eihab (823648) | more than 5 years ago | (#25385981)

I thought the whole point of their research is to say "Wait, we can squeeze more IPs that are allocated and not used before moving to IPv6".

ICMP and TCP? (1, Interesting)

Anonymous Coward | more than 5 years ago | (#25385731)

What about firewalls set to drop this traffic from unknown sources instead of rejecting?

Millions more have been hijacked (5, Interesting)

Arrogant-Bastard (141720) | more than 5 years ago | (#25385737)

In addition to all those lying idle because of excessive address space allocation, there are huge swaths of space which have been hijacked. Recent discussion on the NANOG list has highlighted some of these; the Spamhaus DROP list features others. And other researchers have found still more that are obviously no longer under the control of their putative owners, and are being use for spam, spyware, phishing, and worse. Attempts to get network operators, registrars, ICANN, ARIN, and others to effectively disable these resources -- and eventually to reclaim them -- have been largely unsuccessful. Yes, in some isolated cases, limited action eventualy takes place, but it's far too little far too late to be considered anything close to "effective". We need a concerted, worldwide effort to not only reclaim this space, but to blacklist for life those found currently possessing that -- because (as we've seen repeatedly) they won't be deterred by anything else.

MIT is 18.*.*.* (2, Informative)

Dogun (7502) | more than 5 years ago | (#25385763)

Last I checked, MIT had all of 18.*.*.*...

Need a Class C to do BGP (2, Informative)

WisePug (1386397) | more than 5 years ago | (#25385789)

I just setup redundant internet connectivity, and needed to get a class C address space, even though I only use a dozen or so addresses. I guess this is to limit the size of routing tables. Seems like a waste.

Interactive map (2, Informative)

citking (551907) | more than 5 years ago | (#25385829)

There is an interactive map on their site [isi.edu] that allows you to zoom into the IP space pretty nicely. Our uni has a B range of addresses and we use only two Cs of that right now. When we split off from the main building and got onto city fiber, they decided that, rather than give us a private IP range like the other campuses, we would be allocated one of the C ranges.

Of course, no one knew what they were doing so getting the ASA and default routes set-up properly was a nightmare, but hey, we're using more of our IP space now! (sarcasm intended)

They used ping! (5, Interesting)

eihab (823648) | more than 5 years ago | (#25385843)

From the article:

The USC research group used the most innocuous type of network packet to probe the farthest reaches of the Internet. Known as the Internet Control Message Protocol, or ICMP, this packet is typically used to send error messages between servers and other network hardware.

My home network is in complete stealth mode, and to them that's another "idle IP" address.

I also love how they arrived to their conclusion:

the team probed a million random Internet addresses using both ICMP and TCP, finding a total of 54,297 active hosts ...
In total, the researchers estimate that there are 112 million responsive addresses ...
but the overall conclusion--that the Internet has room to grow--is spot on

How did this ghetto-science experiment end up on Slashdot again?

IPv4 addresses running out: (4, Funny)

circletimessquare (444983) | more than 5 years ago | (#25385849)

the IT hysteria of the early century. just as juicy a media hit as the Y2K panic and fear from last century, but not as much consulting opportunities

personally i'm waiting for 2012, when the elder gods of the mayan calendar awaken and in their rage at not being greeted by chocolate, peppers, and virgins, they reroute all null pointers in all code to the apocalypse. plenty of IT hysteria, plenty of consulting opportunities

Underused Subnets (1)

prestomation (583502) | more than 5 years ago | (#25385861)

I had always heard similar. In the early days, lots of people where given A subnets on the assumption "We'll never need all those addresses so take a whole block!", so now large parts of Class A's are being unused, but the logistics of sorting all that out would be a pain

The problem isn't the addresses... (1)

nsayer (86181) | more than 5 years ago | (#25385879)

it's the size and complexity of the non-default routing table. The principle reason to switch to IPv6 is that it gives us the opportunity to throw away the old legacy routing table and insist on sticking with hierarchical address allocation to keep the routing table small.

lots of waste (0)

Anonymous Coward | more than 5 years ago | (#25385925)

I used to work at a university that had several thousand workstations in the campus. Each one is required to have a public IP address. It was nice to remote desktop in, but very wasteful.

everybody just calm down (1)

dieselpawn (1302503) | more than 5 years ago | (#25385955)

Here's an idea.. Why not just slap another octet to the end of IPv4?? I think I am capable of remembering 3 lousy numbers rather than eight groups of four hexadecimal digits.

just a few examples (2, Informative)

marvinglenn (195135) | more than 5 years ago | (#25385967)

See http://www.iana.org/assignments/ipv4-address-space/ [iana.org]

019/8 Ford Motor Company 1995-05 LEGACY
marvin@tribble:~$ host www.ford.com
www.ford.com is an alias for
www.ford.com.edgesuite.net.
www.ford.com.edgesuite.net is an alias for a1200.g.akamai.net.
a1200.g.akamai.net has address 96.17.109.74
a1200.g.akamai.net has address 96.17.109.18

013/8 Xerox Corporation 1991-09 LEGACY
marvin@tribble:~$ host www.xerox.com
www.xerox.com is an alias for www.xerox.com.edgekey.net.
www.xerox.com.edgekey.net is an alias for
e82.c.akamaiedge.net.
e82.c.akamaiedge.net has address 72.246.128.108

009/8 IBM 1992-08 LEGACY
marvin@tribble:~$ host www.ibm.com
www.ibm.com is an alias for www.ibm.com.cs186.net.
www.ibm.com.cs186.net has address 129.42.58.216

003/8 General Electric Company 1994-05 LEGACY
marvin@tribble:~$ host www.ge.com
www.ge.com has address 192.131.227.156

048/8 Prudential Securities Inc. 1995-05 LEGACY
marvin@tribble:~$ host www.prudential.com
www.prudential.com is an alias for web.prudential.com.
web.prudential.com has address 12.34.100.148

Apple (17) and HP (15) have their public website within their allocation. Eli Lil(l)y (40) appears also has their public website within their allocation, but I have a hard time believing that they could ever need that many public IP addresses.

So there... I just found an extra quarter million addresses. (5 x 2^16) Y'all can pay me by giving me my own /24.

Good Luck (0)

Anonymous Coward | more than 5 years ago | (#25386195)

I work for one of those companies. You try telling the 4th largest company in the WORLD that allocating an entire public /8 (that they paid for) on their internal network (and not using it externally) is bad juju and that they need to allocate money to readdress their entire global business and see how far that goes.

Let's see, I can not spend any money and keep my existing setup or I float additional expense in this economey in order to make some geeks on the internet happy. Hmmmm.....

My Class C use... (1)

HeyBob! (111243) | more than 5 years ago | (#25386011)

... or /24 if you prefer

I only use about 15 of the possible 253 ip addresses - the rest is wasted - I used to need them way back when there was no web multihoming though.

This would make a good poll:
Q: What percentage of your allotted IP space do you actually use?

Decades? (5, Funny)

Hikaru79 (832891) | more than 5 years ago | (#25386033)

The most comprehensive scan of the entire internet for several decades

As opposed to the great Internet scans of the 30s?

Unused addresses don't mean anything (1)

FliesLikeABrick (943848) | more than 5 years ago | (#25386035)

Just because addresses are lying idle doesn't mean we don't have a problem coming up. There is no sane way to use these idle addresses without having the large networks (read: owners of /8s) renumber their networks in such a way that they can be sanely subnetted and routed somewhere else.

Say a company has a /22. They may not be using more than half of their actual addresses, yet they may have assigned and be currently using every possible /24 in their allocation. Even if they are only using some of the addresses in a /24, it makes sense so that they can add machines to a subnet in the future without having to renumber everything to make certain subnets larger when they could/should have been that way from the start.

That last sentence pretty much describes what would have to be done to make use of these "idle" addresses. Renumbering everything to make these addresses available in routable subnets doesn't solve anything, it just shifts the problem onto the network owners who would have to give up theses addresses now, as they'll find themselves running out of address space at some point.

Then again, we could just move the whole world to one flat address space where any address can be used anywhere... (kidding).

The fact that there is an end of site and a "finite" number of addresses means that IPv6 adoption is important and is going to happen. Keep in mind that this article also completely ignores the fact that NAT is hiding millions of computers that otherwise would have needed publicly-routable IPv4 addresses. With IPv6, this hack of a solution isn't needed anymore.

We outgrew IPv4 a while ago, we just haven't hit the absolute limit of what we can do with it because of aids like NAT and hopefully we'll never have our backs up against that wall.

Re:Unused addresses don't mean anything (1)

FliesLikeABrick (943848) | more than 5 years ago | (#25386101)

And I didn't even mention the insanity that will arise in global routing when a whole bunch of MIT's /22s are taken from MIT and assigned to some companies in Europe. Route aggregation will go out the window unless (for example) MIT moved all of their stuff into the lower or upper half of 18/8 (or otherwise made room for it to be split off "properly). Even then, you're still splitting one route into two or more (granted it isn't as bad as pulling a bunch of /22s right from the middle of it)

I have 11 Class C's with lots of empty numbers (2, Interesting)

mschuyler (197441) | more than 5 years ago | (#25386037)

and you can have them when you pry them from my cold, dead fingers. I would never be able to get them today, but way back in the early nineties they just gave them away. I had ten sites and wanted to start a Frame Relay network, so 'they' gave me a Class C for every site and one to knit them together. A couple of my sites had less than a dozen computers. Of course, these days even the copy machines have an IP address, so those sites are up around two dozen or so. One of them is doubling in space, so we'll be up to fifty or so. One of our sites closed, so that freed up an entire Class C, but our largest site is pushing the limits, so we moved the empty Class C to the large site. The numbers are scattered all over the place. .1 is always the router. Of course, the hubs have their own IP address. Public access stations started at .100 to be easily recognizable, but then the staff machines got up to .99 so we had to hop scotch over the public numbers and keep going with .200. The numbers are static because it's easy to track, and when we first started it seemed a reasonable path to take.

Could we do this differently. OF COURSE!! There are lots of ways to free up a ton of space. Please don't lecture me on how to do it. I know how to do it. It's just that the system is working now. The system just kinda grew on us. When we started we had no idea copy machines would have IP addresses. Even the damn VoIP phones have IP addresses! That was a big hit on our numbers. Are refrigerators next? We had no idea we'd have fifty servers instead of three or four. Life has changed and because we are realtively 'wealthy' in terns of addresses, we had the flexibility to change with it.

I look at our Class C's kinda like a fixed field database. There's a lot of air in there. It compresses really nicely if you need to, but disk space is cheap, so there's no real reason to conserve it.

The thing is, even though we have a bunch of empty addresses, our experience shows that we're going to grow into them. We've already encountered congestion a couple of places. As soon as those new fridges show up we'll need some more numbers. My guess is before too long we're going to have to do some subnetting and consolidate a couple of our small sites into one Class C to free up the other one to use in a large site. That should work fine. I don't see any problems pulling that off. Of course, if we build another big site, we'll have to think through what to do very carefully. e'll probably do the new site like y'all want us to. We may not have any choice.

But those Class C's are mine. I own them, and you can't have them back.

Won't SOMEBODY think of the appliances? (2, Funny)

SoundGuyNoise (864550) | more than 5 years ago | (#25386041)

But my refrigerator, it needs, nay, craves an IP address, so it automatically orders my eggs and ravioli and orange creme soda, and orangutans, and breakfast cereals.....

This is news? (1)

overshoot (39700) | more than 5 years ago | (#25386063)

Considering how many Class A netblocks there are (each with 2^^24 globally-routable addresses) how is this a surprise?

Does anyone really believe that IBM has 16 million globally-addressable systems? Hell, no. IBM, like any sensible company, has a good firewalls. Likewise AT&T, the USDOD, etc.

At a rough guess, more than half of the IPv4 address space is unreachable and doing absolutely no good for the assigned owners.

Class-B unused for sale $500k (0)

Anonymous Coward | more than 5 years ago | (#25386093)

I have a Class-B, totally unused for 8 years,
for sale to the highest bidder,
lowest offer I'll take is $500k, cash only, sorry
yes, I really do own a totally unused class-B

My experience with RIPE (3, Informative)

Richard W.M. Jones (591125) | more than 5 years ago | (#25386103)

This story rings true. I worked for a company during the dot-com boom and just after which requested an allocation from RIPE [ripe.net] (the European equivalent of ARIN). I was the designated & trained "LIR" (I think that was the term?).

We received 8,192 IP addresses. We actually had them authorized to us in blocks of 256 addresses, and each time we needed another 256 we had to go back to RIPE and justify the expansion. However it is my understanding that the full 8,192 addresses were reserved for us.

We ended up using 3 x 256 addresses, but after a later downturn in the fortunes of the company, even many of those went unused.

I left the company many many years ago. However I notice the company that acquired it is still using those 3 x 256 addresses, and the original 8,192 are still reserved at RIPE. The IP addresses are even registered to the name of a director who was ousted when the company was taken over, at a street address that the company hasn't occupied for many years.

Rich.

Re:My experience with RIPE (1)

Richard W.M. Jones (591125) | more than 5 years ago | (#25386205)

Ah who cares ... 212.57.32.0 - 212.57.63.255.

Rich.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>