Slashdot Mirror

There are moves afoot to address this, but not currently going so well: https://blog.apnic.net/2018/10...

The first is that only 63 networks appear to reject routes where the ROA indicates an invalid origination of the route. Out of some 63,000 networks in today’s routing system that’s a very small number. Hopefully, this situation will improve over time.

The second observation is that the ROAs would only have been effective if these route leaks were inadvertent operational mistakes. If these route leaks were deliberate routing hijacks, then the attackers would’ve been able to create the hijacked route with the ROA-defined origin AS. While the prudent use of the maxlength parameter in the ROA could’ve mitigated more specific attacks, the potential for routing disruption based on deliberate hijacks, while preserving the origin AS, still remains.

Specifically, if you are interested in buying some from companies who already have them, you can go here.
Presumably they will get more and more expensive until it's cheaper to just get hardware that supports IPv6.

---

whois 175.45.177.217
[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net node-3]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 175.45.176.0 - 175.45.179.255
netname: STAR-KP
descr: Ryugyong-dong
descr: Potong-gang District
country: KP
admin-c: SJVC1-AP
tech-c: SJVC1-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-STAR-KP
mnt-routes: MAINT-STAR-KP
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
changed: hm-changed@apnic.net 20091221
source: APNIC

role: STAR JOINT VENTURE CO LTD - network administrat
address: Ryugyong-dong Potong-gang District
country: KP
phone: +66 81 208 7602
fax-no: +66 2 240 3180
e-mail: sahayod@loxley.co.th
admin-c: SJVC1-AP
tech-c: SJVC1-AP
nic-hdl: SJVC1-AP
mnt-by: MAINT-STAR-KP
changed: hm-changed@apnic.net 20091214
source: APNIC

Um, yes it is:

$ traceroute thepiratebay.se
  1 192.168.1.1 (192.168.1.1) 2.199 ms 1.119 ms 1.066 ms ...
21 rvs-rt0003_fe-0-0 .intelsatone.net (209.159.170.215) 409.544 ms 557.059 ms 409.418 ms
22 202.72.96.6 (202.72.96.6) 1024.210 ms 907.023 ms 1024.071 ms

$ whois n 202.72.96.6 ...
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 202.72.96.0 - 202.72.96.255
netname: INTELSAT-CUS-Camintel2-KH
country: KH
descr: Reassignment to CAMINTEL S. A. customer, KH
status: ASSIGNED NON-PORTABLE
remarks: * For issues of abuse related to this IP address block,
remarks: * including spam, please send email to at:
remarks: * mchsokhom@camintel.com

IANA, the top level of organizations which handle the allocation of IP addresses, has run out of IPv4 addresses more than a year ago: http://www.youtube.com/watch?v=orJpEJuZick

The regional registries still have addresses and are going through them at different rates, so they'll run out at different points in the future.

RIPE (Europe) is down to about 40 million addresses, including the last 16 million which will be assigned under a different, more stringent policy: http://www.ripe.net/internet-coordination/ipv4-exhaustion/ipv4-available-pool-graph

APNIC (Asia) is already on the last /8 block: http://www.apnic.net/community/ipv4-exhaustion/graphical-information

ARIN (North America): http://www.compusophia.com/en/ipaddrstat/ipv4_arin_pool.html

LACNIC (South America): http://www.lacnic.net/en/registro/espacio-disponible-ipv4.html

AfriNIC (Africa):
http://www.compusophia.com/en/ipaddrstat/ipv4_afrinic_pool.html

When those are depleted, it's going to be NAT all the way down.

In this stage, APNIC has a fixed block of address space reserved and available under a special policy for new and emerging service providers, but that doesn't help one much if you're a existing telecomm company who had been getting tens of thousands of addresses every few months in order to grow - you can now longer obtain additional blocks and now must scramble to come up with an alternative (such as IPv6) if you want to keep growing. More info - http://www.apnic.net/community/ipv4-exhaustion/exhaustion-and-network-operators

While there is such a thing as a "legitimate trading and auction sites,"

While I'm not aware of any auction sites, I do believe it is possible to do trading in Asia/Pacific region:

"APNIC transfer, merger, acquisition, and takeover policy"

http://www.apnic.net/policy/transfer-policy

Which came from this:

"prop-050: IPv4 address transfers"

"Current status Implemented on 10 February 2010"

http://www.apnic.net/policy/proposals/prop-050

And I know there is a proposal for doing simialir things in Europe:

"Post-depletion IPv4 address recycling"

"Current Phase:
Concluding Phase: Awaiting Decision from Working Group Chairs"

http://www.ripe.net/ripe/policies/proposals/2011-03

While there is such a thing as a "legitimate trading and auction sites,"

While I'm not aware of any auction sites, I do believe it is possible to do trading in Asia/Pacific region:

"APNIC transfer, merger, acquisition, and takeover policy"

http://www.apnic.net/policy/transfer-policy

Which came from this:

"prop-050: IPv4 address transfers"

"Current status Implemented on 10 February 2010"

http://www.apnic.net/policy/proposals/prop-050

And I know there is a proposal for doing simialir things in Europe:

"Post-depletion IPv4 address recycling"

"Current Phase:
Concluding Phase: Awaiting Decision from Working Group Chairs"

http://www.ripe.net/ripe/policies/proposals/2011-03

Let's say you did.

ping www.med.govt.nz
IP address: 192.188.71.101
ARIN says to query APNIC

inetnum: 192.188.71.0 - 192.188.71.255
netname: MEDGOVT-NZ
descr: Ministry of Economic Development
country: NZ

person: Maryanne Craig
address: Ministry of Economic Development
address: 33 Bowen Street
address: WELLINGTON
address: NEW ZEALAND
country: NZ
phone: +64 4 462 4215
e-mail: Maryanne.Craig@med.govt.nz

person: Stephen Isaacs
address: Ministry of Economic Development
address: 33 Bowen Street
address: WELLINGTON
address: NEW ZEALAND
country: NZ
phone: +64 4 470 2526
e-mail: stephen.isaacs@med.govt.nz

http://www.apnic.net/publications/news/2011/final-8

They are not allocating ipv4 to anyone but new ISPs and for IPv6 transition purposes. You cannot get IPv4 if for normal use if you are an existing account holder. Even if you are eligible the most you get is 4 /24s.

Here's what we got from APNIC this morning: Dear APNIC community We are writing to inform you that as of Friday, 15 April 2011, the APNIC pool reached the Final /8 IPv4 address block, bringing us to Stage Three of IPv4 exhaustion in the Asia Pacific. For more information about Stage Three, please refer to: http://www.apnic.net/ipv4-exhaustion/stages Last /8 address policy: APNIC's objective during Stage Three is to provide IPv4 address space for new entrants to the market and for those deploying IPv6. ..but given how fast APNIC reached the final /8, you'd think it won't be long before they run out entirely.

APNIC is NOT out of IPv4 addresses. They are down to their last /8 - the one they got as one of the final five /8s being allocated to each of the RIRs. This puts them in the third and final stage of their IPv4 exhaustion plan, whereby they will only allocate a maximum of a single /22 to each network operator which is supposed to be used primarily to enable a transistion to IPv6 by supporting IPv4 to IPv6 gateways and hosts that just have to be on a native IPv4 address.

More information directly from APNIC here.

And since you didn't bother to check the links or use the software, 5 demerits.

Thanks, I've got better things to do than run random trojans on my PC. O, and for the links: please check out this link which seems to disagree with the feasibility of your "tool".

Which is why we should just go and accept that NAT is here to stay, and design a NAT system that does v4/v6 protocol translations (you can easily design a system where a v4-only host can access v6-only hosts using clever DNS spoofs, V4 private address space DNS maps, etc).

NAT has its limits, especially with today's (and presumably also tomorrow's) heavily AJAXified sites. There is a nice illustration of what a user behind a NAT box which limits the number of his connections might see when using Google Maps (p.10 onward). Not pretty, huh?

However, that's probably how the things will play out: ISP sees it's out of public IPv4 addresses, can't get more, purchases a couple of big honking CGN boxes, users get a non-routable address on their end unless they're prepared to pay extra, things go back to almost normal for a while (bonus: difficulties for end users' P2P applications). Maybe they will even start seriously thinking about IPv6 rollout.

Redundant or not, you can't put anything other than a valid checksum in the IP checksum field without breaking every device which has to examine (and thus validate) the IP header. That includes every single router. If you're going to drop backward-compatibility anyway, why not fix the other problems with IPv4 at the same time?

IPv6 certainly isn't perfect. However, implementing any of the alternatives proposed in this thread would cost nearly as much, without addressing the long-term issue: non-hierarchical address allocation and the resulting exponential growth of routing tables. IPv6 provides enough address bits that a small number of known prefixes should always be enough to identify the next step in the route; high-level IPv4 routing, by contrast, requires knowledge of over 150,000 disorganized subnets[1].

[1] The number of "prefixes after maximum aggregation" from "BGP Routing Table Analysis" at the APNIC router <http://thyme.apnic.net/current/data-summary>.

Oh, heavens no, I'm glad there's no such thing for us.

They aren't selling because the current RIR policies prohibit them from doing so. ARIN, APNIC and RIPE NCC are actively developing policies to allow address markets to form. There was an excellent video on this at the last APNIC meeting: http://www.apnic.net/meetings/26/program/ipv4/

Page 10 onwards of this document discuss the limits of carrier-grade NAT. In particular, page 18 shows how many simultaneous sessions various common websites need when you're using them (including things like DNS) - something simple like Yahoo needs about 10, while iTunes needs more like 250 sessions.

NTT's observation is that customers end up with around 500 sessions at a time, on average; realistically, they believe that carrier-grade NAT only allows you to put 8 users per IP address with today's Internet, without risking noticeable degradation.

Even assuming that you can limit end users to basic browsing and e-mail, you're still looking at no more than a 250:1 gain from NAT - and that breaks many things that we currently expect to Just Work.

Maybe because some day we might have more addresses than people who ever lived?

Or, even better - maybe because right now the minimum assigned space is a /64? Which means we are allocating 1.8*10^19 (!!!) addresses, even if only one or two of them are actually going to be used.

The old "640K should be enough for anyone" argument isn't more valid now than it was 20 years ago...

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

Well, except those guys designing protocols by copying FTP, most client applications actually don't have a problem running with NAT.

Please note that many DSL and cable ISPs provide their customers with cheap "WLAN routers", who often really are plain NAT devices and so by today, you do have millions of people sitting behind NAT gateways and so NAT is a wide-spread "solution" in the industry.

NAT is in use at millions of sites, while the current worldwide amount of IPv6 traffic is merely something in the range of roughly less than a gigabit and about this well "tested" in real life. So if your router does run IPv6, it's not sure that this router will be able to run IPv6 reliably once IPv6 is widely deployed.

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

Well, "Ajax applications will break under NAT", "tomorrow we'll run out of IPv4 addresses" and "the whole world wants to be online, so we do need more IP space" are very close to FUD.

And may I point out that a clear majority of those 3.5 billion people are much more in nead of clean, drinkable freshwater, food to eat and at least some kind of health care rather than the ability to watch sneezing pandas on youtube?

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

Well, except those guys designing protocols by copying FTP, most client applications actually don't have a problem running with NAT.

Please note that many DSL and cable ISPs provide their customers with cheap "WLAN routers", who often really are plain NAT devices and so by today, you do have millions of people sitting behind NAT gateways and so NAT is a wide-spread "solution" in the industry.

NAT is in use at millions of sites, while the current worldwide amount of IPv6 traffic is merely something in the range of roughly less than a gigabit and about this well "tested" in real life. So if your router does run IPv6, it's not sure that this router will be able to run IPv6 reliably once IPv6 is widely deployed.

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

Well, "Ajax applications will break under NAT", "tomorrow we'll run out of IPv4 addresses" and "the whole world wants to be online, so we do need more IP space" are very close to FUD.

And may I point out that a clear majority of those 3.5 billion people are much more in nead of clean, drinkable freshwater, food to eat and at least some kind of health care rather than the ability to watch sneezing pandas on youtube?

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

Well, except those guys designing protocols by copying FTP, most client applications actually don't have a problem running with NAT.

Please note that many DSL and cable ISPs provide their customers with cheap "WLAN routers", who often really are plain NAT devices and so by today, you do have millions of people sitting behind NAT gateways and so NAT is a wide-spread "solution" in the industry.

NAT is in use at millions of sites, while the current worldwide amount of IPv6 traffic is merely something in the range of roughly less than a gigabit and about this well "tested" in real life. So if your router does run IPv6, it's not sure that this router will be able to run IPv6 reliably once IPv6 is widely deployed.

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

Well, "Ajax applications will break under NAT", "tomorrow we'll run out of IPv4 addresses" and "the whole world wants to be online, so we do need more IP space" are very close to FUD.

And may I point out that a clear majority of those 3.5 billion people are much more in nead of clean, drinkable freshwater, food to eat and at least some kind of health care rather than the ability to watch sneezing pandas on youtube?

NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

NATing between the internal LAN and the internet they can get up to ~250,000 entries (provided their hardware can support that), allowing each of their 2,000 users to be using, on average, 125 internet applications (or open connections) at once.

What's going to be more expensive: A massive NAT box or an IPv6-enabled router (as many already are)?

What's going to be more expensive: Adding NAT buster support into many apps, or using IPv6 (many apps are already IPv6-aware)?

At the APNIC 26 conference last month, NTT presented some ballpack numbers for how many people can be comfortably put behind NAT. They're not encouraging. Basically, the common "Web 2.0"-type apps open a lot of background connections, which chews through your ephemeral port space quickly, limiting the number of people that can be NATted. Google echoed those claims loud and clear: "AJAX applications break behind excessive NAT."

Also, consider that by 2012 we'll have run out of public IPv4 addresses. But only 25% of Earth's population will be online. Do you propose to put another 3.5 billion people behind NAT? I'm pretty skeptical that NAT can handle that load.

While NAT will likely be needed in the short term to deal with IPv4 address exhaution, I'm highly skeptical of its long-term scalability.

This reminds me of a story I read years ago about a filter not allowing someone named Sherril Babcock to register on a website until she changed her user id to Babpenis. I guess John Hancock might be denied too.

http://www.apnic.net/mailing-lists/apple/archive/2000/08/msg00013.html

Here's the current list of IPs. I stuck the entire country on the "drop all packets" list a while back on some of my servers and never looked back. AND got a significant reduction in the random crap that tried to break into my stuff.

http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn

There never was any useful traffic from there for what I am doing, so no loss.

To a good portion of the Chinese netblocks:

http://www.apnic.net/apnic-bin/ipv4-by-country.pl?country=cn

Just stick them in your firewall to drop all packets and go on with life.

They announced a route out of AS 17557 sending all traffic from ANYWHERE on the Internet to a black-hole in Pakistan. The effect was to make YouTube unreachable from ANYWHERE until the route was filtered by the backbone providers. They claimed it was an "oops".

Am I the only one who is fed up with Islamic Medievalism? If they want to live in the stone age, let's send them there. It will also solve a good bit of the world's over-population problem.

http://thyme.apnic.net/current/data-summary

Transit ASes present in the Internet Routing Table: 3490

I call horseshit

It would certainly be nice for Australia to have some part of the infrastructure here.

But you do, in fact.

Everything on the net we use seems to come from the states :(

Content is not infrastructure.

I use two ways:

1. Resources such as http://www.apnic.net/db/ranges.html and http://www.iana.org/assignments/ipv4-address-space

2. Build the list "manually" by checking originating IP addresses through the ARIN datatbase http://www.arin.net/whois/

Using the latter method, simply pasting the originating IP address (example, 116.24.118.9) into the search field yields that the address block 116.0.0.0 - 116.255.255.255 is admintrated by APNIC, and therefore "foreign" (to North America). So, simply block that entire range.

Other foreign registries include AFRINIC (Africa et al), LACNIC (Latin America), and RIPE (Europe).

Trust me, this kind of blocking really does work and is a viable tool for many North American mail servers--Karma be damned.

http://www.apnic.net/archive/news/hot-topics/index .html#ip-addressing

Do try to keep up. That page was posted sometime in 2003. We've got 4 more years of data and growth to look at now, and the current projections (including by one of the leading experts who had a message that was also quoted on that page) is that ARIN will be allocating the last of its blocks in March of 2010, with the RIR's allocating the last of the blocks from their level in approximately 6 to 36 months. So, best case, you will not be able to go back to the well to get more IPv4 addresses in March of 2013.

I'm not sure what it would take for you to call it a shortage, but this certainly qualifies in my book.

When you say "the way addresses were distributed", you are ignoring the fact that there are millions of unused, un-distribued addresses free for the taking.

Internet Protocol v4 Address Space.

See all those blocks marked "IANA - Reserved"? Those are unused addresses. Any ISP in China can ask APNIC for more addresses, and APNIC will give them addresses. There is no shortage.

When you say "the way addresses were distributed", you are ignoring the fact that there are millions of unused, un-distribued addresses free for the taking.

Internet Protocol v4 Address Space.

See all those blocks marked "IANA - Reserved"? Those are unused addresses. Any ISP in China can ask APNIC for more addresses, and APNIC will give them addresses. There is no shortage.

I assume by "Verio" you mean NTT (AS2914). NTT is an incumbent Japanese telco, which bought the US-based Verio some years ago. I know that NTT offers IPv6 services, and their brochure is here, which claims that they're running dual stack on all of their routers. That brochure also claims that they have 500 customers for their IPv6 services, and claims that they're the largest provider of IPv6 in the world.

As for Sprint, they often brag about their L2TPv3 core, with MPLS, and other private-IP services offered as edge services. It would make sense for them to run 6PE and just treat v6 as yet another edge service which doesn't interfere with their core. BTW, Sprint's documentation on this indicates that they have a grand total of seven IPv6 speaking routers.

So while you might have a point about NTT running v6 in the core, they're not that big an ISP in the US: the weekly routing table analysis doesn't show them in the top 20 in either the ARIN region or the APNIC region. From the map on their website, they've got all of 9 POPs in the US... Their focus seems to be on business and webhosting customers, rather than on end-users - they don't offer a TDM product below a DS3.

In any case, the idea that having 500 customers of a given technology shows the provider as the most deployed/largest in the world misses the scale of the Internet entirely: Cablevision might have more than 500 customers in a single building who are IPv4-only.

My experience is that around 60-75% of the spam I receive comes from China. On my home mail server I finally broke down and started blocking the worst offending subnets and the amount of spam I received dropped dramatically. There is a RBL for China, cn.blackhole.us, or a combination of China and Korea (cn-kr.blackhole.us), though these are no longer listed and will likely disappear soon.

I also use several other RBLs which have helped a lot.

I also decided to add the worst offending subnets in China as rules for my firewall to block. The worst offending subnet is 221.208.208.x where my firewall reports an almost constant barrage of IM spam, and from what I've read, this subnet has been a problem for years.

For your own blocking, the following script will get all the subnets used by China (or any other country you're interested in, just change $ctry):

#!/usr/bin/perl $ctry = shift || 'cn'; $_ = `wget -O - http://www.apnic.net/apnic-bin/ipv4-by-country.pl? country=$ctry`; print join "\n", /([0-9\.]+\/[0-9]+)/g;

At work, where I cannot do this, most of my spam is also received from China.

Out of the rest of the spam I receive, the US is actually pretty far down on the list of sources, though still much higher than places like the UK, Germany or France. The rest seems to come from places like Poland, Romania and Estonia.

http://www.apnic.net/docs/policy/ipv6-address-poli cy.html

they are looking / reccomending on giving /64's (it's on an address boundry ':')

"Waiting For The Valerie Plame Wilson Grand Jury: The Big Question Is Whether Dick Cheney Was a Target"

"2 Brits nabbed with $3 trillion in fake US fed notes"

Robert

For a start, a lot of ISPs only offer one address, partly to encourage people to buy more expensive packages with multiple addresses, and NAT transparently solves that issue.

There is no reason to assume that increased avilability of addresses will cause ISPs to offer more addresses to consumers - after all if they anticipate 100,000 single PC broadband connections, they are going to find it hard to get approval for 800,000 addresses (to allow a /28), even with the increased address space.

And even when you do have multiple addresses allocated, what about the users that have one more machine than usable addresses? Small company networks etc? Now matter how many addressed IPv6 supplies, we will run out eventually, and much sooner than we expect.

In the end NAT offers security, [...]and a reasonable form of security

simplified network management with an excellent delineation point between vendor and consumer (the ISP dosen't have to worry about what is inside the end user network),

The address shortage is a myth.

1. Collect lots of logs with client IP addresses and User Agents from various popular web sites.
   Since www.visitorville.com is in the business of providing web stats, they are probably aggregating stats from many of their customers.
   
2. Get the mapping of which IP address blocks are owned by which companies.
   You can get them the registries (e.g., ARIN, RIPE , APNIC) by asking nicely and agreeing to use them for marketing.
3. Write some software that dissects user agents and OS from the User-Agent value and counts occurrences per per IP address block owner.

As far as I understand it, the idea that there is a shortage of IPv4 addresses is really a myth. I read a paper that someone wrote that came to the conclusion that even with the current growth rate (exponential) that we would not run out of addresses for another 20 years or so.

I think the real problem is that these days the RIRs (such as ARIN and APNIC) require justification before allocating netblocks. That means you have to show either current usage need or plans for future expansion, or both. You can't just say, "I'd like a /16 please" and expect to get it it. So really I think the non-US countries like to say "netspace is limited" but what they really mean is "sure we can get all the netblocks we want but it requires some paperwork and justification and we're just bitter that old companies back in the 80s were handed out whole /8s for the asking."

By the way, here is the data I have that shows total number of IP addresses for all netblocks allocated to each country (top 10):

US 1,828,328,425
JP 117,486,311
GB 84,658,624
DE 69,438,200
AU 65,918,741
CA 64,257,591
CN 54,172,684
FR 45,387,299
NL 35,056,078
KR 34,084,629

The source for these numbers was the aggregated data from http://ip-to-country.webhosting.info/

You missed the point of the article. At the current rate of non-progress, IPv6 will never reach critical mass. IPv6 needs a jumpstart. (The Asia issue is a red herring since there is no address shortage in Asia.)

The US does NOT control addresses for China. APNic would be the reponsible body. Its not even located in the USA!

Stupid.

This command, for example, would show you China from that file:

awk -F\| '{print $2, $3, $4, $7}' delegated-apnic-20040101 | grep '^CN ipv4' | sort

I wouldn't call a software economy that's worth roughly $30/billion year, with $10 billion being outsourcing, to be merely "nascent." Unless, of course, you consider that in 2008, the Indian IT Ministry plans to have $50 billion in outsourcing (meaning: your students' jobs, and possibly yours as well) and $90 billion overall.

Indian Economy Report

Indian IT Plans

I'm surprised such Indian localizations weren't done sooner. Perhaps one day, we'll have to navigate them -- at its current growth rate, India will dominate the world in software roughly by the time this year's new CS students graduate.

There's a lot of info here too:
Arin
Ripe Ncc
Apnic
Lacnic

Wot sez we demonstrate the SlashDot Effect(TM) for the thieving bastard?

Here ya go:
http://cgi1.ebay.com/aw-cgi/ebayISAPI.dll?UPdate

Of course the problem here is the same one we're seeing with spammers - this guy is operating out of China.

Just look at the registration info for the IP address (looked up on APNIC Whois Database)- how do you deal with someone in a country whose legal system doesn't give a damn about people who scam foreigners?

% [whois.apnic.net node-2]
% How to use this server http://www.apnic.net/db/
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

inetnum: 202.99.0.0 - 202.99.63.255
netname: CHINANET-BJ
descr: CHINANET Beijing province network
descr: Data Communication Division
country: CN
admin-c: DK26-AP
tech-c: SY21-AP
mnt-by: MAINT-CNCGROUP
mnt-lower: MAINT-CHINANET-BJ
changed: hostmaster@ns.chinanet.cn.net 20000101
status: ALLOCATED NON-PORTABLE
source: APNIC

person: Dongmei Kou
nic-hdl: DK26-AP
e-mail: dmkou@publicf.bta.net.cn
address: No.156,Fu-Xing-Men-Nei Street,Beijing,100031
phone: +86-10-66429796
fax-no: +86-10-66429794
country: CN
changed: dmkou@publicf.bta.net.cn 20030710
mnt-by: MAINT-CNCGROUP
source: APNIC

person: sun ying
address: Beijing Telecommunication Administration
address: TaiPingHu DongLi 18, Xicheng District
address: Beijing 100031
country: CN
phone: +86-10-66198941
fax-no: +86-10-68511003
e-mail: suny@publicf.bta.net.cn
nic-hdl: SY21-AP
mnt-by: MAINT-CHINANET-BJ
changed: suny@publicf.bta.net.cn 19980824
source: APNIC.

the current system of handing out addresses (which have no value as such and should not be charged for, although an administrative fee can be charged for setting it up, which quite a few ISP's do) is essentially global through RIPE NCC, APNIC, LACNIC and ARIN. So if China runs out, it means we have all run out.

Admittedly, the US has quite a bit of legacy space, but I'm sure that large chunks of it will be reclaimed for everyone, should the need arise.

In the US, the idea is still that the Internet is American, so the US will be ok. That is exactly why the ARIN region is (too) slow to pick up on IPv6.

Ofcourse, IPv6 may not happen in the end (there are still quite a few bugs to be ironed out by the IETF et al), but I hope it does, because NAT is getting old real fast. Port forwarding helps a little, but remains a hack at best. The pain of having several machines do the same things behind one IP address (ICQ, webserver, netmeeting) is simply not worth it when I can get over 65000 subnets (with billions of addresses in each one) assigned to me with IPv6.(Everyone that could subnet, should receive a /48 according to current policy, no extra charge)

We could then finally do all the things that we should have been able to now.

And currently, IPv6 is totally free. Everyone gives free transit to everyone, IPv6 is not taken into account with the fee that the RIR's charge their members (at least in the RIPE region, I think the other regions too).

This will change ofcourse, but IPv6 is already a major improvement over IPv4, the US will feel the pain of coming late everywhere if they don't prepare.

CC