Slashdot Mirror

I'm ready to begin to add IPv6 to my network. 99% of my machines can support IPV6. There is no RFC1918 private space needed with IPv6 since there is so much space. I went to allocate space, but found out that I can't;

http://www.arin.net/registration/guidelines/ipv6_initial_alloc.html

This is actually a very important step towards what you want. About two-thirds of the TLDs have authoritative servers which are reachable over IPv6. There's a complete list at my blog - http://www.personal.psu.edu/dvm105/blogs/ipv6/2008/01/ipv6-dns.html

So you can query the root and .com DNS servers using IPv6. If you want Google to be reachable over IPv6, go talk to Google. Everything higher in the tree is IPv6-enabled now. And Google has an IPv6 allocation from ARIN - they got a /32 2005 - http://ws.arin.net/whois/?queryinput=!%20NET6-2001-4860-1

I agree that there isn't much content on the IPv6 internet now. So if you want it, yell at the content providers.

Allow me to insert one step before ???

* Follow-up on your SSH logs. If you see a phishing attack, do something about it!

That something could be:

- Report the IP to the owner of the netblock who can be found at ARIN. All netblock owners must have an IP-admin address or an abuse address. Unfortunately, my experience is that most of these go to /dev/null. There are those who actually have responsible NOC staff, and they will act on your complaint if you send them a copy of the relevant logs.

- Block further network access from that particular netblock at your firewall. I've found this to be a very effective method. Believe it or not, you don't end up blocking the entire Internet; the places that launch such attacks are not very common.

- Rate-limit SSH access. This works well, but I've locked myself out of my own server!

So there are huge swaths of IP space tied up in entities which don't need any where near as many as before NAT. If ARIN's requirements for usage were enforced then we may be fine for the next 10 years. Anyone with a Class A needs to figure out what they're doing and return some major swaths of IP space:

1.0.0.0/8 - IANA
2.0.0.0/8 - IANA
3.0.0.0/8 - GE
4.0.0.0/8 - Level 3
5.0.0.0/8 - IANA
6.0.0.0/8 - DoD
7.0.0.0/8 - DoD
8.0.0.0/8 - Level 3
9.0.0.0/8 - IBM
10.0.0./8 - NAT (we all love it)
11.0.0.0/8 - DoD

Come on people - if you're going to force usage on us, then force them on all http://www.arin.net/policy/nrpm.html#four33

Now as an ISP, I want to be multi-homed, but the only "legit" mannor to do this is via an IP allocation from ARIN, otherwise you'll be forcing a renumber on your clients (not a happy thing).

I use two ways:

1. Resources such as http://www.apnic.net/db/ranges.html and http://www.iana.org/assignments/ipv4-address-space

2. Build the list "manually" by checking originating IP addresses through the ARIN datatbase http://www.arin.net/whois/

Using the latter method, simply pasting the originating IP address (example, 116.24.118.9) into the search field yields that the address block 116.0.0.0 - 116.255.255.255 is admintrated by APNIC, and therefore "foreign" (to North America). So, simply block that entire range.

Other foreign registries include AFRINIC (Africa et al), LACNIC (Latin America), and RIPE (Europe).

Trust me, this kind of blocking really does work and is a viable tool for many North American mail servers--Karma be damned.

Oops, one little irony I just noticed. You denounce John Curran as a troll, using ARIN figures to refute his argument. Hey, guess who's the chairman of ARIN? One guess.

Believe it or not the USA, Germany, Japan, and France are not the leaders in this activity

Old News, Two of the better know:
China Titan Rain: http://en.wikipedia.org/wiki/Titan_Rain
US DARPA TIA: http://en.wikipedia.org/wiki/Total_information_awa reness

EU, Russia, Arabs, Israel, UN ... It is the new SOP for CoOp spycraft and cyberwar.
US ain't the only one on the block, globally they are all on pot calling the kettle black.
As I always say, "Reality is self induced hallucination." If you're a politician/idiot it ain't that FUBAR.

Wikipedia blocked the USA Congress IP address block, as to why ....
http://majikthise.typepad.com/majikthise_/2006/01/ wikipedia_block.html

Maybe some folks need to be blocking some top-level domains .cn/203+202..., .mil/199+207..., .gov/216+206+69+209+82+66... ....

IOW, consider the following:
US DOD NIC: 6.0.0.0 - 7.255.255.255
US DOD NIC: 11.0.0.0 - 11.255.255.255
US DOD NIC: 21.0.0.0 - 22.255.255.255
US DOD NIC: 26.0.0.0 - 26.255.255.255
US DOD NIC: 28.0.0.0 - 30.255.255.255
US DOD NIC: 33.0.0.0 - 33.255.255.255
US DOD NIC: 55.0.0.0 - 55.255.255.255
Halliburton Company 34.0.0.0 - 34.255.255.255
Computer Sciences Corporation 20.0.0.0 - 20.255.255.255
USPS: 56.0.0.0 - 56.255.255.255

You can do your own homework:
IANA: http://www.iana.org/
ARIN: http://www.arin.net/index.shtml

!HAVEFUN!

Microsoft Corp MICROSOFT (NET-131-107-0-0-1) 131.107.0.0 - 131.107.255.255
Microsoft Corp MICROSOFT-VEXCEL (NET-192-92-90-0-1) 192.92.90.0 - 192.92.90.255
Microsoft Corp NETBLK-MSOFT-NET (NET-198-105-232-0-1) 198.105.232.0 - 198.105.235.255
Microsoft Corp MICROSOFT-1 (NET-199-103-90-0-1) 199.103.90.0 - 199.103.91.255
Microsoft Corp MICROSOFT-CORP-MSN-3 (NET-199-103-122-0-1) 199.103.122.0 - 199.103.122.255
Microsoft Corp MICROSOFT17 (NET-199-6-92-0-1) 199.6.92.0 - 199.6.94.255
Microsoft Corp MICROSOFT-2 (NET-204-79-7-0-1) 204.79.7.0 - 204.79.7.255
Microsoft Corp MICROSOFT-NET1 (NET-204-79-27-0-1) 204.79.27.0 - 204.79.27.255
Microsoft Corp MICROSOFT-CORP-MSN-1 (NET-199-60-28-0-1) 199.60.28.0 - 199.60.28.255
Microsoft Corp MICROSOFT2 (NET-198-180-74-0-1) 198.180.74.0 - 198.180.75.255
Microsoft Corp MICROSOFT3 (NET-198-180-95-0-1) 198.180.95.0 - 198.180.97.255
Microsoft Corp MICROSOFT8 (NET-204-79-101-0-1) 204.79.101.0 - 204.79.101.255
Microsoft Corp MICROSOFT-HK (NET-204-79-135-0-1) 204.79.135.0 - 204.79.135.255
Microsoft Corp MICROSOFT-PLACEWARE-1 (NET-204-79-179-0-1) 204.79.179.0 - 204.79.179.255

Section 9 of ARIN's standard Service Agreement clearly states:

"9. NO PROPERTY RIGHTS. Applicant acknowledges and agrees that the numbering resources are not property (real, personal or intellectual) and that Applicant shall not acquire any property rights in or to any numbering resources by virtue of this Agreement or otherwise. Applicant further agrees that it will not attempt, directly or indirectly, to obtain or assert any trademark, service mark, copyright or any other form of property rights in any numbering resources in the United States or any other country."

[ Full ARIN agreement http://www.arin.net/library/agreements/rsa.pdf ]

Section 9 of ARIN's standard Service Agreement clearly states: "9. NO PROPERTY RIGHTS. Applicant acknowledges and agrees that the numbering resources are not property (real, personal or intellectual) and that Applicant shall not acquire any property rights in or to any numbering resources by virtue of this Agreement or otherwise. Applicant further agrees that it will not attempt, directly or indirectly, to obtain or assert any trademark, service mark, copyright or any other form of property rights in any numbering resources in the United States or any other country." [ Full ARIN agreement http://www.arin.net/library/agreements/rsa.pdf ]

Its been here for a long time. I'm running a series of web servers for internal company use that have native IPv6 addresses

How would one get assigned such addresses? I'd like to stop using IPv4 RFC 1918 address ranges for my personal networks, so that I can VPN in from anywhere without worrying about my address ranges conflicting with those of whatever network I stick my laptop on. My ISPs don't do IPv6. I want a globally unique IPv6 range of my very own, which does not need to be routable from the Internet. (I've given up on that dream.) It seems like I have a couple choices:

• Use a 6to4 address range for one of my public static IPv4 addresses. But then if I lose that IPv4 address (switch providers, etc.), I have to renumber my whole IPv6 network. Some people are worse off - no public static IPv4 addresses at all.
• Get assigned a native IPv6 block. I don't think I can do that. According to a quick skim of ARIN's guidelines, I would get my block from a Local Internet Registry, and I don't know one that does that sort of thing.

...force the little guy to use IPv4...

The process for getting v4 IP's directly from ARIN complicates that a bit...

The minimum allotment is a /20, which is 4096 IP's, and for a 'little guy' it'd be pretty hard to fill up.
ARIN also demands that before you can qualify, you must use 75% of the allocation within 90 days of it being assigned to you, otherwise you run the risk of having the IP's revoked.

If you're Multi-Homed (multiple carriers terminating at the same endpoint [your network] using BGP) than the minimal is a /22, which is 1024 IP's, but it's the same deal with regards to allocating 75% of them within 90 days.

Usually you won't get anything from the ISP. I start with ARIN and move to RIPE, APIC as the search suggests. I run into one of two scenarios:

1) There is a properly listed contact for abuse reports to whom I send the complete relevant log entries in text format. I usually don't hear from them again, but I also don't see any further network abuse from that netblock owner.

2) The owner of the IP block is a complete and utter joke. Examples: they don't correctly configure their reverse DNS, so they will claim that you have the wrong IP address, they list an abuse contact that doesn't speak English, they send spam in reply to your abuse complaint (that actually made me laugh for a moment). In this case, you also won't hear anything, but you should probably go to the effort of banning such an irresponsible network at your firewall.

Generally you won't hear anything. You won't know if someone has seen or acted on your complaint. Just think of how many network abuse complaints a large, responsible network would have to deal with daily. There's also dozens of fly-by-nights that make it clear that they won't make their network behave no matter how much you complain.

Surprisingly, I've found that larger netblock owners are quite responsible. A threat to block their entire netblock at your firewall is an effective one, easy to carry out and perfectly justified. Just be sure to remove the block if they show that they have fixed your complaint.

thegameiam,

NATing was a temp stop gap. Also, if you just look around, almost every home with broadband uses NAT, every company uses NAT and many companies have the operation hell of traffic being NATed multiple times throughout an Enterprise. So wide spread adoption of NAT already happened. NAT is not the answer. For a home user with a dinky network, it works. If you have a huge network with MILLIONS of endpoints, it just does not from an ROI perspective. Try tracing and capturing packets whose addresses change multiple times in both directions on a global network for an application that is not functioning and your company is losing money for every minutes (second) it is out.

Remember that there are billions of people with millions coming online in some form or fashion for the first time every year with many new companies springing up to serve them. A simple thing like an address gets important. The more private addressing you use, the less interoperable and supportable things become. Just something to think about as you play with the hair on your arm.

To the point of address exhaustion; here is a quote from an ARIN meeting last October 2006:

"....And then you see each of the RIRs, the amount of space that we currently have in /8s, ARIN having at this point the most IPv4 blocks from the IANA and, of course, the available space. It says the IANA reserved is right now 59 /8s. That number changed last week. There are now 55 /8s remaining. ARIN was issued four /8 blocks by the IANA last week, last Wednesday I think. So there really are 55 /8s remaining in the entire v4 space pool...."

http://www.arin.net/meetings/minutes/ARIN_XVIII/pp m1_transcript.html#anchor_4

I have seen estimates of practical allocatable address exhaustion in 2008 or 2009. Pretty darn soon! This does not mean the Internet or commerce will stop. Just new services and deployments will increasingly need to use IPv6 because there will not be IPv4 addresses for them.

Getting back to IPv6 in space.....it is good it is being tested now in space because it will certainly be used in the future. Also, I hope every router in space is Cisco, then they should work. :-)

Suggested links:
http://www.arin.net/
http://www.iana.org/ipaddress/ip-addresses.htm
http://www.arin.net/meetings/minutes/ARIN_XVIII/pp m.html

Best regards,

Andy

thegameiam,

NATing was a temp stop gap. Also, if you just look around, almost every home with broadband uses NAT, every company uses NAT and many companies have the operation hell of traffic being NATed multiple times throughout an Enterprise. So wide spread adoption of NAT already happened. NAT is not the answer. For a home user with a dinky network, it works. If you have a huge network with MILLIONS of endpoints, it just does not from an ROI perspective. Try tracing and capturing packets whose addresses change multiple times in both directions on a global network for an application that is not functioning and your company is losing money for every minutes (second) it is out.

Remember that there are billions of people with millions coming online in some form or fashion for the first time every year with many new companies springing up to serve them. A simple thing like an address gets important. The more private addressing you use, the less interoperable and supportable things become. Just something to think about as you play with the hair on your arm.

To the point of address exhaustion; here is a quote from an ARIN meeting last October 2006:

"....And then you see each of the RIRs, the amount of space that we currently have in /8s, ARIN having at this point the most IPv4 blocks from the IANA and, of course, the available space. It says the IANA reserved is right now 59 /8s. That number changed last week. There are now 55 /8s remaining. ARIN was issued four /8 blocks by the IANA last week, last Wednesday I think. So there really are 55 /8s remaining in the entire v4 space pool...."

http://www.arin.net/meetings/minutes/ARIN_XVIII/pp m1_transcript.html#anchor_4

I have seen estimates of practical allocatable address exhaustion in 2008 or 2009. Pretty darn soon! This does not mean the Internet or commerce will stop. Just new services and deployments will increasingly need to use IPv6 because there will not be IPv4 addresses for them.

Getting back to IPv6 in space.....it is good it is being tested now in space because it will certainly be used in the future. Also, I hope every router in space is Cisco, then they should work. :-)

Suggested links:
http://www.arin.net/
http://www.iana.org/ipaddress/ip-addresses.htm
http://www.arin.net/meetings/minutes/ARIN_XVIII/pp m.html

Best regards,

Andy

thegameiam,

NATing was a temp stop gap. Also, if you just look around, almost every home with broadband uses NAT, every company uses NAT and many companies have the operation hell of traffic being NATed multiple times throughout an Enterprise. So wide spread adoption of NAT already happened. NAT is not the answer. For a home user with a dinky network, it works. If you have a huge network with MILLIONS of endpoints, it just does not from an ROI perspective. Try tracing and capturing packets whose addresses change multiple times in both directions on a global network for an application that is not functioning and your company is losing money for every minutes (second) it is out.

Remember that there are billions of people with millions coming online in some form or fashion for the first time every year with many new companies springing up to serve them. A simple thing like an address gets important. The more private addressing you use, the less interoperable and supportable things become. Just something to think about as you play with the hair on your arm.

To the point of address exhaustion; here is a quote from an ARIN meeting last October 2006:

"....And then you see each of the RIRs, the amount of space that we currently have in /8s, ARIN having at this point the most IPv4 blocks from the IANA and, of course, the available space. It says the IANA reserved is right now 59 /8s. That number changed last week. There are now 55 /8s remaining. ARIN was issued four /8 blocks by the IANA last week, last Wednesday I think. So there really are 55 /8s remaining in the entire v4 space pool...."

http://www.arin.net/meetings/minutes/ARIN_XVIII/pp m1_transcript.html#anchor_4

I have seen estimates of practical allocatable address exhaustion in 2008 or 2009. Pretty darn soon! This does not mean the Internet or commerce will stop. Just new services and deployments will increasingly need to use IPv6 because there will not be IPv4 addresses for them.

Getting back to IPv6 in space.....it is good it is being tested now in space because it will certainly be used in the future. Also, I hope every router in space is Cisco, then they should work. :-)

Suggested links:
http://www.arin.net/
http://www.iana.org/ipaddress/ip-addresses.htm
http://www.arin.net/meetings/minutes/ARIN_XVIII/pp m.html

Best regards,

Andy

You should rename "Various Registrars" to The Swamp, with accompanying artwork. Also, the big green pasture up at the top right is Class E space. That might be a good place for the "Here be dragons" section, as attempting to allocate that space for unicast use would run into lots of problems, some of which I'm sure we haven't thought of yet.

ISPs pay for their address space
No... they don't.

Sigh... another troll, guess I got baited, but:

See, there's this thing called The Internet, and Google, and AOL, and CNN are all on it. We all agree that that thing is called the Internet.

On IPV6, there's nobody.

Who is this "we" that you are talking about? Obviously you are not on any IETF working groups as you are completely ignorant of the fact that IPv6 is a DOCUMENTED STANDARD that is ALREADY IS USE on the Internet! (See stupid comment about: "IPV6 is just a misnomer")

So it is obvious that you are not part of the "we" that "agree that that thing is called the Internet". You are just an end user, who knows very little about networking. Sit back and enjoy the ride, leave network engineering to those of us with a clue. When WE decide to move everything over to IPv6 YOU will follow. Or you can stop using the network, your choice really...

Oh, and if you bothered to do any research before opening your mouth and claiming Google is "on your side", you may want to check into the fact that Google already own IPv6 space!

Way to go cheese!

Don't just unlock the 127 network. Take a look sometime at how many addresses are "reserved". I think almost half of the Class A addresses are "ARIN reserved", plus a good chunk of the rest of the address space. Go to www.arin.net to check it out. Try typing in 1.0.0.0, or 2.0.0.0, or 5.0.0.0, ... etc for an address. Also, look at how many Class A addresses the DOD has.

There is no real shortage for the US, yet.

I though ARIN was in charge of IP's?

http://www.arin.net/

ICANN controls the DNS root servers but ARINhttp://www.arin.net/ controls IP address assignments in the US. There are other groups that control IP address assignments in other areas (RIPE being one of them) -Aaron

1. IPv6 is coming along plenty well, thank you.
Are you high? When was the last time you were assigned an IPv6 address by your ISP? When was the last time ANYONE was assigned an IPv6 address? When was the last time you connected with an IPv6 address on the internet?

Google's assigned IPv6 block (2^96 addresses)
US gov't has mandate all Federal Backbones be IPv6 by June 2008
IPv6 enabled products
Get connected

No need to get defensive just because you're stuck in the IPv4 backwaters. ;)

Not true...that's the whole point. According to ARIN allocation rules, you have to have business plans and evidence for sub-allocations up for 200 customers before they'll give you the /32. That doesn't apply to any enterprises or webhosters, so they're mad.

Quoting from the ARIN Policy at http://www.arin.net/policy/nrpm.html :

6.5.1.1. Initial allocation criteria To qualify for an initial allocation of IPv6 address space, an organization must: a) be an LIR; b) not be an end site; c) plan to provide IPv6 connectivity to organizations to which it will assign /48s, by advertising that connectivity through its single aggregated address allocation; and d) be an existing, known ISP in the ARIN region or have a plan for making at least 200 /48 assignments to other organizations within five years.

Note: not an end site, and be a known ISP. That's the only way to get IPv6 addresses from ARIN right now....and that sucks.

this is just more blathering nonsense

Indeed it is. Since when is that limelight? Go away and don't come back until you get a clue.

>Be very careful what servers you allow your client to connect to; always doublecheck who owns them and their corresponding nameservers.

Care to tell how one can see who owns an IP?
(I just google for ip lookup, and the two services I picked gave different results)

>I imagine they see it as being more worthwhile to their cause to moniter these networks and sue users than shut them down and risk a more secure/anonymous service replacing them.

Milk the cow, but not to the point that you drain your market.

>If you do some lookups on the IPs and corresponding owners of some of the most popular eMule servers (Untouchable 2.0, for instance), you'll see that they're owned by anti-piracy firms. They are most likely logging and building evidence for further litigation by the RIAA.

Care to give a list of top-5 or top-10 eMule servers to avoid, please? =)
( we're not all as skilled or as unlazy as you assumed are :)

e.g. http://ws.arin.net/cgi-bin/whois.pl on Untouchables 2.0 / 72.51.37.237 gives me this info:

Peer 1 Network Inc. PEER1-BLK-08 (NET-72-51-0-0-1)
                                                                    72.51.0.0 - 72.51.63.255
ServerBeach PEER1-SERVERBEACH-06 (NET-72-51-32-0-1)
                                                                    72.51.32.0 - 72.51.47.255

# ARIN WHOIS database, last updated 2006-05-05 19:10

-----
or:
-----

http://remote.12dt.com/rns/lookup.php gives me this info

72.51.37.237 resolves to
"server10.oingo.com"
Top Level Domain: "oingo.com"
----

I'm not sure if this qualifies as IP-lookup for you, but it did not make me any wiser.

Thanks for your time.

googlable:

American Registry for Internet Numbers (ARIN) - Home Page
http://www.arin.net/

Look at this Wikipedia revision, creating an article on a 180 Solutions product. Look at the history tab, and you will note this revision was done by the IP address 206.169.156.2. The IP address corresponds with 180 SOLUTIONS HOOKED-2 when looked up in the American Registry for Internet Numbers.

The article was changed to give it a more neutral tone many times, but in all cases the IP address tried to revert to the original version. The article in its current form is located here, but with a sign that says that everything in this article but not be accurate, nor true. The IP address range for 180 Solutions is 206.169.156.0 - 206.169.156.255. See this American Registry for Internet Numbers entry for 180 Solution's physical address. The city can be confirmed by Wikipedia itself.

This was done in June 2005, around the same time the U.S. Congress staffers began editing Wikipedia, coincidentally. Again, using Wikipedia as a source, this company has less than 250 employees. Because this IP address came from the company, what are the odds that the editor created that article about that "instant messaging service" for love of the company alone? It reads like an advertisement.

They used Wikipedia to market their filth, and spyware company or not, that's something I'll always hold in contempt. (mod up)

Look at this Wikipedia revision, creating an article on a 180 Solutions product. Look at the history tab, and you will note this revision was done by the IP address 206.169.156.2. The IP address corresponds with 180 SOLUTIONS HOOKED-2 when looked up in the American Registry for Internet Numbers.

The article was changed to give it a more neutral tone many times, but in all cases the IP address tried to revert to the original version. The article in its current form is located here, but with a sign that says that everything in this article but not be accurate, nor true. The IP address range for 180 Solutions is 206.169.156.0 - 206.169.156.255. See this American Registry for Internet Numbers entry for 180 Solution's physical address. The city can be confirmed by Wikipedia itself.

This was done in June 2005, around the same time the U.S. Congress staffers began editing Wikipedia, coincidentally. Again, using Wikipedia as a source, this company has less than 250 employees. Because this IP address came from the company, what are the odds that the editor created that article about that "instant messaging service" for love of the company alone? It reads like an advertisement.

They used Wikipedia to market their filth, and spyware company or not, that's something I'll always hold in contempt. (mod up)

Organizations that are General Members in good standing prior to requesting an initial IPv6 allocation are not charged IPv6 registration fees. Annual renewal fees for IPv6 allocations are also waived for General Members in good standing. ARIN will continue to waive these fees as long as the organization remains a General Member in good standing at the time of renewal, up until Dec. 31, 2006.

So what you're telling me is that that you've elected to block all the registries that do the least amount of good? The vast majority of spam comes from within the US (ARIN) and is directed to English-speaking American consumers. As an avid (sometimes rabid) anti-spammer myself I'd rather implement an effective filtering solution than waste my time blacklisting those that spam the least, according to every single spam source study done in the last 8 years or so. BTW, you forgot AfriNIC (41/8).

I also agree. The CAN-SPAM Act is a joke. 50 court cases? Ha! We could have had 50,000 cases in the courts in the 2 years since the CAN-SPAM Act stripped away the individual's right to seek private action. A success my ass.

everytime there's a discussion about ipv6 i bring up this point, and i get people like you that didn't read the policy giving the exact same answer.

see http://www.arin.net/policy/nrpm.html section ipv6 6.5.1.1

To qualify for an initial allocation of IPv6 address space, an organization must:
a) be an LIR; --- most ISP aren't
b) not be an end site; --- large hosting company ? i'm sure they'll appreciate having to renumber
c) plan to provide IPv6 connectivity to organizations to which it will assign /48s, by advertising that connectivity through its single aggregated address allocation; and
d) be an existing, known ISP in the ARIN region or have a plan for making at least 200 /48 assignments to other organizations within five years. ---- yeah right, 200 /48 ? so that's what, 50-100k customers? depending on your business model

Does IPv6 have a equivalent function for NAT that is widely used now? Everyone is waving their hands saying it would be a good thing for eveyrone to use a "real" address on all equipment. But no one has discussed the processes that will be needed for an authority to pass out those addresses to ALL users.

It's called DHCP Prefix Delegation. I might as well explain how it works.

Right now the ISP is granted a block of addresses and they assign one of those to the end user. The end user setups a NAT firewall/router and puts all kinds of equipment behind it.

In the Glorious IPv6 Future, the ISP will have a huge block of addresses, and then the user will plug in a v6 home router/firewall, which will be assigned one "upstream" v6 address using stateless autoconfig or DHCP. Then the router will use DHCP-PD to request one or more subnets from the ISP, and will advertise those subnet(s) on its "downstream" interface(s).

And any good net admin knows that you ask for more than you currently need because things grow.

In IPv6 all subnets are the same size (/64) and since they never fill up, you need exactly one subnet per LAN.

So how fast is all that IPv6 addressing going to last with people asking for big chunks of addressing and companies asking for even larger portions?

The plan is for each person to get 2^16 subnets; there will still be plenty of space left over.

On top of that it is going to require a central organization (ICANN?) to pass out the address blocks. They are not going to do that for free.

There already is a central organization to manage IP addresses (IANA/ICANN), and they already charge fees. But the fees are pretty small.

So now the individual user that wants to setup an IPv6 network at home will have to pay an annual fee for his block of addresses.

A large ISP in North America would pay no more than $36,000/year for IP addresses. Divided by a few million customers, it comes out to about zero per customer per year.

And based on the previous message you would want to own your own block of addressing since in theory you can take it anywhere you want to go.

Sorry; end users aren't allowed to own IP addresses.

Much of the debate about the mechanics of how IPv6 gets rolled out takes place on the ARIN Public Policy Mailing List (PPML). If you're interested in deciding the future of how this stuff will work, that's the place to start.

GTA

GTA2

Whois info for the above IP, since I didn't recognize it myself. I'm not sure why they're hosted 'offsite'.

"Waiting For The Valerie Plame Wilson Grand Jury: The Big Question Is Whether Dick Cheney Was a Target"

"2 Brits nabbed with $3 trillion in fake US fed notes"

Robert

"Recently, certain peers have been disconnected from their direct connection to the Level 3 IP network. Some disconnected peers may elect to block access to certain IP addresses as a result of the disconnection. If a peer elects not to restore connectivity to the Level 3 network through alternative means, customers seeking continued access to the Level 3 network should make alternate arrangements."

They're saying Cogent is intentionally not advertising routes to them via other providers, presumably because they're upset about not having a peering agreement in place. Anyone affected by this presumably needs to harass Cogent.

http://ws.arin.net/whois?queryinput=AS174

interesting, vpn.google.com is owned by cogentco and those nameservers are owned by dslextreme

http://ws.arin.net/whois/?queryinput=66.28.250.23
http://ws.arin.net/whois/?queryinput=66.51.206.100

interesting, vpn.google.com is owned by cogentco and those nameservers are owned by dslextreme

http://ws.arin.net/whois/?queryinput=66.28.250.23
http://ws.arin.net/whois/?queryinput=66.51.206.100

Then it's masquerading as an American. http://ws.arin.net/whois/?queryinput=209.58.227.16 3 Must just be an error :-P

Lovely, now someone (other than you) can get into your home network, turn on your coffee pot, and stove, in hopes to creating a fire. They can also turn off your fridge so all the food spoils, and turn your AC on to it's coldest setting to run up your elec. bill. No fully automated/network enabled home for me.

What's up with the unallocated IPv4 IPs out there?
http://ws.arin.net/cgi-bin/whois.pl?queryinput=1.0 .0.0
http://ws.arin.net/cgi-bin/whois.pl?queryinput=2.0 .0.0

Lovely, now someone (other than you) can get into your home network, turn on your coffee pot, and stove, in hopes to creating a fire. They can also turn off your fridge so all the food spoils, and turn your AC on to it's coldest setting to run up your elec. bill. No fully automated/network enabled home for me.

What's up with the unallocated IPv4 IPs out there?
http://ws.arin.net/cgi-bin/whois.pl?queryinput=1.0 .0.0
http://ws.arin.net/cgi-bin/whois.pl?queryinput=2.0 .0.0

So, I doubt ISPs are ever going to issue smaller than /64s to residential customers; it's the easiest size to issue in terms of support. For now, ISPs are unlikely to issue less than /48s - see Making and Reporting Reassignments in the ARIN IPv6 guidelines. It's just easier to comply than to write document after document justifying smaller allocations.

I apologize, I thought I made it clear that I was masking some non-essential bits of information in the log examples. One of those bits was the IP address. I replaced it with localhost in the example. I didn't feel is necessary to put the real-world IP in the example.

As you and others have now pointed out, it could be that people were wget'ing the site for other reasons. However, that's not how it looked. All the requests that I saw were from the same IP and were all for the root / URL.

Unfortunately, I don't have all of the information. I agree that it would be nice to have more. I have what I have and now you have what I have, minus two lines of log file that are virtually the same as the three already shown.

There is still some doubt over whether the DoS attacks against Sys-Con actually existed or whether they were the result of 'The Slashdot Effect' for lack of a better term. I believe the DoS attacks did exist. I too was initially skeptical but based on e-mail correspondence I now believe them to have happened. In fact, from what I can tell the attacks were distributed, thus making this a DDoS.

Most block lists which use IPs are granular to the netblock level. That's not much help to you if you only have a few IPs, but if you have a block of 8 or more from your ISP you should probably do a WHOIS search at arin.net and make sure the block you were assigned shows up.

We got burned by our ISP when they didn't do that. We were blocked because our ISP (the local cable company) had us lumped in the same netblock as their entire home cable Internet user address space.

In that case, however, the maintainer of the block list was at least willing to unblock us when I could show him that reverse DNS returned hosts with our domain name.

Maybe the solution is to take away domain names. No more letters. Instead replace it with phone number type domains.

I suppose what you're looking for already exists

[sarcasm on]
I can see it now:
"So I was reading this article on 66.35.250.150, and it totally reminded be of this quote on 216.154.206.222..."

Yeah, that'd be so much more useful and easy.
[sarcasm off]

The server appears to be hosed. It looks like:

ourmedia.org resolves to 69.44.153.99.
69.44.153.99 is part of ServerBeach's netblock

I guess our only hope is that server isn't a shared one, taking down several other sites with it.

Start by blocking (or treating as spam) all email from addresses with "verizon" in them. Beyond that, try using ARIN http://www.arin.net/ and IP registry lists like this http://www.cert.mil/techtips/whois_by_ipaddr.htm to identify and block IP address ranges registered to Verizon.

Also, the source of these three test images is described as "I used my Nikon Coolpix 3MP digital camera to generate JPEG files..." However, the pictures are from Canada, the US, and Japan. It's not like he went out and took three random photos. While he doesn't mention the specific model used, the coolpix cameras appear to be your average consumer models, so the wording is quite suspect. As the total compression times are under a minute, why were only these three pictures chosen? Perhaps they compress better than average? Why can't we download the original .JPG files? There is no way to reproduce this test.

Lastly, the article consistently says 30%, but the average actual compression is 25.53333%. That's 17.5% bull puck.

So, the reviewer isn't objective, the picture sources are suspect, and the numbers are suspect. This sounds like a slashdot-sponsored spin machine to me.

If Stuffit really wanted to prove themselves, they'd put a link on their website to compress/decompress images and have it only work for a week or so. Then they could publicly demonstrate things without giving away an executable to be leaked.

Instead they give a full, working EXE to some guy who's home page is linked to only 83 times (most [all?] of which are junk/link farms). Don't believe everything you read. Especially not on the Internet, and especially not this junk.

<tinfoil hat>

As stated above, this website effectively has no google presence. How did it survive the slashdot effect with pictures? It appears to be hosted by Roger's Cable in Toronto. Who is paying (presumably) big bucks for bandwidth for an otherwise unremarkable site?

Why does he first describe "The test computer used", then go on to mention "Machine A" and "Machine B"? Also, why is a compression expert using such wimpy hardware? Some quick research on the author only shows how unremarkable it all is for such an important announcement.

Of course, you also have to wonder how Kris_J (apparently from Australia) found out about the story to post it to begin with, since it's so obscure. (No offence Kris_J, I'm just in ultra-skeptic mode here)

</tinfoil hat>