Slashdot Mirror

http://www.iana.org/assignments/port-numbers

There are only 2^16 ports available. So, basically this knocking technique boils down to choosing a 5/6/7/8 letter password over a 2^16 alphabet. (To be more precise, you can ignore the port numbers 0 to 1023 as part of the alphabet as they are 'reserved'). So, effectively, it boils down to 2^16 - 1024.

Somebody do the math, but it doesn't look to be that secure. Brute-forcing this would not take long.

According to this . It seems TiVo has registered an additional port:
tvnetworkvideo 3791/tcp TV NetworkVideo Data port
tvnetworkvideo 3791/udp TV NetworkVideo Data port
Kevin Brunner brunner@tivo.com July 2003

http://www.iana.org/root-whois/com.htm

The address in that whois is actually where the A root resides. Not a terribly big secret, even though the building is unmarked.

• Actually they ran out years ago...

Actually, the status of .su is debatable -- IANA froze the domain so that no new .su domains could be created, but it was reopened by .su administrators a few years later, even though IANA & ICANN didn't recognize it as an active TLD. .su still isn't listed on IANA's public list of ccTLDs, but it's listed the in whois.iana.org database because .su's administrators are too stubborn to give up. (The .su root servers are also .ru root servers, which makes them hard to ignore.)

Using the ccTLD of a "deleted nation" is kind of iffy. The ccTLDs are supposed to be based on ISO 3166-1, and the ISO is allowed to reassign old codes to new nations. If IANA let ccTLDs outlive their nations, they increase the chances of having two claims to one ccTLD. Sooner or later, somebody would get accused of ccTLD-squatting.

For the record, ccTLDs have been sucessfully dissolved before: .cs in 1995 and .zr in 2001. (Also, I'm told .dd was dissolved when the two Germanies unified, but I'm not sure .dd was ever active to begin with.)

If the end of Niue's independence led the ISO to drop nu from ISO 3166-1, IANA and ICANN probably would try to freeze or delete .nu, depending on how active it remained and who was willing to keep managing it.

Keep in mind, though, ISO 3166-1 doesn't require political independence for a region to have a geographic code, because it's still useful for "distant regions" to have their own codes for non-Internet purposes (like air travel and shipping). There are completely uninhabited islands that still have ISO codes! As long as people are living on Niue (and New Zealand doesn't ask for deletion), the ISO will probably leave nu on the list.

Actually, the status of .su is debatable -- IANA froze the domain so that no new .su domains could be created, but it was reopened by .su administrators a few years later, even though IANA & ICANN didn't recognize it as an active TLD. .su still isn't listed on IANA's public list of ccTLDs, but it's listed the in whois.iana.org database because .su's administrators are too stubborn to give up. (The .su root servers are also .ru root servers, which makes them hard to ignore.)

Using the ccTLD of a "deleted nation" is kind of iffy. The ccTLDs are supposed to be based on ISO 3166-1, and the ISO is allowed to reassign old codes to new nations. If IANA let ccTLDs outlive their nations, they increase the chances of having two claims to one ccTLD. Sooner or later, somebody would get accused of ccTLD-squatting.

For the record, ccTLDs have been sucessfully dissolved before: .cs in 1995 and .zr in 2001. (Also, I'm told .dd was dissolved when the two Germanies unified, but I'm not sure .dd was ever active to begin with.)

If the end of Niue's independence led the ISO to drop nu from ISO 3166-1, IANA and ICANN probably would try to freeze or delete .nu, depending on how active it remained and who was willing to keep managing it.

Keep in mind, though, ISO 3166-1 doesn't require political independence for a region to have a geographic code, because it's still useful for "distant regions" to have their own codes for non-Internet purposes (like air travel and shipping). There are completely uninhabited islands that still have ISO codes! As long as people are living on Niue (and New Zealand doesn't ask for deletion), the ISO will probably leave nu on the list.

http://www.iana.org/assignments/ipv4-address-space

It's just marked as "IANA - reserved." If they gave it up years ago and it still isn't helping, all they did was do a gesture. Are there any plans for it?

The IPv4 addresses are inefficiently distributed.

Yes, that is a fundamental part of the nature of distributing blocks of addresses. Giving people only the number of addresses they need now is impractical because they will need more later, and you want to minimize the number of blocks you give to one organization -- breaking things up into smaller blocks makes tables larger and routing slower. But how big a block do you give them? The temptation is to figure out how many organizations you expect to need blocks of addresses and give sizes based on that. That is, the only pressure you face in the short term is running out of addresses, so you give the largest sized blocks you can without running out of addresses. This is a good short term strategy but a terrible long term one. It's why MIT got 1/256th of the IP addresses in the world, and the same thing will happen at various levels even if you increase the size of the addresses. (But you've still got to do that, and there is still a clear benefit to doing that.)

Why not just add an extension to IPv4 if we really need these addresses ? I know it has a lot of flaws but hey, why change EVERYTHING ?

Because it's our one chance to fix the things that are broken with IPv4. And because switching to IPv4 with bigger addresses would be almost no easier than switching to IPv6. Yes, the software would be a little easier to write (if IPv6 weren't already done and tested). But, high-speed routers use hardware acceleration to inspect various portions of the packet very quickly, and the fact is that IPv4 packets aren't designed with this in mind. (IPv4 was invented before there was such a thing as a box called a router -- it was all done with general-purpose computers back then.) IPv6, on the other hand, is meant to be easy to route quickly. The packets have a cleaner layout (esp. when it comes to extension headers), and some of the routing has been simplified.

I bet we could use IPv4 for 20 more years. IPv6 is to complex, bulky and inefficient.

I studied it and the fact that MAC addresses are in it blows me away.

MAC addresses as part of the IPv6 are an optional part of the spec. You don't have to use that. In my opinion, it's just another illustration of the fact that address allocation is inherently inefficient when humans are involved. But, it's not so bad -- you have 128 bits to begin with, so when you subtract 48 bits for a MAC address, you still have 60 bits left over. That's still 28 bits more than we have now.

Still, I agree, the MAC idea is kind of dumb. It's a waste of good addresses. However, the great part about IPv6 is that a huge, huge, huge portion of the address space is unassigned. (See the list of assigned IPv6 ranges.) More than 3/4 of all IPv6 are reserved for future use. Only addresses beginning with 001 are currently assigned for use as normal (unicast) addresses. If we screw up and squander that address space, we can start all over with 010. And then 011. And then 100 and 101 and 110. Because those five ranges, which are each 1/8 of the address space, are reserved. So if the MAC thing doesn't pan out, we will still have at least 5 shots at doing better. And that's only if we use up three high order bits for each attempt to get the address allocation right. Hopefully, we would use up smaller chunks than that. IPv6 can give us a lot of breathing room.

IP version numbers Damn, this isn't lame, hope it isn't lame enough now.

".arpa" used to represent DARPA, but now it represents the Address and Routing Parameter Area, a backronym.

second, why should so much power dealing with the interent be given to a corporation, why not a common non-profit organization handle the .com and .net(and .org, .tv, .info even.... excluding individual contries' domains)?

gTLDs (Generic Top-Level Domains):

• com
• net
• museum

ccTLDsCountry-Code Top-Level Domains:

• ac
• cc
• cx
• mp
• nu
• ph
• pw
• sh
• tk
• tm
• ws

gTLDs (Generic Top-Level Domains):

• com
• net
• museum

ccTLDsCountry-Code Top-Level Domains:

• ac
• cc
• cx
• mp
• nu
• ph
• pw
• sh
• tk
• tm
• ws

160 is for SGMP-TRAPS
443 is HTTP over TLS/SSL.

But what are some of the others?

IANA Port Assignments

SSL is actually 443.

Complete List.

POP3, SMTP, LDAP, Telnet, Quake3, etc would be others that people might value.

The IANA of course delegate the right to distribute IP address blocks to the RIRs(RFC 2050), who in turn do so to the ISPs. Thus any other search engine can prepare a spider-generated (or otherwise) list of results. For Google to remove a few links from their results does not in anyway change the reality that the IP addresses continue to exist and therefore potentially contravene the DMCA(not that I agree with this in the first place). the IANA, RIRs and ISPs therefore potentially contravene the DMCA - why then would Google take the step of removing links from their results? I'm sure Google has some kind of disclaimer relating to URLs people visit from their results - you can visit more gross sites than kazaalite!

Full Disclosure: I deployed some CRM software for Google in 2000

. . . rumors from unnamed sources on the Hill are that the only MP3 file that will be able to be shared within the U.S. and its possesions without fear of prosecution by the Department of Homeland Security will be Horst Wessel Lied.

This whole FUD thing over an IPv4 crisis is unwarranted. A quick check of the IANA website shows that there are dozens of unallocated, IANA reserved A class of IP addresses remaining. We will not run out anything soon, and should be good for another 15 to 20 years. Plus, IPv6 has serious privacy implications that can trace every packet (essentially, every footprint) back to you. Until those privacy concerns are addressed and that Internet tracking mechanism is removed, we're fine with IPv4.

Slashdot needs to quit approving these scare stories. And that's all I have to say about that. Thanks.

Doug

This whole FUD thing over an IPv4 crisis is unwarranted. A quick check of the IANA website shows that there are dozens of unallocated, IANA reserved A class of IP addresses remaining. We will not run out anything soon, and should be good for another 15 to 20 years. Plus, IPv6 has serious privacy implications that can trace every packet (essentially, every footprint) back to you. Until those privacy concerns are addressed and that Internet tracking mechanism is removed, we're fine with IPv4.

Slashdot needs to quit approving these scare stories. And that's all I have to say about that. Thanks.

Doug

I wonder how much of the actual IPv4 address space is actually used? There is a tremendous amount of wasted space in the current IPv4 allocation Check out this and look at class A assignments. Intelligent allocation and renumbering along with NAT could put off this "crisis" for another 20 years I bet. But as long as you have to renumber, you might as well just switch to IPv6 anyway.

What I suspect is happening is that IANA have basically stopped giving out addresses (or are doing so at a very slow rate), not because there is any immediate risk of running out, but because giving out addresses would give the impression that IPv6 will not actually be needed. The more IPv4 addresses that are issued, the more network infrastructure depends explicitly on IPv4, the harder it is to change it later.

In reality, the 'crisis' of actually running out of IP addresses is completely fictitous. Even when the last IPv4 host on the net is finally turned off, IANA will probably still have millions of IPv4 addresses that were never assigned. But that doesn't change the underlying problem, that NAT is a poorly functioning hack and no matter what other hacks are layered on top, IPv4 just isn't good enough to use as the primary communications protocol for the whole of humanity. There is a good reason for that: the designers of IPv4 thankfully wern't arrogant enough to even begin to assume that the net would become as ubiquitous as it has.

...that IANA decided to hold onto 80 or so class A's. I doubt they could even allocate all that space by 2005.

Dont believe me? get it straight from the horses mouth

Perhaps if the organizations bemoaning the lack of IP space stopped hogging so much of it there wouldn't be such a shortage.

http://www.iana.org/assignments/ipv4-address-space Lists a bit more then just those 3 blocks..

And that brings me to the point of this column: While we may be emotionally distancing ourselves from the world, the world is getting more integrated. That means that what people think of us, as Americans, will matter more, not less. Because people outside America will be able to build alliances more efficiently in the world we are entering and they will be able to reach out and touch us -- whether with computer viruses or anthrax recipes downloaded from the Internet -- more than ever.

The point is more fear and paranoiac fantasies as only Thomas Friedman can spin, with an evil-doer under every rock, a terrorist behind every tree and, now, a rabid, sweaty-toothed madman coming to get us behind every keyboard.

From his lofty perch high atop the NY Times, Friedman has seen a career revival thanks to 9/11, winning a Pulitzer for his turgid writing about the event and its effects. When Friedman gets basic facts just plain wrong, it makes you wonder how much else he gets wrong, or otherwise intentionally distorts or misrepresents just so he can make everyone see the world through his lens where terrorists will get all of us.

Examples?

VeriSign, which operates much of the Internet's infrastructure...

and

A domain request is anytime anyone types in .com or .net

Really? The last time I checked VeriSign was only responsible for maintaining the .com and .net registries, as well as most SSL certificate services. There are 243 country code top-level domains, plus the .org TLD, not just .com and .net. The way Friedman makes it sound it's as if there's nothing else out there, and I'm not sure which is worse: that he was too lazy or too apathetic to talk to anyone other than VeriSign to get a basic understanding of the Internet to accurately write about it for his many non-technical readers.

These are basic facts and are simple to check. Any journalism student can do this so why doesn't Friedman?

Given his penchant for hyperbole in overstating the negative consequences of everything and minimizing the positives, it's no surprise that Friedman has completely missed the fact that the same technologies he fears are just as capable of opening up communications. He says that while the world is growing more integrated and what the world thinks about the USA will matter more, the USA is becoming ideologically isolationist and it doesn't need to heed what the rest of the world tells it. Proliferation of the Internet facilitates the free exchange of ideas that can result in better understanding and relations with the rest of the world, which Friedman apparently believes is full of nothing but some sort of irrational monolithic hatred.

When Friedman takes such a reductionist view of the world that amounts to Us vs. Them, is it any wonder that all Friedman can see are terrorists, terrorists everywhere and not a refuge in sight.

When the only tool you have is a hammer the whole world looks like a nail.

Port 224? I don't recall any article mentioning port numbers, other than the program trying services not available. As for what those ports are used for, God and the IANA knows, like here (Of course, since there are no assigned l33t haxor ports, they tend to use whatever they want to.)

Here is some history from the IANA

Indeed. How long until Sealand gets its own TLD? I can't think what it would be, though; according to this page, .se, .sa, .sl, .sn, and .sd are all taken.

all the country codes + org, net etc

http://www.iana.org/cctld/cctld-whois.htm

Wait wait wait, "officially"? Isn't the .la TLD still officially assigned to Laos, and they've just cut a deal with some company to promote it as a Los Angeles TLD, just like the TLDs of Western Samoa, Tuvalu and Belize are promoted as "Web Site", "Television" and "Business" respectively? Does the City of Los Angeles even know about this?

Seriously, this isn't worthy of a news article. It's just a country trying to make money and a company trying to make more money by trying to trick people into believing that anyone cares. If ICANN had assigned a TLD to a city, THAT would be news.

text/xml != text/plain

Regular expressions are not optimal for parsing most of the other forms of text. As XML eclipses plaintext as the most frequent MIME-type of online documents, Perl, with it's close integration of regular expressions, will no longer be the best of all possible duct tapes.

The real problem is home access - as Hugh Daniel puts it, If you're a NAT on the Net, you're NOT on the Net." In particular, you're dependent on your ISP's firewalls for email, web, and general IP access to the real world, and greatly restricted in your ability to provide information services, especially anything your ISP isn't technically competent at, and you're subject to any filtering or censorship your ISP might do. The canonical example is the "Great Firewall Of China", which
tries to prevent Chinese residents from seeing anything about Falun Gong or other forms of thoughtcrime.

It's true that Asia's APNIC got a lot less of the address space than the US did, and they may need some more before the Great IPv6 Renumbering happens. According to IANA's List of IPv4 Address Space Assignments, more than half the Class A space is unused (either never assigned or returned by public-spirited organizations that are using newer technology such as CIDR.) Class B is probably the tightest, though supernets of Class C space took off lots of the pressure. IANA is hoarding the Class A space, and maybe this will push us toward IPv6 a bit faster.

ICANN was actively discouraging IPv6 use a couple of years ago (I haven't checked up on their evil plans lately...) Their method was to declare that they were going to charge $2500 for a /48, which is the smallest generally-allocated block of IPv6 space available - so if you wanted to own your own space, it was going to cost you. I suspect part of the reason was because they wanted the money, of course, and part of it was because they didn't want to lose control over a major chokepoint of the net, but also there's the more legitimate issue that deciding the right way to restructure routing for the future shape of the internet is going to be pretty difficult, and they'd rather delay the existence of working code in order to get rough consensus first.

roughly 30 percent of the available ipv4 space has not been allocated to anyone yet. every now and then, iana allocates a /8 block to apnic. so even if apnic is running out of space in the currently assigned addresses, there is still quite a lot of space available that could be allocated to them.

003/8 May 94 General Electric Company
004/8 Dec 92 Bolt Beranek and Newman Inc.
005/8 Jul 95 IANA - Reserved
006/8 Feb 94 Army Information Systems Center
007/8 Apr 95 IANA - Reserved
008/8 Dec 92 Bolt Beranek and Newman Inc.
009/8 Aug 92 IBM
010/8 Jun 95 IANA - Private Use See [RFC1918]
011/8 May 93 DoD Intel Information Systems
012/8 Jun 95 AT&T Bell Laboratories
013/8 Sep 91 Xerox Corporation
014/8 Jun 91 IANA - Public Data Network
015/8 Jul 94 Hewlett-Packard Company
016/8 Nov 94 Digital Equipment Corporation
017/8 Jul 92 Apple Computer Inc.
018/8 Jan 94 MIT
019/8 May 95 Ford Motor Company

Protocols within TCP/IP are assigned numbers as well. See this list of IPv4 protocol numbers for more info. TCP packets are tagged as IP protocol 6, UDP are protocol 17, ICMP are protocol 1, etc. They are all ethernet protocol 0800, however.

Clear as mud?

Protocols within TCP/IP are assigned numbers as well. See this list of IPv4 protocol numbers for more info. TCP packets are tagged as IP protocol 6, UDP are protocol 17, ICMP are protocol 1, etc. They are all ethernet protocol 0800, however.

Clear as mud?

Typing URLs on a GBA will be interesting, what with the two buttons. It might almost work if you live in Bosnia or Barbados.

Typing URLs on a GBA will be interesting, what with the two buttons. It might almost work if you live in Bosnia or Barbados.

In today's business climate, we can't imagine migrating without a financial incentive to do so.

Well this company refuses to spend out any money to investigate ipv6. Yes there is an IP shortage. And do you know what causes it? Primarily IANA who are holding about 1/3rd of the total IPV4 address space in reserve.

dont believe me? check this.

You're about 10 years too late for that. Guess who has 17.*.*.*

017/8 Jul 92 Apple Computer Inc.
018/8 Jan 94 MIT

Plenty of other interesting class A owners there too:

034/8 Mar 93 Halliburton Company
044/8 Jul 92 Amateur Radio Digital Communications
051/8 Aug 94 Deparment of Social Security of UK

Exactly. Here are a few of the class A's that I don't see valid reason for the holder of them to have a block of such size:

019/8 Ford Motor Company (a car company)

040/8 Eli Lily and Company (a drug company)

048/8 Prudential Securities Inc. (an insurance company)

051/8 Deparment of Social Security of UK (a government department in a relatively small country that has a ridiculously unproportional share)

056/8 U.S. Postal Service (the opposite of email)

There are a handful more which you can see here: http://www.iana.org/assignments/ipv4-address-space

The fact that these companies are cyber-squatting on more than they could resonably need torques me off to the point that, if I run out of unroutables (10/8, 192.168/16, etc) for my intranetworking, I'm going to lay claim to a block or two of those class A's for my intranet and firewall them [existing squatters] off to the outside.

I think before CITRI plants their flag in Baghdad, they might want to consider the fact that somebody already owns the .iq root server.

From linked page:

Sponsoring Organization:

Alani Corp.
c/o InfoCom
630 International Parkway
Richardson, Texas 75081
United States

I'll pass up expected comment about Texans owning a chunk of Iraq... </troll>

Did something new happen in the ME/XP/2k versions of windows? I don't use those, but on my win98 and winNT boxes the netbios ports are 137,138, and 139. Did Microsoft kerberize these services or something?

In /etc/services on all my *nix boxen port 445 is undefined, but IANA says Microsoft does indeed own 445. My samba boxes and NT servers don't show the port live with nmap, though.

The smoothwall firewall SSL admininstration application runs on 445. That's the only thing I know of offhand that uses it.....

On usenet, there's too many propigation problems anyways. Many of us miss posts done by ISP's within 10-15 class A netblocks.

Here's the current allocation of class A ipv4 address blocks. Note that only two organizations have more than 10 class A addresses. These are ARIN and APNIC, which are registries that do IP address space assignment.

Hell, they KEPT DOCUMENTS FROM THEIR OWN PRESIDENT, and he eventually quit.

Karl Auerbach was elected to the Board of Directors (At-Large Representative for Canada and the United States), he was not the president.

Karl did win his case with support from the EFF.

Stuart Lynn is President and CEO of ICANN. He is the one that is attempting to control ICANN through both day-to-day operations as President, and the Board as CEO. Stuart seems very intent in increases his power, and his domain of power, the role and responsibilities of ICANN.

I am miffed that IANA was assigned by the US Dept. of Commerce to ICANN, and not the Internet Society / Internet Engineering Taskforce (IETF)

Running the ssl servers on different ports is not really a solution for any kind of professional hosting company, clients dont want to use https://theirdomain.com:port. They will just go somewhere else that they can use the normal domain name with https://. Most site visitors have a hard enough time remembering the domain name, let alone a port number aswell.

As for the IPV4 shortage, have a look at this. Who currently holds the most class A's? Why that would be IANA who have over 80 (by my quick count) of the things held in reserve. Now I can understand them holding onto the LAN allocations, multicast and things like 127.* but why the fuck do they hold 80 class A's and complain about address shortages.

As someone who has been through the trauma of applying for IP space (in europe) and being turned down, which makes it kinda hard to run an ISP, this pisses me off beyond belief. Please someone tell me I'm being stupid and there is some logical reason why they hold nearly a THIRD of the ipv4 space, be it that all those addresses are non-routable or whatever, because I just don't get it. Also explain how there can be an address shortage when there are 80 class A's that we could use sat there.

I'm going after the admin of the Iraq (.iq) TLD!. No, wait.

International organisations

.iq is the country domain for Iraq. See the official list.

The Spiegel Almanach entry for Iraq has Al-Jumhuriya al-Iraqiya as the country's offical name (in Arab, I guess). So .iq seems to be a good choice.