Slashdot Mirror
Millions of Internet Addresses Are Lying Idle
An anonymous reader writes "The most comprehensive scan of the entire internet for several decades shows that millions of allocated addresses simply aren't being used. Professor John Heidemann from the University of Southern California (USC) used ICMP and TCP to scan the internet. Even though the last IPv4 addresses will be handed out in a couple of years, his survey reveals that many of the addresses allocated to big companies and institutions are lying idle. Heidemann says: 'People are very concerned that the IPv4 address space is very close to being exhausted. Our data suggests that maybe there are better things we should be doing in managing the IPv4 address space.' So, is it time to reclaim those unused addresses before the IPv6 crunch?"
lets just switch to IPv6, it's more functional and future proof
This is curiously similar to the current credit crunch. When a fix is not guaranteed to happen soon, people start hoarding.
Perhaps some of the institutions that still have class A networks reserved from the old days, with no reasonable need for them, should give them back.
UNIX/Linux Consulting
you can give one of these poor unwanted IP's a home.
"I bless every day that I continue to live, for every day is pure profit."
Maybe these addresses are simply leftovers from before people started to make wide use of NAT, which cut down a whole lot on the # of addresses in circulation
Sounds like Detroit or East Saint Louis.
Free Martian Whores!
Would giving them back do anything other than encourage network providers to procrastinate on IPv6 for another couple years?
If the big fortune 100 companies would dump their IP blocks that they don't use more then 10% of the whole sensationalist scare of "OH MY GOD WE'RE RUNNING OUT OF ADDRESSES" wouldn't even be relevant.
/8 subnet... unless they have everything open to the internet, which is moronic.
Also, to quote someone from the last three articles related to IPv4 running out, it seems like one of these articles shows up on the main page at least once per month and nothing has changed.
I don't see why any company, even in the expandable future, would use every address in a
Posts not to be taken literally. Almost everything is sarcasm.
ICMP _and_ TCP. That's really high-tech.
People setting up networks aren't trying to use every single address in their space.
It's far easier to use an entire a.b.c.* as a logical sub-domain than fiddling with netmasks and all that stuff so that a.b.c.1 and a.b.c.200 are on different subnets.
The amount of work people would need to invest to use every single IP address with no holes would be cumbersome. (I'm not saying you can't do it, it's just tedious.) And, you never know when you're going to need to allocate more machines -- I remember getting blocks of IP addresses for static machines in case I needed another machine in the future.
Now, why most people aren't using 10.*.*.* as their internal stuff I'll never know. Since the overwhelming majority of machines on the internet aren't (and shouldn't) be directly routable, it's an awful waste to not have organizations behind NAT-ed firewalls and not drawing from the common pool of route-able IP addresses.
Cheers
Lost at C:>. Found at C.
We get this all the time from our ISP's. "Our scans reveal that you're not using much of the space we've allocated to you." In reality, those IP's are behind firewalls that only permit certain customers to reach them. Otherwise they don't respond - even to pings. The IP's appear dead to everyone except authorized users, and our ISP's aren't authorized.
I'm sure the headline just means that they are actually in use, falsifying their idleness.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
I, for one, question the reliability of this data since the machines that are occupying those addresses are probably firewalled.
In the oil-business (and in many other fixed-resource industries, more then likely) there is a particular kind of legislation that would likely work very well in such a situation. It is known as 'fallow field legislation'.
It works like this:
If a company finds (or buys) rights to an oil field, they are given five years to start producing from it. If they do not, cannot, or are otherwise unwilling after those 5 years, the rights are revoked and the government (or governing body) will find someone who will and can.
Fast forward to IPv4 -- any address that isn't being used (and by used I mean that there is no web presence, to use of e-mail, etc.) after a certain time period (perhaps 1-2 year(s)) then the address is revoked and put back into the public pool.
Obviously, the easiest way to get around this little regulation would be to put up a place holder page, or redirect it to the main site. This would be much trickier. Likewise, it would not stop the name squatters (and increasingly the registrars) from putting up those SPAM pages, but like I said, it would fix the problem of people just sitting on a resource without using it.
My $0.02
I have 2 class C ranges, and if he scanned mine he would have only got a handful of ICMP replys. I intentionally block ICMP on the majority of my IP's because it's nobody's business if I have anything on it.
I'm willing to bet that I'm not the only one blocking ICMP! Not by a LONG SHOT!
I drop ICMP entirely, and besides our website and mailservers, we don't have any standard tcp ports open on any of our other external IPs. I really can't imagine it's that much different for other medium and large businesses; am I to believe they nmapped the entire Internet? (It's clear FTA that they did not) To me, these findings are not that surprising in the security-oriented world we live in today.
Oh dear, I think you should lie down and think about that a bit harder.
No, it shouldnt. Lay is when you're doing it to something else. "I lie down." "I lay down my arms."
Or yes if you want to watch sysadmins scramble to save the day in the final hour.
Hmm, wait thats how we solve all tasks that donÂt generate imediate revenue.
What happens to the IP addresses allocated to companies that are now (a) bankrupt, or (b) bought out by larger companies, or (c) allocated to companies now significantly smaller in size? There must be a significant pool of addresses that could be reclaimed there.
e.g. dec.com, compaq.com, sco.com, sgi.com....
Raise prices.
Raising the price of an IP address increases the incentive to not to waste the IP address.
Ceci n'est pas une signature.
How long did it take for the world to believe that the moon was a hunk of desolate rock as opposed to a god or made out of cheese? World perception is important and there's a lot of people who understand the IPv4 is running out. Not needed or advised to try and slow down adoption by yelling "wait wait wait we can still cheat to tread water longer" when the ocean is getting bigger by the day.*
Often wrong but never in doubt.
I am Jack9.
Everyone knows me.
What about firewalls set to drop this traffic from unknown sources instead of rejecting?
In addition to all those lying idle because of excessive address space allocation, there are huge swaths of space which have been hijacked. Recent discussion on the NANOG list has highlighted some of these; the Spamhaus DROP list features others. And other researchers have found still more that are obviously no longer under the control of their putative owners, and are being use for spam, spyware, phishing, and worse. Attempts to get network operators, registrars, ICANN, ARIN, and others to effectively disable these resources -- and eventually to reclaim them -- have been largely unsuccessful. Yes, in some isolated cases, limited action eventualy takes place, but it's far too little far too late to be considered anything close to "effective". We need a concerted, worldwide effort to not only reclaim this space, but to blacklist for life those found currently possessing that -- because (as we've seen repeatedly) they won't be deterred by anything else.
Last I checked, MIT had all of 18.*.*.*...
http://www.grammarmudge.cityslide.com/articles/article/992333/8992.htm
http://www.askoxford.com/betterwriting/classicerrors/grammartips/lyingandlaying
If you are in the process of putting something down, you are laying it down, but that object once it is there, it is lying. The verb lay has a direct object that the action is performed on. He is laying the book credenza. She is laying her purse on the counter. Once it has been laid, it is now lying. The book is lying on the credenza. The purse is lying on the counter. IP addresses are lying unused.
http://en.wikipedia.org/wiki/Laying
I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
I just setup redundant internet connectivity, and needed to get a class C address space, even though I only use a dozen or so addresses. I guess this is to limit the size of routing tables. Seems like a waste.
The general problem with being a Grammar Nazi is that you had better be sure you're right. (And you're not.)
No, "lying" is correct.
Lay has an object. Lie does not.
You lay bricks, but you lie on your couch.
There is an interactive map on their site that allows you to zoom into the IP space pretty nicely. Our uni has a B range of addresses and we use only two Cs of that right now. When we split off from the main building and got onto city fiber, they decided that, rather than give us a private IP range like the other campuses, we would be allocated one of the C ranges.
Of course, no one knew what they were doing so getting the ASA and default routes set-up properly was a nightmare, but hey, we're using more of our IP space now! (sarcasm intended)
"This food is problematic."
From the article:
The USC research group used the most innocuous type of network packet to probe the farthest reaches of the Internet. Known as the Internet Control Message Protocol, or ICMP, this packet is typically used to send error messages between servers and other network hardware.
My home network is in complete stealth mode, and to them that's another "idle IP" address.
I also love how they arrived to their conclusion:
the team probed a million random Internet addresses using both ICMP and TCP, finding a total of 54,297 active hosts ... ...
In total, the researchers estimate that there are 112 million responsive addresses
but the overall conclusion--that the Internet has room to grow--is spot on
How did this ghetto-science experiment end up on Slashdot again?
If you can't mod them join them.
the IT hysteria of the early century. just as juicy a media hit as the Y2K panic and fear from last century, but not as much consulting opportunities
personally i'm waiting for 2012, when the elder gods of the mayan calendar awaken and in their rage at not being greeted by chocolate, peppers, and virgins, they reroute all null pointers in all code to the apocalypse. plenty of IT hysteria, plenty of consulting opportunities
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I had always heard similar. In the early days, lots of people where given A subnets on the assumption "We'll never need all those addresses so take a whole block!", so now large parts of Class A's are being unused, but the logistics of sorting all that out would be a pain
How could an IP address be laying? How does an IP address lay anything? Do they lay bricks? Are they hoping to GET layed? Did one of these lying addresses lay you upside the head?
If you're going to wax pedantic, first try being right.
Knowledge is like ignorance.. too much can be just as bad as not enough.
it's the size and complexity of the non-default routing table. The principle reason to switch to IPv6 is that it gives us the opportunity to throw away the old legacy routing table and insist on sticking with hierarchical address allocation to keep the routing table small.
Informative? No. Wrong, actually.
"To Lay" is an transitive verb. You lay down arms, lay down the law, lay that cute blond from accounting.
"To lie", in the sense of adopting a prone or supine position, is an intransitive verb. You lie down and put your hands behind your head, or lie under said cute blond.
and like all grammar corrections (I don't think it was a flame), mine contains one of its own. It should be "is a transitive verb."
I used to work at a university that had several thousand workstations in the campus. Each one is required to have a public IP address. It was nice to remote desktop in, but very wasteful.
Here's an idea.. Why not just slap another octet to the end of IPv4?? I think I am capable of remembering 3 lousy numbers rather than eight groups of four hexadecimal digits.
See http://www.iana.org/assignments/ipv4-address-space/
019/8 Ford Motor Company 1995-05 LEGACY
marvin@tribble:~$ host www.ford.com
www.ford.com is an alias for
www.ford.com.edgesuite.net.
www.ford.com.edgesuite.net is an alias for a1200.g.akamai.net.
a1200.g.akamai.net has address 96.17.109.74
a1200.g.akamai.net has address 96.17.109.18
013/8 Xerox Corporation 1991-09 LEGACY
marvin@tribble:~$ host www.xerox.com
www.xerox.com is an alias for www.xerox.com.edgekey.net.
www.xerox.com.edgekey.net is an alias for
e82.c.akamaiedge.net.
e82.c.akamaiedge.net has address 72.246.128.108
009/8 IBM 1992-08 LEGACY
marvin@tribble:~$ host www.ibm.com
www.ibm.com is an alias for www.ibm.com.cs186.net.
www.ibm.com.cs186.net has address 129.42.58.216
003/8 General Electric Company 1994-05 LEGACY
marvin@tribble:~$ host www.ge.com
www.ge.com has address 192.131.227.156
048/8 Prudential Securities Inc. 1995-05 LEGACY
marvin@tribble:~$ host www.prudential.com
www.prudential.com is an alias for web.prudential.com.
web.prudential.com has address 12.34.100.148
Apple (17) and HP (15) have their public website within their allocation. Eli Lil(l)y (40) appears also has their public website within their allocation, but I have a hard time believing that they could ever need that many public IP addresses.
So there... I just found an extra quarter million addresses. (5 x 2^16) Y'all can pay me by giving me my own /24.
The whores get mad when the sluts give it away for free.
... or /24 if you prefer
I only use about 15 of the possible 253 ip addresses - the rest is wasted - I used to need them way back when there was no web multihoming though.
This would make a good poll:
Q: What percentage of your allotted IP space do you actually use?
The most comprehensive scan of the entire internet for several decades
As opposed to the great Internet scans of the 30s?
Just because addresses are lying idle doesn't mean we don't have a problem coming up. There is no sane way to use these idle addresses without having the large networks (read: owners of /8s) renumber their networks in such a way that they can be sanely subnetted and routed somewhere else.
/22. They may not be using more than half of their actual addresses, yet they may have assigned and be currently using every possible /24 in their allocation. Even if they are only using some of the addresses in a /24, it makes sense so that they can add machines to a subnet in the future without having to renumber everything to make certain subnets larger when they could/should have been that way from the start.
Say a company has a
That last sentence pretty much describes what would have to be done to make use of these "idle" addresses. Renumbering everything to make these addresses available in routable subnets doesn't solve anything, it just shifts the problem onto the network owners who would have to give up theses addresses now, as they'll find themselves running out of address space at some point.
Then again, we could just move the whole world to one flat address space where any address can be used anywhere... (kidding).
The fact that there is an end of site and a "finite" number of addresses means that IPv6 adoption is important and is going to happen. Keep in mind that this article also completely ignores the fact that NAT is hiding millions of computers that otherwise would have needed publicly-routable IPv4 addresses. With IPv6, this hack of a solution isn't needed anymore.
We outgrew IPv4 a while ago, we just haven't hit the absolute limit of what we can do with it because of aids like NAT and hopefully we'll never have our backs up against that wall.
and you can have them when you pry them from my cold, dead fingers. I would never be able to get them today, but way back in the early nineties they just gave them away. I had ten sites and wanted to start a Frame Relay network, so 'they' gave me a Class C for every site and one to knit them together. A couple of my sites had less than a dozen computers. Of course, these days even the copy machines have an IP address, so those sites are up around two dozen or so. One of them is doubling in space, so we'll be up to fifty or so. One of our sites closed, so that freed up an entire Class C, but our largest site is pushing the limits, so we moved the empty Class C to the large site. The numbers are scattered all over the place. .1 is always the router. Of course, the hubs have their own IP address. Public access stations started at .100 to be easily recognizable, but then the staff machines got up to .99 so we had to hop scotch over the public numbers and keep going with .200. The numbers are static because it's easy to track, and when we first started it seemed a reasonable path to take.
Could we do this differently. OF COURSE!! There are lots of ways to free up a ton of space. Please don't lecture me on how to do it. I know how to do it. It's just that the system is working now. The system just kinda grew on us. When we started we had no idea copy machines would have IP addresses. Even the damn VoIP phones have IP addresses! That was a big hit on our numbers. Are refrigerators next? We had no idea we'd have fifty servers instead of three or four. Life has changed and because we are realtively 'wealthy' in terns of addresses, we had the flexibility to change with it.
I look at our Class C's kinda like a fixed field database. There's a lot of air in there. It compresses really nicely if you need to, but disk space is cheap, so there's no real reason to conserve it.
The thing is, even though we have a bunch of empty addresses, our experience shows that we're going to grow into them. We've already encountered congestion a couple of places. As soon as those new fridges show up we'll need some more numbers. My guess is before too long we're going to have to do some subnetting and consolidate a couple of our small sites into one Class C to free up the other one to use in a large site. That should work fine. I don't see any problems pulling that off. Of course, if we build another big site, we'll have to think through what to do very carefully. e'll probably do the new site like y'all want us to. We may not have any choice.
But those Class C's are mine. I own them, and you can't have them back.
How about a moderation of -1 pedantic.
'cos I'm sure they aren't being used!
But my refrigerator, it needs, nay, craves an IP address, so it automatically orders my eggs and ravioli and orange creme soda, and orangutans, and breakfast cereals.....
You never expect irony, do you?
Want to be a professional wrestler? Visit www.iyfwrestling.com
@iyfwrestling
Does anyone really believe that IBM has 16 million globally-addressable systems? Hell, no. IBM, like any sensible company, has a good firewalls. Likewise AT&T, the USDOD, etc.
At a rough guess, more than half of the IPv4 address space is unreachable and doing absolutely no good for the assigned owners.
Lacking <sarcasm> tags,
I have a Class-B, totally unused for 8 years,
for sale to the highest bidder,
lowest offer I'll take is $500k, cash only, sorry
yes, I really do own a totally unused class-B
This story rings true. I worked for a company during the dot-com boom and just after which requested an allocation from RIPE (the European equivalent of ARIN). I was the designated & trained "LIR" (I think that was the term?).
We received 8,192 IP addresses. We actually had them authorized to us in blocks of 256 addresses, and each time we needed another 256 we had to go back to RIPE and justify the expansion. However it is my understanding that the full 8,192 addresses were reserved for us.
We ended up using 3 x 256 addresses, but after a later downturn in the fortunes of the company, even many of those went unused.
I left the company many many years ago. However I notice the company that acquired it is still using those 3 x 256 addresses, and the original 8,192 are still reserved at RIPE. The IP addresses are even registered to the name of a director who was ousted when the company was taken over, at a street address that the company hasn't occupied for many years.
Rich.
libguestfs - tools for accessing and modifying virtual machine disk images
Wrong. Lay/laying is a transitive verb, i.e., "lay down arms".
Lie/lying has multiple meanings, including:
5. to speak falsely or utter untruth knowingly, as with intent to deceive.
3. to be or remain in a position or state of inactivity, subjection, restraint, concealment, etc.: to lie in ambush.
http://dictionary.reference.com/browse/lie
lets just switch to IPv6, it's more functional and future proof
Yup and it is probably much simpler. Trying to reclaim addresses involves political issues, finding out who to talk to, bureaucracy and some technical issues. Switching to IPv6 is about technical stuff and just getting going. You are going to have to switch to IPv6 at some point, so why spend energy twice?
Jumpstart the tartan drive.
I work for one of those companies. You try telling the 4th largest company in the WORLD that allocating an entire public /8 (that they paid for) on their internal network (and not using it externally) is bad juju and that they need to allocate money to readdress their entire global business and see how far that goes.
Let's see, I can not spend any money and keep my existing setup or I float additional expense in this economey in order to make some geeks on the internet happy. Hmmmm.....
Granted, it may be cheaper, in the short term, to use NAT than to upgrade to ipv6.
But imagine if no one was using NAT anywhere. This would have two effects:
First, techniques like Skype's UDP hole-punching would be completely unnecessary. You wouldn't even need a central server -- you could just use protocols like SIP the way they were meant to be used.
Port forwarding would be a thing of the past. Far more peer-to-peer technologies would just work.
Second, we'd run out of IPv4 a lot faster.
Don't thank God, thank a doctor!
It's best, however, when you are laying someone else -- as in "I'm laying your girlfriend." "I got laid by your wife."
Once it has been laid, it is now lying.
So in other words, there are no Slashdot users that are lying. If they say they are lying, then they are lying.
I believe many people get confused because the past tense of "lie" is "lay".
Comment removed based on user account deletion
I work for one of those companies with a Class A address and we hand them out like candy internally. One of my previous jobs was doing network equipment support so my cube had a big 'ol stack of routers and switches that did nothing but talk to each other. Instead of me having to go through obtaining a new address every time I needed to add a new piece of equipment or test something, the powers-that-be just assigned me my own Class C.
Ah, the joys of more IP's than we knew what to do with...
The likelihood of any of those places giving up addresses (at least without some form of compensation) is probably pretty low.
SirWired
I don't get it ... I thought everyone was sharing 127.0.0.1 ?
This whole discussion is a waste of time. You aren't going to get any of these address blocks without an expensive and prolonged fight. Wasting valuable resources that could be used to advance a real solution, IPV6.
Even if you "liberated" all of these address blocks, they would be quickly consumed by the natural growth of the Internet.
NAT is not a solution, it is a malignant blight that must be destroyed. If you want a firewall, get a real firewall.
Mea navis aericumbens anguillis abundat
TFA is moronic. Why? Here's an analogy: you're a librarian at a big university library. You notice there's lots of gaps and empty space on the shelves, so you "condense" things by packing all the books up with no gaps. Hooray, now they all fit in two rooms and you've got a whole room full of empty shelves!
The next day in the mail, a new shipment of 200 new books arrives. You suddenly realize that you're going to either have to put all the new books together in the empty third room, breaking Library of Congress order and making them impossible to find, or reshelve every single book in the library.
Oops.
And *that*, my friends, is why MIT needs a Class A internet address (18.*.*.*).
TCP and ICMP is not a good way to test this. Plenty of IPs won't respond to a ping and don't have any TCP ports open for inbound connections (SYN flag set).
Free Conference Call -- No Spam, High Quality
Public IP addresses (ISP?) are needed to go from A to B on the Internet and back, private ranges get you around internally, and purchased address blocks ensure that business to business routes (private links between two partners) don't cause oddities in anyone else's networks.
> Please don't make fun. Yes, I perhaps have told a tall tales like most others here.
liar
I remember it this way: "Now I lay me down to sleep" has a direct object ("me"). If there's an object it's lay, if not it's lie.
Unless, as the AC pointed out, it happened in the past, in which case it's lay again. Bleh.
$x='S24;r)>63/* h@<5+oZ)32"5cz';$me='phroggy'x$];
$x=~y+ -xz+\0-Tx+;print$_^chop$me for split'',$x;
If you want to see the original pop-up free article on the census is here - http://www.isi.edu/ant/address/ and there is a pretty cool interactive map here http://www.isi.edu/ant/address/browse/index.html . Enjoy.
Are these addresses lying idle, or merely configured to not respond to ICMP echo (ping) packets? 'Cause, you know, I'm pretty sure their test can't tell the difference...
I've abandoned my search for truth; now I'm just looking for some useful delusions.
I've learned everything I know from xkcd
Comment removed based on user account deletion
I think we first have to start forcing all owners of class A networks to move to class B networks and NAT (likewise for class B owners to move to class C networks). This should free up a lot of new to be used public IP addresses.
There is no reason why internal networks should have direct external exposure through a public IP number, the internet is a collection of separate networks.
It appears that all they did was ping every address they could, and then track which addresses responded and which ones did not. Consdiering how many systems are either configured to not respond to ping, or sit behind firewalls that stop the ping from getting through, this seems like a method of marginal value.
Wouldn't there be a better way to query the addresses than this? In some areas, I suspect checking DNS records might be more informative if what you are looking for is which addresses are unused (though of course DNS isn't mandatory either).
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
Bank of America owns something like 26 class B subnets, most of which are used internally. There was a decision made in the mid 90's to use the public class B's internally as well as externally so that when BofA bought a company that was using a "private" subnet there would be no issues of overlap taking place when it came time to make the purchased company part of the Borg. However, BofA doesn't come close to using all of those address blocks. How about they pony up some of those spaces as well (and other big org's like BofA, you can bet, have done the same thing). Running out of addresses? Bah! It's pure and simple greed on the parts of the owners of these spaces and network and security folks who aren't smart enough to figure out how to deal with acquisitions.
Comment removed based on user account deletion
Even if the whole world went to IPv6 tomorrow, do you think ISPs like Comcast will stop charging people $7/month for each additional IP address?
NAT is here to stay.
Isn't one of the requirements of obtaining something like a class A network that the 16 million address space be mostly utilized either immediately or in the near future? Maybe tighten these restrictions and/or check up on these organizations more often to help prolong the IPv4 doomsday?
[insert relationship joke here]
Comment removed based on user account deletion
Getting Layed is what happens when you have sex.
Lying is what happens when slashdot readers are asked if they've had sex....
Assuming an organization uses DHCP to hand out public addresses... many DHCP installations have several banks of dynamic addresses so that if one DHCP server goes out to lunch there is enough address space to handle the maximum expected requirements of that network.
Never ask for directions from a two-headed tourist! -Big Bird
Hey, do you think you can educate people about the correct use of obsess?
It should be used exactly like 'possess', but people don't get this.
The correct usage:
* I'm obsessed with trying to convert people back to the correct usage.
* Getting people to use the verb correctly obsesses me.
* If that person is obsessing me, he is in *my* thoughts and not the other way around.
Silence! I concur.
We need to charge the companies for the unused or unseen IP addresses. If the addresses are unused or internal to the company then charge them $100 an address. Or let them put the unused ones back in circulation. We need to make it worth their while.
How is this the least bit suprising? I imagine many companies only use 10% of their address space.
...idiots like the IT group on my campus that thinks every machine on the internal network for some reason needs a public IP address instead of using this 'new' technology called "NAT".
Yes I am sure the researchers have no idea what a firewall is. And everyone is a network admin with their home routers...
Of course these researches used logic to determine when a firewall is in place. One possible way would be to look at a subnet as a whole, if neighboring IPs are responding you can make a reasonable guess that other IPs should respond if binded to another node. This is a sampling of 4 billion, so no, individual circumstances where this doesn't hold up won't make a difference.
Wait for the actual paper to come out during the conference. If your research with your home router shows this is an incorrect paper, you can call them out. After all this is what peer review is all about.
I think they should pay me for them, to be honest.
This is my sig.
Fail! How did this (video?) professor manage to use icmp/tcp to determine hosts, or the lack thereof, of IP space behind corporate firewalls? Curious minds may want to know...I for one call bullshit!
Contract was up, I was let go, I left the firm I was with to be with the firm I am at now because they were incompetent. It all happened within 2 days of one another, not lying .. just not giving all the facts.
As anyone who knows anything, Professor John Heidemann should fully well know that most big buisnesses BLOCK inbound ICMP TRAFFIC. Why? Because botnets use that to see if machines are alive, and will attack them if they respond.
Face the facts, simply because a ip address doesn't respond to ICMP 'ping', doesn't mean it isn't being used.
I was going to use the oil analogy. It's going to run out eventually, so why not switch to something better now before we run out?
If we drill off the coast we'll be sure to find more IPv4 addresses.
True. If you're going to "GET layed" (as opposed to "PUT layed", I guess), then you are probably not "getting laid."
$nice = $webHosting + $domainNames + $sslCerts
The other day I lay down with a woman. I got laid, woohOO! As we were lying there, I told her I loved her. That was a lie.
Just to add further pedantic detail to this conversation, these are properly known as transitive verbs (takes an object, i.e. lay) and intransitive verbs (takes no object, i.e. lie).
I remember once telling my father I was "going to lay down", and he responded with something like "where exactly are you going to place these goose feathers?". That cemented it in my head forever.
I know -- very dorky.
I have found there are just two ways to go.
It all comes down to livin' fast or dyin' slow. -REK, Jr.
is if the government mandates it, like forcing television stations to go digital in february 2009
even if all of the ipv4 namespace was exhausted, and people were shooting each other in the street for ipv4 addresses, still no one would go to ipv6
the reason is: there is no audience there. and there is no audience there because there are no sites there. and there are no sites there because it costs so much money to upgrade your infrastructure... for the sake of a protocol no one is using
its the same problem as: no job without experience, no experience without a job. the only solution is for the government to force us to ipv6 in a given timeframe. no other solution will work
no one is going to voluntarily migrate, because there is no reward for doing so. you can reply there is a reward: solve address exhaustion. but you are not looking at the problem in the right perspective: individual versus community. this is a problem we all have, not an individual problem. therefore, there is no individual incentive to solve the problem. we either all go at the same time, or we don't go at all. no one is going to trickle over to ipv6, since its such a hassle and there is no reward for doing so, on an individual basis
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
for at least the next 10+ years.
torrents, emules, bears, and crusty limeys!
ftp, atp, stp and just raw blast feed!
Gimmie a D!
If the US government gave out $40 coupons for IPV6 "converter boxes", we could get this thing done by the end of the year.
OrgName: DoD Network Information Center
OrgID: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
NetRange: 7.0.0.0 - 7.255.255.255
love the taste, hate the texture
This is /. If you're saying you've been laid, then you're lying...
First of all, its not 2^64 addresses, it's 2^128 addresses. To the layman, that is not very much of a difference.
Do you have ANY idea how large 2^128 is? I have heard estimates that it is larger than the number of atoms on earth! I haven't done the math but it does not seem impossible.
1. you've contradicted your initial assertion that's plenty of consulting dollars in the migration to ipv6. you now say all the infrastructure in place. obviously, there's a lot more work to be done, and obviously, its not completely straightforward and easy. even for end users (calls from mom: "you open network properties and click what again? this is too complicated, why can't i just use the site like i always do?")
2. finally, with ipv6, just as you will notice in february 2009, no one is going to use ipv6 or digital tv unless they HAVE to. and even then there will tons of complaints, even though its obviously better. you completely discount the inertia and comfort level and "good enough" mentality involved here
ipv6 will never get out of the single digits on percentage of users, until it is mandated. if you refute that, you don't know much about human psychology
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
As someone else pointed out, there are numerous reasons out there that there is a lot of PUBLIC IP space that will not be reachable from the Inernet. Business to Business (B2B) where multiple companies networks need to talk to each other is the perfect example of this. B2B is becoming much more relevant in the days of outsourcing services and for service providers. Additionally there is a lot of infrastructure that is out there that uses Public IP space that will not respond to scans because they have been hardened not to do so. As someone pointed out, blocking ICMP THROUGH a router or firewall is a no-no, but blocking it destined to the device is just fine and is actually good practice. Now I totally agree where companies that were assigned a /8 and assigned every device a Public IP whether it needed it or not needs to be read the riot act and return it.
START RANT ^^ /80 you lose the ability to do autoconfiguration which basically renders IPv6 useless.
Those who just spout move to IPv6 have no clue. The world is not ready for IPv6 and my money is that we will not end up with mainstream adoption (and I mean every new consumer device and piece of software that comes out is IPv6 aware) for at least another decade. There is way too much to do and companies have just over the last few years really started networking everything.
Nobody wants to go back and learn a brand new protocol for which you basically need to throw away 80% of what you thought you know. Finally, IPv6 only truly solves one problem that we have in IP networking today and that is the number of available addresses. We know for a fact in Ethernet that your not going to have several million devices in the same broadcast domain (VLAN) (and yes, I know some of IPv6 uses multicast) so we are going to be orders of magnitude more wasteful than we can possibly be with IPv4. The only way around it is to subnet which past a
END RANT ^^
I work at a university and we (my department) give everyone public IPs simply because that's the way they've always done it. I've pointed out that maybe we could switch to 10.'s for all but a select few and even get some added security from the effort (you can't hack it if you can't address it), but my boss is firmly on the leave-well-enough-alone page. And he's probably right. Unless we grow quite a bit unexpectedly, we've got plenty of IPs (/23) for our needs and our firewall has served us well so far. It would just be unnecessary work to fix something that ain't broken.
You may hate me now.
First, the obvious as everyone has already pointed out: lots of firewalls and routers drop ICMP or don't respond to pings, so this survey is useless.
Second, so what? Even if it were a valid survey, a few million more addresses aren't going to help the situation. Every proposed stopgap just extends the exhaustion date a year or less into the future.
To me, the failure of IPv6 is that it is really an entirely different protocol sharing a similar name. If IPv6 had simply extended the 32-bit address space it would be a much more straightforward upgrade from IPv4.
Natural != (nontoxic || beneficial)
Those were sold to forward-looking companies like IBM, HP, DEC, and Apple.
Microsoft didn't "get" the Internet at the time.
sudo nmap -T insane -O 0-255.0-255.0-255.0-255
"It doesn't cost enough, and it makes too much sense."
This is BULLSHIT!!! Everyone with decent security (e.g., they set all ports to stealth) will appear as a vacant IP address to these morons.
Andy Out!
My address is behind a firewall that doesn't respond to unsolicited incoming packets. It's in use, but you'd never know it from the outside.
apologies, i meant numberspace, i wrote namespace
however, as you have explicated, the namespace issue is out there as well, although less to do with exhaustion and more to do with collision
i would add to your explication that countires such as china whose "solution" to nonascii domain names is to extend the name space into other character systems, do so at the peril of cleaving the internet. of course, for governments who wish to keep their citizens uninformed and insular, this is not a "problem." and even if chinese ideograms were acccepted part sof the namespace, western users would be less likely to visit, simply out of a lack of familiarity, which breeds exclusion. and of crouse it doesn't do anything really about name collisions, as hp is not going to solve its problem by buying the han ideogram for hp
as it is, the chinese have no problem adding 26 more characters to their collection of thousands of han characters they need to remember, so no real exclusion is happening the other way when you keep it the ascii character set as a hard limit
you could of course say that even if you preserve an ascii character set for the internet namespace, you've won a hollow victory since the website might be in a foreign language and so the exclusionary walls are still in place. but you have at least preserved the common framework across which future exchanges of ideas might still take place. less walls is always better
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Let's see now. There are on order of a few billion IP addresses and on order of a few million of them unused. That works out to abut 0.1 percent un-used. In other words 99.9 percent are in use.
"millions" is not enough when you need billions. In fact it is thousands of times not enough
A billion years ago - or so it seems - there was a company that was able to finagle a class B internet address.
There were about 50 people in that company.
Yours truly was the network administrator.
However, as things go, that company split apart into two groups: company A and company B.
Company A went off to do stuff, while yours truly went with company B. The class B address was supposed to go with company A. However, company A went kaput, and never really put their name on it.
Fast forward: I get bored at work, and decide to look at who got my old address space. Surprisingly, I still have it.
So, I talk with the legal representative of company A, and he claims it to be an asset of the company. If we can sell it, I get a percentage.
Here's the thing - if I let IANA know, and legal representative finds out, I fear that my little tushy might get sued. I really, really don't want to get sued.
As a result - class B address sits idle. And I am ashamed.
I've worked for two companies now (one an ISP, one a web host) where every server, desktop, laptop, printer, and wireless client in the building was given an "Internet" IP and then firewalled off from the Internet rather than being given a "private" IP (10.x.x.x or 192.168.x.x) and placed behind a NAT. Why? Apparently, no other reason than for the fact that they can. I've tried explaining to managers at both companies what a poor idea this was but they didn't care.
The web host I worked at also wastes IPs like no tomorrow. They'll put 1024 IPs in a VLAN and then stop assigning IPs to new servers once it's 75% full so that they don't run out of IPs to assign to existing customers. Which is fine, except that the vast majority of customers never request anywhere near that amount.
There have got to be many other companies that just throw away IPs like this. If we really are going to run out of IPs in the next few years, then ARIN really needs to start charging more for the use of IPs or make it harder for companies like the above to keep grabbing large chunks of IPs and just sit on them.
i'm going to borrow that phrase from you, that's hilarious, thanks ;-)
however right or wrong you comments are (and i agree with most of what you said) it just makes resistance to mandating the change to ipv6 even less potent: its not so hard, you insist. well then good! lets bank your assertions
because in reality, my pointing out that ipv6 has to be mandated (or, rather, to qualify your comments, that the death of ipv4 has to be mandated) has less to do with technical truths than with human psychological truths
so i concede all of your technical points, regardless of their truthfulness or not. for one, because you are mostly right, but mostly because my point about human psychology is the real meat of my observation
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
Perhaps they are lieing idle. Not every IP device will respond to unsolicited IP traffic.
Sure it is, it's a subnet of the /0 network.
I may agree with what you say, but I will defend to the death your right to face the consequences of saying it.
I have been working in developing countries on the fringe of the internet for about 10 years now. You would be surprised at what problems this would cause. Places where very old computers are new, windows 98 is still around, network admins can hardly do much more than configure dhcp, a lot of things will break if IPv6 is suddenly forced. Among other things I know hospitals, stores, government servers that will not be able to make the switch because they can not afford to and the "computer guy" does not know how to make the switch.
Living in Chile
Companies buy and merge with companies.
Even though 99% of your company is behind a firewall, are you going to number your headquarters, plants, and sales offices using 10.0.0.0 - 10.2.255.255? Or... use those three Class B's you have registered to make them truly unique?
Which way is more likely to be mergeable *immediately* with your new 4 billion dollar acquisition?
It would be fairly easy to implement some extensions that could make IPV4 last much, much longer. Basically, we have DHCP to make address usage within a range more efficient. With fixed IP we frequently had low usage of IPs within a range, often well below 50%. With DHCP we have reached nearly 100% allocation rates. What we need is a new protocol, which I would call Dynamic Subnet Configuration Protocol (DSCP) that would assign subnets on demand to DHCP servers. Once implemented a DHCP server would not be configured for a fixed range, but would be configured to ask for a subnet of a specific size (which could be adjusted dynamically depending on the allocated addresses) to it's (ISP provided) DSCP server. The DSCP server would in turn negotiate ranges with upstream DSCP servers. That way, companies would only use ranges as large as needed, and no addresses would be wasted. With over three billion addresses to use, even not counting private addresses (which should cover the vast majority of PC addresses) we should have enough for a long time even without IPV6. Now, DSCP alone (and the adaptation of DHCP servers) would not be enough. We would need also some autoconfiguration tools to insure connectivity during IP range reassignation (including the necessary tools to insure proper routing between the two addresses, maybe temporary routing capabilities could be incorporated into the DHCP service, or autoconfiguration of routers and network equipment could be integrated). Easy? Definitely not. Doable, hell, yes, a few orders of magnitude easier than deploying IPV6 worldwide. And while it wouldn't have the other advantages of IPV6, compatibility would be a given and no clients would need to be modified. So who's writing the RFC?
16 million IP addresses for just 32,000 employees ???
There are a LOT of unused and unneeded V4 addresses out there. I think a reasonable effort at ectracting them could easily free up enough V4 addrs to last for another decade or two at current use rates.
Here's how I know: Back in the early 90's, I managed Chevron's transition to TCP/IP. Unfortuantely, it wasn't long before the Chevron Telecommunications Division folks got into the act, and working with Cisco, they managed to get TWENTY-THREE Class B networks assigned. (To be fair, the clueless Cisco SE's had told them they needed that many, so CTD wrote up a long, and presumably persuasive, application explaining how the world would end if they didn't get this completely ridiculous block of IP addresses. When I left the company in 1994, they were using no more than about a dozen Class-C equivalent subnets even at the largest sites, and many had an entire class B to handle only a few dozen nodes. The clueful among us all felt embarrassed and guilty about using that many addresses, but we used them anyway - heck they were assigned, so why not?
Although Chevron's glut of IP addresses isn't the norm, I'd also bet it's not unique - that clueless Cisco engineer designed similar networks for lots of other big companies during that time, too...
"The future's good and the present is nothing to sneeze at." - Roblimo's last
With CIDR nothing is a subnet -just a "net".
Just have to mention that Norway and Britain got connected to the net (it was Arpanet then) in 1973.
My ISP only lets me buy static addresses in blocks of five. I would be happy to have a single static address, but there seems to be some sort of problem with that. As such, four of my addresses are lying fallow.
That is all.
I, like most of my network engineers, turned off ICMP reply back in, what, the 90s?
Sure this guy knows what He's talking about? I mean, if an address doesn't respond to ping, it must be dormant.
What a FUCKING moron. My only guess is anus #1 has tenure, therefore can't be fired for not knowing what the FUCK He's talking about.
--Toll_Free
Agreed. Example: Hi, I'm Chef. I want to lay you down by the fire...
Actually, that's altogether another use of lay, nevermind.
I have pretty paranoid firewall, so I bet he was not able to scan my IP. So, please change your statistics -1, because my IP is used, you just have no way to see that.
abundantly available.
I mean, how can the greedy masters of the people make any profit out of a resource in almost infinite free supply?
So maybe this is one reason why it's not exactly pushed.
IPV6 is not just more addresses, but also simplification of routing.
Attempts to reuse will possibly break compatibility (which breaks the use of not switching in the first place), and further increase routing by fragmenting the IPV4 space (and thus routing tables) even more
Back in the day, large companies wanted every desktop to have a visible routable address. That was before we considered whether that was even a good idea. Since then NAT has saved our butts and management has come to see that all computers don't have to have visible addresses. Moving to IP6 just puts us back in the old place where we can all have visible addresses again, and we can consider whether that is a good idea. IMHO, most companies don't need more than a few visible addresses for visible servers. Client machines can all sit inside NAT'ed subnets and do just fine.
Considering the number of firewalls that block internet traffic and silently drop ICMP requests into internal corporate networks, how the heck can he conclude that addresses are unused when he performs a scan from the internet?
WAFI
We are the 198 proof..
So if some kid nicks your motor you should just forget it and buy a new car. Your probably going to buy a new car at a later stage anyway, so why spend the energy twice?
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Even if we reclaimed every single IPv4 address that is known to be idle/abandoned (by much better surveys than this one, which is seriously flawed), it would buy us only 6-12 months at the current consumption rate -- and would cost a ridiculous amount of money, mostly in legal fees. It won't save us from having to move to IPv6, just change when we have to pay that cost, too.
That none of the hosts I admin responded to ping. Personally, I think blocking ping at the firewall a useless security technique if I am responding to http or IKE packets, but the expensive security firm we hired to audit us pointed proudly *every single time* to that response as being a security issue, so I got sick of having to argue it out and just blocked inbound icmp that wasn't a response to an outgoing query.
Even if it didn't, which host would they expect to reply? most of my IP space is overloaded - if I have http and smtp open on the same IP, you can bet a bundle they aren't going to the same internal host, and the ASA isn't going to be responding to ping on behalf of the NATs it hosts.
If that wasn't bad enough, back when I had service from Demon Internet's business DSL service, they blocked all icmp even if you wanted it - that made monitoring line uptime a pain for our monitoring software back at head office, and led to us changing provider.
What it comes down to is that a pingsweep of the internet will tell you how many IP addresses respond to pings - no more, no less.
-=DaveHowe=-
I said:
What I meant was:
So even under the best circumstances where we recovered all the old IPv4 allocations, we wouldn't necessarily be buying ourselves as much time it might appear (by dividing the burn rate into the total available pool)...
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Sorry, I didn't read your entire post, I just want to thank you for proving my point.
Don't be crazy anymore!