Slashdot Mirror

← Back to Stories (view on slashdot.org)

Millions of Internet Addresses Are Lying Idle

Posted by timothy on from the gathering-their-strength-for-hallowe'en dept.

An anonymous reader writes "The most comprehensive scan of the entire internet for several decades shows that millions of allocated addresses simply aren't being used. Professor John Heidemann from the University of Southern California (USC) used ICMP and TCP to scan the internet. Even though the last IPv4 addresses will be handed out in a couple of years, his survey reveals that many of the addresses allocated to big companies and institutions are lying idle. Heidemann says: 'People are very concerned that the IPv4 address space is very close to being exhausted. Our data suggests that maybe there are better things we should be doing in managing the IPv4 address space.' So, is it time to reclaim those unused addresses before the IPv6 crunch?"

42 of 500 comments (clear)

  1. screw ipv4 by k3v0 · · Score: 5, Insightful

    lets just switch to IPv6, it's more functional and future proof

    1. Re:screw ipv4 by Anonymous Coward · · Score: 5, Funny

      Hello. I am Hunvi Maguay, premier of Swaziland. If you have an unused IP address we will buy it from you for $6,000,000 right now. In order for us to send you the money, please send us your bank account number along with proof of identity. Your Social Security number would be good. Please tell us your mother's maiden name too. Hurry, our offer will not last long.

    2. Re:screw ipv4 by Synn · · Score: 4, Interesting

      Nobody has configured for IPv6 because there's been no forced set date to switch over so everyone is still just using IPv4 which is working just fine.

      But when the date comes it'll be a long weekend for a lot of admins, but I'm guessing the switch will happen just fine.

    3. Re:screw ipv4 by Finallyjoined!!! · · Score: 5, Insightful

      Internally yes. Externally no. However my point was; everyone who stands up and says "Screw IPv4 let's move to IPv6" should be sat in front of a border router & told to get on with it.

      Everyone can eat salami, precious few can make it.

      --
      If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
    4. Re:screw ipv4 by vux984 · · Score: 4, Insightful

      Nobody has configured for IPv6 because there's been no forced set date to switch over so everyone is still just using IPv4 which is working just fine.

      Sure my PCs can all switch without too much trouble; just configuration issues.

      Will an xbox, xbox360, PS3, Wii, PSP or DS do ipv6? Will my ipod touch? What about my cell phone? Does my dlink nat/router do it? What about my dlink voip box? My network printer? My cable/adsl modem?

      Seriously.

      I can't abandon v4 at home (Wii doesn't do ipv6 afaik, nor does my router). Nor can I do it at work... the LaserJet 4050s don't do it unless I upgrade the jetdirect module (which is stupid expensive). I also doubt my cell phone supports ipv6. My parent's have a Wii and a usb-print server that don't d ipv6. My brother in-law has a PS3 and a Wii that doesn't appear to support ipv6. My parents in-law have an xbox and a wifi router that doesn't do ipv6... my cousin has a DS... she's stuck on WEP because it doesn't do WPA... I highly doubt its going to do ipv6.

    5. Re:screw ipv4 by goofyspouse · · Score: 4, Funny

      Get it on with a border router? That is wrong on so many levels.

    6. Re:screw ipv4 by hedwards · · Score: 5, Insightful

      What you'd do is upgrade the router. That's it.

      Basically new routers would do a 1:1 version of NAT going from IPV6 externally to IPV4 internally. You'd likely still be using the set aside non-connected blocks without problems. As things evolve you'd probably be able to do IPV6 easily internally and ditch that as the network devices support it.

      The difficulty of upgrading to IPV6 has never been on that end it's the other infrastructure and the ISP services which were where the actual work, challenge and money were located.

      I'm sure that there are other ways of doing it, but that's really the simplest and it allows people to transition on the less important end as they care to or not. It wouldn't make a difference for anybody else.

    7. Re:screw ipv4 by Chris+Pimlott · · Score: 4, Informative

      If you're like most of us, all your devices at home are living behind NAT. There's no reason they can't keep living in an ipv4 private network behind an ipv6 router.

    8. Re:screw ipv4 by __aamnbm3774 · · Score: 5, Funny

      I love all meat references.

      Screw the car-analogy people. Explain how this situation affects me in terms of meats!

    9. Re:screw ipv4 by Anpheus · · Score: 4, Insightful

      Future proof? Everyone says IPv6 is future proof. No one will ever need more than 2^64 addresses.

      That's ridiculous. If we have the addresses, we'll find some way to use them. Instead, it should be IPvX. We should have an extensible standard that the IANA or -someone- can flip a switch on and the routers will add another 8 bits to the address automatically. Need more IPs? Done, 256 times more. This scales well, means we'd never have to go through this again and in thirty years no one will be mocking our generation for this silly attitude of "2^X IPs is enough for the whole world."

    10. Re:screw ipv4 by Sechr+Nibw · · Score: 5, Funny

      Only if you stick it in the Outgoing jack.

    11. Re:screw ipv4 by TheRaven64 · · Score: 4, Insightful

      Do you have any idea how big a number 2^64 is? There are currently just under 2^33 people in the world. This means that 2^64 is almost enough for every person to have as many IP addresses as there are currently people. It is enough for 2^35 IPs per square kilometre of the Earth - including the sea - or, to put it another way, enough for every 0.29cm^2 of the Earth's surface to have a unique IP. It is enough not just for every computer you own to have an IP address, but for every item of clothing, every item of furniture, and every object in your fridge to have a unique, public, IP, and still have a lot left over. IPv6 will last until nanotech becomes widespread and you want to have networks of nanoscopic devices online - and possibly even then since it would make sense to treat personal area networks as a single public device.

      --
      I am TheRaven on Soylent News
    12. Re:screw ipv4 by gnick · · Score: 5, Funny

      The FCC should just mandate a switch to IPv6, if the US leads, the rest of the world tends to follow.

      Exactly.

      Listen up world! We've decided that you all should be using miles, feet, inches, Fahrenheit, and gallons. Please upgrade your silly metric system.

      --
      He's getting rather old, but he's a good mouse.
    13. Re:screw ipv4 by NatasRevol · · Score: 4, Informative

      You forgot the real reason.

      IPv6 numbers are damn hard to remember.

      Seriously, what's easier?

      192.168.0.1 or
      2001:0db8:85a3:0000:0000:8a2e:0370:7334

      --
      There are two types of people in the world: Those who crave closure
    14. Re:screw ipv4 by fm6 · · Score: 4, Funny

      The good grammar tells you he's a fake, but what kind? Obviously, a fake scam artist. In other words, a fake fake.

      But if he's not a real fake, what is he really? The only possibility that makes sense is that he really is the premier of Swaziland. I suggest you send him the information he requested. Or better yet, send it to me, and I'll handle the transaction for you.

    15. Re:screw ipv4 by BitZtream · · Score: 4, Informative

      Its already well defined, there is no need for anyone to 'agree' on it, it was agreed on years ago.

      You are confusing NAT and PAT. I seriously doubt you use NAT anywhere. You are likely refering to PAT, NAT just translates addresses from one to another, a one to one mapping, one address external is used by one address internal. What you are used to using is PAT, with is Port and Address translation, which allows for one external address and many internal addresses.

      NATing between IPv6 and IPv4 is well defined and not difficult to do, there are already plenty of cheapy boxes for home use that do it. Hell mine will even setup an IPv6 Tunnel to someplace like he.net.

      PAT on the other hand is something no one cares about because the ridiculous amount of IPv6 addresses means we can just give EVERYONE a /64 and they can use REAL NAT rather than PAT to get the job done.

      Finally, part of the IPv6 protocol requires support for making IPv4 address space available over IPv6. Practically any router on the planet which supports both IPv4 and IPv6 will have the support to deal with both and bridge between them.

      So your statement is incorrect in that NAT is supported by pretty much every router that supports IPv6, what you are thinking of is not NAT, its PAT which no one in the IPv6 world cares about since its an old hack that doesn't need to exist in the new world of IPv6. Because of that, no routers are going to bother supporting it.

      For reference, since the defacto standard at the moment appears to be giving individual users a /64 block, From: http://en.linuxreviews.org/Why_you_want_IPv6

      Number of IP Addresses in a IPv6 /64 prefix, the typical space a home user gets: 18,446,744,073,709,551,616

      IPv6 gives citizens the opportunity to become real Internet participants. IPv4 makes citizens into passive consumers who are only able to connect to compartmentalized networks run by companies or governments. This is why the establishment does not want IPv6.

      There is a total of 2^128, or 340,282,366,920,938,463,463,374,607,431,768,211,456 unique IPv6 adresses. That's roughly 667 quadrillion addresses per square millimeter of the Earth's surface!

      Basically, we can not possibly exhaust this address space on the planet earth, there simply isn't enough matter on the planet to do so, and adding the matter required to do so would result in a gravitaional singularity forming as the matter collapsed onto itself. So ... there is no actual NEED to do it with IPv6.

      If you wanted to pick something to worry about, it would probably be the lack of stateful firewalling in those home/cheapie routers which the NATs of today effectively provide a outbound only initiation of connections, with IPv6 and the fact that cheapie routers aren't firewalling by default, we'll end up with a lot more machines fully exposed to the Internet by default.

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    16. Re:screw ipv4 by BitZtream · · Score: 5, Informative

      You're missing the fact that an IPv6 /64 is what a home user gets, not the total address space. The IPv6 address space is 128 bits, meaning you get 2^64 blocks of 2^64 addresses.

      Meaning every square millimeter of the earths surface can be assigned approximately 667 quadrillion unique addresses. With your math, I personally can assign every 0.29cm^2 of the Earth an address out of my block alone.
      Please see:
      http://en.linuxreviews.org/Why_you_want_IPv6

      --
      Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
    17. Re:screw ipv4 by BitterOak · · Score: 4, Insightful

      If the router is handling the conversion and talking ipv4 internally, why would the devices need to support ipv6 again?

      Ok, so let's say you have your router converting packets from IPv6 and IPv4, and translating your internal IPv4 addresses to external IPv6 addresses. Now, let's say you're sitting at your IPv4 computer connected to this magic router. You launch Firefox and type type the Slashdot URL. (More likely, you'd have it bookmarked.) So, what does your computer do? It sends a DNS request to get Slashdot's IP address. Now, in an IPv6 world, this IP address would have 128 bits instead of 32. How is your IPv4 operating system going to make sense of this?

      So you might suggest a fancier router that is DNS aware, and translates those addresses back and forth, effectively acting as a DNS proxy. But there is a problem. How do you translate all IPv6 addresses to IPv4 addresses? Considering that the address space for IPv6 has 4 times as many bits, I don't see how this is even possible: you can't assign a unique 32 bit number to each 128 bit number.

      So the problem is much more complicated than it first appears.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    18. Re:screw ipv4 by Cajal · · Score: 4, Informative

      I'm not confusing NAT and PAT. There was a nice writeup at ars technica recently about the IETF's efforts to define a v6/v4 NAT - http://arstechnica.com/news.ars/post/20081006-ietf-working-on-making-ipv6-and-ipv4-talk-to-each-other.html

  2. Credit crunch by Harmonious+Botch · · Score: 5, Insightful

    This is curiously similar to the current credit crunch. When a fix is not guaranteed to happen soon, people start hoarding.

    1. Re:Credit crunch by toleraen · · Score: 4, Interesting

      I was going to use the oil analogy. It's going to run out eventually, so why not switch to something better now before we run out?

    2. Re:Credit crunch by Samantha+Wright · · Score: 4, Interesting

      That's a little silly. These allocations were made in the 70s and 80s, before the Internet really existed outside of the US. At the time, the recipients of the addresses were those who were most likely to use them. No hoarding is going on.

      --
      Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
    3. Re:Credit crunch by Chaos+Incarnate · · Score: 4, Insightful

      That is hoarding.

      No, that's life outside a police state.

      --
      Benford's Corollary to Clarke's Law: "Any technology distinguishable from magic is insufficiently advanced."
  3. Give back class As by Neil+Watson · · Score: 5, Insightful

    Perhaps some of the institutions that still have class A networks reserved from the old days, with no reasonable need for them, should give them back.

    --
    UNIX/Linux Consulting
    1. Re:Give back class As by Anonymous Coward · · Score: 5, Informative

      Yup, I work for one of them, GE - the entire "3.x" class-A network, 16million addresses - most of our internal network is those 3.x addresses, behind firewalls so basically useless - and even better, I pinged a few external GE sites I know of, and none of them even use 3.x addresses!!

      maybe 500K employee's & contractors, even add 500K more for servers and unallocated IP's in the ranges, that's still 15*million* unused. Besides which, we could easily run on 10.x internal networking and NAT/Proxy to outside.

      Don't be in a hurry to get them back though... its not a priority! (haha)

    2. Re:Give back class As by t0rkm3 · · Score: 4, Insightful

      As a network security guy in a company with 9 Class B's that are used within the company. (1 is Internet facing) The internal usage of public IP address space is justified by one thing, acquisitions. Every time a company is bought up by our company we have to integrate them into our network. We are already using some RFC1918 space at stub networks(plants/refineries) and for VoIP applications. However, the challenge of integrating 25,000 new IP devices with a conflicting address scope per merger is painful and wasteful.

    3. Re:Give back class As by Sique · · Score: 4, Interesting

      NAT is a hassle, when it comes to more complex protocols than simple TCP. I've worked at a customer site which had a slightly... lets put it like this... unorthodox allocation of internal IP addresses. They just gave every site a 10.X.0.0/16, and then they had more than 256 sites (it's a large retailer, that's why). So they started expanding (yes I know, shame on them) into the 9.0.0.0/8 and 8.0.0.0/8 space.

      When they bought a company in another country, the sysadmins there absolutely refused to route those nets into the VPN (right they were). So now the customer starts heavily to NAT, so the new company never sees any internal 9.0.0.0/8 and 8.0.0.0/8 addresses.

      And now lots of things break. Videoconferencing and VoIP are among the worst offenders, but some complex logistics software they use is playing silly buggers too. And with more than 256 sites it's just not feasible to start readdressing all the IPs. They just don't have the people to do it, and they don't have the time to do it (it has to happen all at once, otherwise just more applications break during the transition period), and they don't have the money to hire enough external people to do it.

      It's a lesson why violating RFC1918 never was a good idea, but it is also a lesson that NAT gets you only so far.

      --
      .sig: Sique *sigh*
  4. And for just 10 dollars a month... by lobiusmoop · · Score: 4, Funny

    you can give one of these poor unwanted IP's a home.

    --
    "I bless every day that I continue to live, for every day is pure profit."
  5. Why bother? by Timothy+Brownawell · · Score: 4, Insightful

    Would giving them back do anything other than encourage network providers to procrastinate on IPv6 for another couple years?

  6. Why is anyone surprised? by gstoddart · · Score: 4, Insightful

    People setting up networks aren't trying to use every single address in their space.

    It's far easier to use an entire a.b.c.* as a logical sub-domain than fiddling with netmasks and all that stuff so that a.b.c.1 and a.b.c.200 are on different subnets.

    The amount of work people would need to invest to use every single IP address with no holes would be cumbersome. (I'm not saying you can't do it, it's just tedious.) And, you never know when you're going to need to allocate more machines -- I remember getting blocks of IP addresses for static machines in case I needed another machine in the future.

    Now, why most people aren't using 10.*.*.* as their internal stuff I'll never know. Since the overwhelming majority of machines on the internet aren't (and shouldn't) be directly routable, it's an awful waste to not have organizations behind NAT-ed firewalls and not drawing from the common pool of route-able IP addresses.

    Cheers

    --
    Lost at C:>. Found at C.
    1. Re:Why is anyone surprised? by Finallyjoined!!! · · Score: 4, Informative

      Quite right, there's no reason whatsoever why 98% of users shouldn't be behind NAT gateways. I've seen stupid situations where bloody printers are assigned a public IP - so people can print to them over the internet - Whaaat??? Furthermore pretty much all VPN client software (excluding Microsoft shite, of course) is NAT-T aware.

      One other point, not related to the above, TFA states they are using icmp to determine if a host is alive. Really? What is the margin for error here? Pretty much every device I configure with a public IP & connected to the net, will not respond to icmp (except from designated hosts/host blocks) Guess we can take their figures with a pinch of salt then.

      --
      If I had an Ass, I'd call it Fanny Bottom, then I could slap my Ass; Fanny Bottom, on the Arse.
    2. Re:Why is anyone surprised? by bendodge · · Score: 4, Informative

      NAT is a hack, not a firewall.

      --
      The government can't save you.
  7. Many addr's may be behind firewalls... by Anonymous Coward · · Score: 5, Informative

    We get this all the time from our ISP's. "Our scans reveal that you're not using much of the space we've allocated to you." In reality, those IP's are behind firewalls that only permit certain customers to reach them. Otherwise they don't respond - even to pings. The IP's appear dead to everyone except authorized users, and our ISP's aren't authorized.

  8. TCP and ICMP by IceCreamGuy · · Score: 4, Insightful

    I drop ICMP entirely, and besides our website and mailservers, we don't have any standard tcp ports open on any of our other external IPs. I really can't imagine it's that much different for other medium and large businesses; am I to believe they nmapped the entire Internet? (It's clear FTA that they did not) To me, these findings are not that surprising in the security-oriented world we live in today.

    1. Re:TCP and ICMP by Anonymous Coward · · Score: 5, Informative

      I drop ICMP entirely

      Then you're an idiot who has no business managing a firewall.

  9. Millions more have been hijacked by Arrogant-Bastard · · Score: 5, Interesting

    In addition to all those lying idle because of excessive address space allocation, there are huge swaths of space which have been hijacked. Recent discussion on the NANOG list has highlighted some of these; the Spamhaus DROP list features others. And other researchers have found still more that are obviously no longer under the control of their putative owners, and are being use for spam, spyware, phishing, and worse. Attempts to get network operators, registrars, ICANN, ARIN, and others to effectively disable these resources -- and eventually to reclaim them -- have been largely unsuccessful. Yes, in some isolated cases, limited action eventualy takes place, but it's far too little far too late to be considered anything close to "effective". We need a concerted, worldwide effort to not only reclaim this space, but to blacklist for life those found currently possessing that -- because (as we've seen repeatedly) they won't be deterred by anything else.

  10. Wrong! Lying is the correct form. by DigitalReverend · · Score: 4, Informative

    http://www.grammarmudge.cityslide.com/articles/article/992333/8992.htm

    http://www.askoxford.com/betterwriting/classicerrors/grammartips/lyingandlaying

    If you are in the process of putting something down, you are laying it down, but that object once it is there, it is lying. The verb lay has a direct object that the action is performed on. He is laying the book credenza. She is laying her purse on the counter. Once it has been laid, it is now lying. The book is lying on the credenza. The purse is lying on the counter. IP addresses are lying unused.

    http://en.wikipedia.org/wiki/Laying

    --
    I read Slashdot for the headlines, because the headlines, unlike the articles, are usually original and never duplicated
  11. They used ping! by eihab · · Score: 5, Interesting

    From the article:

    The USC research group used the most innocuous type of network packet to probe the farthest reaches of the Internet. Known as the Internet Control Message Protocol, or ICMP, this packet is typically used to send error messages between servers and other network hardware.

    My home network is in complete stealth mode, and to them that's another "idle IP" address.

    I also love how they arrived to their conclusion:

    the team probed a million random Internet addresses using both ICMP and TCP, finding a total of 54,297 active hosts ...
    In total, the researchers estimate that there are 112 million responsive addresses ...
    but the overall conclusion--that the Internet has room to grow--is spot on

    How did this ghetto-science experiment end up on Slashdot again?

    --
    If you can't mod them join them.
  12. IPv4 addresses running out: by circletimessquare · · Score: 4, Funny

    the IT hysteria of the early century. just as juicy a media hit as the Y2K panic and fear from last century, but not as much consulting opportunities

    personally i'm waiting for 2012, when the elder gods of the mayan calendar awaken and in their rage at not being greeted by chocolate, peppers, and virgins, they reroute all null pointers in all code to the apocalypse. plenty of IT hysteria, plenty of consulting opportunities

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
  13. Decades? by Hikaru79 · · Score: 5, Funny

    The most comprehensive scan of the entire internet for several decades

    As opposed to the great Internet scans of the 30s?

  14. Simpler Politics by Midnight+Thunder · · Score: 4, Insightful

    lets just switch to IPv6, it's more functional and future proof

    Yup and it is probably much simpler. Trying to reclaim addresses involves political issues, finding out who to talk to, bureaucracy and some technical issues. Switching to IPv6 is about technical stuff and just getting going. You are going to have to switch to IPv6 at some point, so why spend energy twice?

    --
    Jumpstart the tartan drive.
  15. Comment removed by account_deleted · · Score: 5, Funny

    Comment removed based on user account deletion