Slashdot Mirror
UK Government Owns 16.9 Million Unused IPv4 Addresses
hypnosec writes "The Department of Work and Pensions in the UK has a /8 block of IPv4 addresses that is unused. An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region. John Graham-Cumming, the person who first discovered the unused block, discovered that these 16.9 million IP addresses were unused after checking in the ASN database."
Just apply the real cure already... This is so ridiculous.
You have to be a UK citizen to sign the petition so please sign if you can.
An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region.
Why not just ask them to do the right thing and give them back to RIPE? I mean seriously, what kind of example are we trying to set here? Or maybe someone's just trying to bootstrap a market for IPv4 addresses in order to cash in on the increasing scarcity....
... In any case, encouraging profit from a public resource like this is a terrible idea.
Crumb's Corollary: Never bring a knife to a bun fight.
It's September of an election year, and people are drawing lines, taking stands, and proclaiming their political beliefs. Even the lurkers, who brag that they "never post political stuff on Facebook" find their trigger fingers twitching over the "share" button. The internet is a battlefield, and you simply can't get around online without being drawn into a shootout from time to time. When that happens, these tips will keep you knocking down opponents without losing your cool or becoming a troll.
Don't Use Metaphors
If you find yourself typing out the words, "It's kinda like if" then stop immediately and delete what you've written. The silence of your non-response is going to carry much more weight than your argument. Metaphors—comparing the situation you're debating to a different situation—are the cyanide of online arguments.
What's wrong with metaphors?
Metaphors are a teaching method and work wonderfully when your audience is on your side. When someone is on your side, they mentally find the comparison points and use them to enrich their understanding of what you're saying. When they're against you, they focus solely on the differences between your case and the example case. As soon as they do, you're no longer debating about the original point. A second debate thread has been created, and now you're debating whether or not your point is comparable to X. Getting back to your original argument is nearly impossible.
Additionally, metaphors can easily offend. Remember that on the internet, people are desperate to take anything personally. Once they do, the debate will be completely derailed and centered around whether or not you think they're a dog, child, Hitler, or whatever other foolish thing you compared them to.
Look at these two statements and determine which one is stronger:
"What you're doing is kinda like asking me to come pick you up when your car is out of gas, and then complaining about how long it took me to show up."
"What you're doing is selfish."
Don't Post Links
Only a few of the links you post in a regular, friendly conversation with all parties in agreement actually get clicked and read by your audience. If someone's ass is completely chapped over your opinion, imagine how much less they're going to care about which blog posts have moved you.
People don't involve themselves in online arguments because they want to click around and "read more internet." They've been doing that already, and they've finally read enough to form an opinion. They're ready to test it out by fighting over it, and that's how you got involved. They're not going to read the link.
Do Post an Occasional Quote
An occasional quote from an intelligent person is great for bringing in a bit of ammunition, especially when they say it better than you can. But keep it short. If your opponent sees a quote mark followed by a pile of sentences, they're just going to skip it. Be careful about quoting people who are themselves debatable. If you're quoting Ayn Rand or Karl Marx, be prepared to start a new debate about Ayn Rand or Karl Marx.
Deal With Petty Insults Effectively
Did they call you an idiot, or a child, or a Nazi? Good, that means you've almost won. At this point, you have two choices: Deliver the finishing blow or get upset about their insult. There are two typical responses to being insulted, both bad:
Flipping shit: Petty insults persist as a strategy because sometimes people get trolled by them, and when they do, the ensuing firestorm makes everyone look bad. The offender knows they have lost, so they take one last chance of bringing the winner down to a tie. Don't fall for it.
Describing at length why you're not what they said you were: Have you ever noticed that when you're truly sick, and you call in to work, you just groan out that "I'm really sick." But when "sick" means your buddies want you to head to the beach, you find yourself on the phone describing the exact times you vomited last night and this morning, the consisten
I'll take:
I'm sure there's an algorithm or list that could tell me all of the possible "desirable" IPs in the /8, but, due to the fact that we shouldn't be greedy, and the completely arbitrary relation to the number 4 for IPv4, and the fact that it's an election year here in the US, I propose that we Slashdotters limit ourselves to four a piece, and leave the remainder to Reddit and 4chan. Or something.
Boot Windows, Linux, and ESX over the network for free.
UK needs dentists! Come on in, dentalists. We welcome you! The duchess will show her tits if you only come!
How did nobody notice this until now? There isn't that many public /8 blocks (125 or less since the 10 and 127 blocks are for special purposes and 0 is unusable) and they've been trying to recoup unused /8 blocks for over a decade so is this really a new discovery?
For F8cks sake, just define an escape mechanism for a larger address space, and ignore the over-engineered IPv6 standard completely!
http://tools.ietf.org/html/rfc1365
There was an even more ingenious solution out there, but I can't find the link -- IIRC, the guy who used to be on the IETF proposed his solution but was shut down so hard by the bureaucracy that he's even let his page with the proposal die of bit-rot. I thought I had a bookmark somewhere but it's gone. It was a very good use of unused header fields in the existing IPv4 definition with a well-defined way of defining a backwards-compatible (even for DNS) way of getting into the larger address space.
IPv6 is a piece of over-engineered sh*t. How many of you (I mean end-users, not Enterprisey-ISP-admin types) use IPsec? Remember IPsec? It was supposed to solve everything, once it was shoehorned into IPv6. Hah.
This sort of thing is relatively common, it's probably used internally as a routable address space, but not intended for use on the public Internet. (Saves have to deal with multiple uses of rfc1918). This sort of thing is very common in the government (though usually much less than an /8). They can't use a consistent rfc1918 address space internally as whenever the government changes it's priorities, work units will shuffle between departments. You'll probably find that this address space is now used by many departments, and trying to move all users over to another range will cost more than they can recover from selling the /8
All current needs are solved by NAT and port triggering. There is no need for IPv6 in any real use case scenarios.
Markets aren't perfect, but efficiently allocating scarce resources is one thing they do well. When you have a quasi-governmental body decide who should get IPs, you end up with situations like this, where people need them can't get them and people who have them don't need them.
The dept of work and pensions is holding them, so that every pensioner can have a static IP. The betyer for the UK gov, to track you with. Taking tinfoil hat off now.
Silence is a state of mime.
FBI has over 128 million but they are being used to catch you
Amateur radio operators own a /8 too (44) that has been used slightly at the beginning of the nineties, but is now completely useless.
Raymond in his hype - BSD's more. If you ffel Lizard - In other
Wealth can be measured in pieces of eight.
who prays for Satan? Who in 18 centuries has had the humanity to pray for the 1 sinner that needed it most? ~Mark Twain
It may come as a shock to many here, but it's perfectly acceptable to use public IP addresses that you own on a private network, if you choose to do so. So, lack of presence in AS announcements does not imply "unused". This block may well be, but it may equally well be in use, just not on the public internet.
16777216 to be precise. Anecdotal inflation?
This will give IPv4 globally perhaps two days. No point in that !
ISPs will run so fast to reserve that space it will be consumed (not used) in seconds.
And also, even if a govt agency decides to release addr space they partially use, it could take years for that decision....
aaaaaaa
Yeah, selling reserved numbers, what a great ides. ;)
I'll patent PI
aaaaaaa
As somebody in the blog comments already noted.. many organizations use public IP space internally without advertising this space to the internet. They generally NAT outgoing traffic over a smaller block that may even fall outside their large (/8 in this case) block.
So somebody sees this organisation doesn't advertise their /8 and decides they should renumber possibly thousands of internal systems? Good luck with that :)
NAT and other ip sharing schemes is dead.
Now everybody (within ipv6) will be able to communicate directly
Deal with it.
aaaaaaa
My boss had an entire class C for about 10 years+ with on average maybe 7-8 employees over that time and a web footprint no bigger than a basic corporate contacts website. He probably could have held on to it, too if he didn't see the expense as a waste of money when he was looking to streamline.
I swear to God...I swear to God! That is NOT how you treat your human!
17 millions ? Great, just give one to every UK citizen next time a cool new connected gadget goes live. It should work thanks to the economics crisis, if only one out of three citizen buy the gadget !
I have plenty of 127.x.x.x addresses to sell, anybody's interested?
I believe in the incremental approach to updates; it's so much safer and usually easier.
So it's going to be IPv5 for me, while you suckers make a mess of IPv6!
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
Among other uses: http://en.wikipedia.org/wiki/Government_Secure_Intranet
That's a network used for intra government department communications. They won't be giving it back.
Local government network admin here. Parts of the 51.0.0.0/8 address space is in our internal routing table, because it's used for shared private networks between different government organisations. Just because it's not in the public Internet routing table doesn't mean it's not used.
Granted perhaps not the whole /8 is in use (I only see 3 x /16s out of a possible 256 in my routing table at present), but who's to say other sectors which I don't have network connectivity to aren't using it.
We're actually pushing for and slowly enabling IPv6 internally on our core and servers where we can, rather than delay the inevitable. This is despite our organisation ourselves owning a whole public /16 block, yet have maybe only 10-15k addressable nodes max across all our networks we control at present. It will take us much much longer to re-IP/re-subnet the entire network more efficiently so some of that space can be returned to RIPE, than for it to be reallocated and used up after returning, due to old systems and old proprietary software in use. Not to mention the resources required to do such a massive task.
Personally I think the people asking for addresses to be returned by any organisation (supposedly) not using them (including all the other apparently wasted /8 allocations out there) are not looking long term enough. IPv6 is the way to go.
It's called stateless address autoconfiguration.
http://www.ietf.org/rfc/rfc2462.txt
Since it's been discovered, what they should do is break it up into, say ~65k blocks of 256 addresses each, and sell them only to customers who have IPv6 transition plans. In other words, these addresses should only be used to enable dual-stack for customers who have taken the initiative in moving to IPv6.
That forces people to move seriously towards IPv6 - starting w/ the telecom vendors, such as BT, Vodafone, et al. That way, the migration, instead of being pushed out, gets expedited.
Indeed, that should be the approach worldwide - provide IPv4 ONLY to supplement IPv6 blocks so that dual stack can be supported, and not any other reason.
Would privatisation of the DWP's 51.0.0.0/8 block be the first or last step to the 51st State?
Just because this block is not public does not mean it is unused.
The UK Government has a huge darknet.
First things first - for IPv6, DHCP6 is a better idea than DHCP4 was for IPv4. Use that to manage your addresses. You can assign certain addresses (or ranges) as static, certain address ranges as dynamic, and be off to the races. No need to struggle w/ subnetting the way you did in IPv4.
Next thing - if it's important for you to remember your IPv6 address, remember that the first 12-16 digits (depending on what your ISP gives you) are gonna be common. You then have the remaining 16 digits. If it's important that you remember them, set up a naming scheme for those 16 digits that works for you, and assign those names accordingly. Set it up in your DHCP6 server, so that all your devices automatically get their IPs. From that point, after a while, you should be able to remember the first half - since it's your assigned global prefix - and then the latter half, since it's something you assigned and remember. Do not use auto-configured addresses in this case.
In the event that you have money to throw @ this problem, there are even PAM (Protocol Address Management) software that some IPv6 companies provide, that help you manage your addresses. You might want to invest in those.
Au contraire, DHCP6 is more needed in v6 than DHCP4 was in v4. In v4, you had 3 options - manually assign, autoconfigure or DHCP4. In v6, you have 2 - the manually assign is not practical, unless you are managing only 2-3 devices.
About the memorizing part, I just thought of something. I've seen some people complain that average users don't know HEX, but they don't need to. If they just stick to decimal numbers, they have 10^16 addresses, and if they just stick to A-F, they have 2,821,109,907,456 to assign. Or even more - if 0 = O, 1 = I, 2 = Z, 5 = S, then you again have 10^16 addresses for just the lettered addresses. So these things need not be complicated.
I wouldn't recommend stateless autoconfiguration, given that in that scenario, it becomes impossible to remember the IP address. Not everybody is comfortable w/ tossing it there and forgetting about it - particularly applications where people need to manually enter it.
That entire block is unemployed
Legalize the constitution. Think for yourself question authority.
This must be worth more than the Bank of Scotland. Lets sell it quick. The Government is actually much more likely to hold on to it until everyone is on IPv6 and it becomes worthless.
Problem is that if you were to add even 1 bit to IPv4, you'd have to change all networking equipment in the world. Why? B'cos the IP header is the first thing equipment looks @, and then works from there. The moment the length of the source and destination addresses are chnaged, compatibility is lost, and everything in the world needs to be re-worked. Same would have to happen every few years, & @ tremendous cost. Yet, there is no way to solve this problem w/o expanding the source and destination addresses in the protocol, whether you make it 33 bits or 36 or 40 or 64 or 128.
Therefore, what the IETF did seems like overkill, but actually, they thought long term and came up w/ a solution whereby one wouldn't need to change IP equipment for the foreseeable future. So since they were going to have do do sweeping changes anyway, they also learnt from all the past shortcomings that were there in IPv4, and did what they could to resolve that in IPv6. Some concepts have not been well explained, while some were pretty fluid, like deprecating site-local to site unique or IPv4 compatible addresses. But aside from that, the improvements are such that they solve a whole slew of problems that were just taken for granted in IPv4.
Only thing - due to the fluidity of the standard, companies have been slow to manufacture IPv6 specific equipment, thereby slowing the rate of adaption. This is a genuine problem.
Because last time I tried to make an IPv6 internal network, I had to go to the old style of "write every machine in the dchp.conf file so I can get an IP address, then add each name to the named.conf so I can get them by name".
Blocking a prefix, and thereby a whole host of IP addresses is easy. Targeting a specific IP address out of 18,446,744,073,709,551,616 is hard if they are static, and impossible if they are dynamic. In fact, blocking works better in IPv6 than it does in IPv4.
If I plug my laptop into the internal network or the wireless internet access point (a DMZ), it gets the same name and the same lookup under IPv4 and DNSUpdate but internally it gets access to more things than externally. But none of my scripts or configurations have to change or include both mappings.
Manually assigning IP addresses is why DNS was invented, ferchrissakes. BECAUSE IT'S A CRAP WAY OF DOING IT.
But the price of progress is to go back to this cro-magnon method?
David Cameron does not know the word give. Buy and sell, yes; give, no.
... Now that grub2 is finally finished, let us dump that pile of bloated crap (a config generation tool is a great idea) and start grub3.
So we finally get an awesome bootloader with the features of grub2 minus all the bloat, while maintaining an user-editable config file and also has the new "features" that M$ came up in the meantime.
Well one could see this the same with ipv4 (grub1) and ipv6 (grub2)...
I don't want somebody knowing who I'm looking up so I downloaded the entire DNS and dumped it into my /etc/hosts file. I feel so safe now....
With exception to users of massive networks that have justification for their Class A and Bs, we need to recind ownership of unsued class A and Bs, or in case of partial use, let them keep using what they have already.
We need to split partially used Class As (0-126) into Class Bs and Cs into unused class Bs and Cs for redistribution.
Since the advent of subnets, classful routing is unneccary and outdated.
Cue some communist jokes now.
"The Slashdot user known as bbn has a /48 block of IPv6 addresses that is unused. An e-petition was created ..."
I'm sorry if I haven't offended anyone
Because I'm ENTITLED to those IPs.
You don't think that you, as a consumer and taxpayer, will just end up paying that 1Bn quid? Companies never pay for anything - their customers do. If the government raises revenue on them, it'll just get past right back to you.
UK Government Owns 16.9 Million Unused IPv4 Addresses
These are actually in use - they're for the IBM "Big Nanny" processors that are installed in the heads of 1/4 of the UK population. ;)
I call dibs on B16B:00B5!
"Unless you are running Windows 8 which will helpfully rewrite your hosts file for you when you are done." - by Anonymous Coward on Tuesday September 18, @07:08AM (#41372757)
The problem was in MS Security Essentials/Windows Defender - add hosts in its exclusion lists, no more problem!
* I've been using MS Security Essentials since it was introduced, & I've also been using this "workaround" since then... no hassles, & easy to do!
(Lastly/Additionally - I wonder who the FOOL is that modded you up to "INFORMATIVE", when you're giving out shitty MISINFORMATION?)
APK
P.S.=> Per the above - You MAY want to read this:
http://www.ghacks.net/2012/08/19/you-cant-block-facebook-using-windows-8s-hosts-file/
PERTINENT QUOTE/EXCERPT:
---
"Update: Tom just pointed out that turning off Windows Defender, which basically is Microsoft Security Essentials, in Windows 8 will resolve the issue. It appears that the program has been designed to protect some hosts from being added to the Windows hosts file. To turn off Windows Defender press the Windows key, type Windows Defender and hit enter. This launches the program. Switch to Settings here and select Administrator on the left. Locate Turn on Windows Defender and uncheck the preference and click save changes afterwards."
(They're INCORRECT also - you don't *have* to "turn it off" - you can just do what I stated above... & of course, there's ALWAYS alternate antivirus/antispyware too!)
---
... apk
If it's a completely private network, couldn't they release the public block and use a private block (like 10.*)?
The point of *unique* addresses is to allow global routing. But if you never intend to do global routing of traffic to/from endpoints in the private network, well, isn't that what the private network blocks are for - non-globally unique, but locally unique, use?
How to access & use the exclusion/exception list in MS Sec. Essentials:
(In regards to my initial post -> http://yro.slashdot.org/comments.pl?sid=3124419&cid=41373887 I am replying to now, to supplement it with accurate information)
PERTINENT QUOTE/EXCERPT:
---
"You can also access the Exception and Exclusion list under this tab which is a rather odd place to put it. It should have been only under the Settings tab because that is the first place where I (or everyone else) would look."
---
FROM -> http://www.lostintechnology.com/windows/microsoft-security-essentials-review/
(The HISTORY tab, which allows Quarantining, Deleting, or ALLOWING various processes or files to exist IS THE TICKET here... I also agree with the author that THIS should have been under the "SETTINGS" tab, but that's what you get when you have interface designers who built "METRO" for Windows 8 too... senseless design! Though I dislike putting MS down, they too, have issues @ times... Windows 8? Will be an "issue" for them on PC's, mark my words...)
APK
P.S.=> Thus? "Here endeth the lesson..."
... apk
Well, I'm surprised that someone only "discovered" this 4 days ago.
With this being a /8, I'd have thought it was quite well known before last Friday. In fact, I'm sure people have been well aware of it for quite a while now!
Why not ask HP to give up one of its 2 (!) Class-A subnets?
Only problem - the same reason legacy users are not switching to IPv4 - is that once you try to get them to break up their /8 into smaller subnets which then get shared w/ others, the simple configuration that they may have had for years might be gone. For instance, some of them may have had networking equipment that only recognized Classful addressing, and had no concept of CIDR or subnetting. The moment you try to force them to switch, it involves a considerable amount of investment & work, in which case, they might as well go all the way to IPv6.
Actually, coming to think of it - some of the early recipients of these blocks include computer companies who would definitely have upgraded their networking equipment several times over the years. Some of them include IBM (9.x.x.x), Apple (17.x.x.x), HP (HP 15.x.x.x & DEC 16.x.x.x). Some of these companies have been very early in supporting IPv6 e.g. IBM in AIX, while Apple automatically supports it as a result of its FBSD underpinnings. So can't they switch to dual stack and only use IPv4 for external facing services that actually require it, such as web servers? Such a move won't alleviate things much, though, so in the end, it's fine just letting these IPv4 addresses vanish, and forcing the move to IPv6.
Hackney borough council in London has one too.
I suspect that much like the US military, the UK reserves blocks from the global address space, uses them on a classified network and are obviously NOT advertised on the unclassified internet. This is probably one of those blocks. You also won't see the 22.x.x.x/8 out there.
That works very well until you try to connect a new department up, and discover they also used 10.* for their network.
Shotguns for all. The best defence against idiots milling about outside your gates wanting you to share your intellectual property.
SCO has two A class blocks. Petition them.
"To better watch you, my Dearie."
The mind conceives, the body achieves, the spirit manifests.
Given that it's a Tory government shouldn't they sell shares in them?
Somebody should make a list of all words of 4 letters of 4 letters or less, made up of A, B, C, D, E, F, G (6), I (1), O(0), S (5) and Z (2). Publish a dictionary of just those words. They can be used in composing IPv6 addresses that are easy to remember. And to make it simple, only English words for this exercise :-)
When analyzing it, just segregate the 56 from the 64th bit. In other words, you have the potential of having 256 separate subnets (e.g. wireless router SSIDs) on you network from that one provider. For most home users, even a /60 is enough, if they need to segregate their networks. So you still have 'just' 2*64 addresses for your home LAN, but you also now have a choice of prefixes, if you were worrying like some other posters above about your prefix being fixed and identifying you
If the UK Gov releases these, that should keep IPv4 going a few more days.
Just get the government to sell off at a profit their 15 million addresses leaving them with 1 million (really, come on, that should be enough!)
This would also make them some money to balance off the overspending in the past on technology....
Understood, but autoconfiguration is IMO less important than ensuring that there ain't too many wasted addresses. I do hope that when we get to 3000:/4, they change it from 48:16:64 to 64:16:48 or 64:32:32. The former would still be good for autoconfigured addresses, while the latter woud be good for hierarchical subnetting
Both were there. Just the ::x.x.x.x was there - that was something called IPv4-compatible addresses, and then ::ffff:x.x.x.x, which was IPv4-mapped addresses. The first standard includes the equivalents to the current network address 0.0.0.0 (which is :: in IPv6) and the loopback address 127.0.0.1 (which is ::1 in IPv6). But the IPv4 compatible addresses have been deprecated, as other mechanisms for IPv6-IPv4 communications, such as tunnelling, dual-stack lite, and Teredo/Miredo had been developed. IPv4-mapped addresses are still in the standard, but their implementation varies, and therefore, their use is not encouraged.
From documented sources you couldn't disprove http://linux.slashdot.org/comments.pl?sid=3110069&cid=41346029 which you ran from, troll.