Millions of Internet Addresses Are Lying Idle

An anonymous reader writes "The most comprehensive scan of the entire internet for several decades shows that millions of allocated addresses simply aren't being used. Professor John Heidemann from the University of Southern California (USC) used ICMP and TCP to scan the internet. Even though the last IPv4 addresses will be handed out in a couple of years, his survey reveals that many of the addresses allocated to big companies and institutions are lying idle. Heidemann says: 'People are very concerned that the IPv4 address space is very close to being exhausted. Our data suggests that maybe there are better things we should be doing in managing the IPv4 address space.' So, is it time to reclaim those unused addresses before the IPv6 crunch?"

Many addr's may be behind firewalls...

[Anonymous Coward]

We get this all the time from our ISP's. "Our scans reveal that you're not using much of the space we've allocated to you." In reality, those IP's are behind firewalls that only permit certain customers to reach them. Otherwise they don't respond - even to pings. The IP's appear dead to everyone except authorized users, and our ISP's aren't authorized.

His research is invalid!!

[Anonymous Coward]

I have 2 class C ranges, and if he scanned mine he would have only got a handful of ICMP replys. I intentionally block ICMP on the majority of my IP's because it's nobody's business if I have anything on it.
I'm willing to bet that I'm not the only one blocking ICMP! Not by a LONG SHOT!

Re:Give back class As

[Anonymous Coward]

Yup, I work for one of them, GE - the entire "3.x" class-A network, 16million addresses - most of our internal network is those 3.x addresses, behind firewalls so basically useless - and even better, I pinged a few external GE sites I know of, and none of them even use 3.x addresses!!

maybe 500K employee's & contractors, even add 500K more for servers and unallocated IP's in the ranges, that's still 15*million* unused. Besides which, we could easily run on 10.x internal networking and NAT/Proxy to outside.

Don't be in a hurry to get them back though... its not a priority! (haha)

MIT is 18.*.*.*

[Dogun]

Last I checked, MIT had all of 18.*.*.*...

Wrong! Lying is the correct form.

[DigitalReverend]

http://www.grammarmudge.cityslide.com/articles/article/992333/8992.htm [cityslide.com]

http://www.askoxford.com/betterwriting/classicerrors/grammartips/lyingandlaying [askoxford.com]

If you are in the process of putting something down, you are laying it down, but that object once it is there, it is lying. The verb lay has a direct object that the action is performed on. He is laying the book credenza. She is laying her purse on the counter. Once it has been laid, it is now lying. The book is lying on the credenza. The purse is lying on the counter. IP addresses are lying unused.

http://en.wikipedia.org/wiki/Laying [wikipedia.org]

Re:Why is anyone surprised?

[Finallyjoined!!!]

Quite right, there's no reason whatsoever why 98% of users shouldn't be behind NAT gateways. I've seen stupid situations where bloody printers are assigned a public IP - so people can print to them over the internet - Whaaat??? Furthermore pretty much all VPN client software (excluding Microsoft shite, of course) is NAT-T aware.

One other point, not related to the above, TFA states they are using icmp to determine if a host is alive. Really? What is the margin for error here? Pretty much every device I configure with a public IP & connected to the net, will not respond to icmp (except from designated hosts/host blocks) Guess we can take their figures with a pinch of salt then.

Need a Class C to do BGP

[WisePug]

I just setup redundant internet connectivity, and needed to get a class C address space, even though I only use a dozen or so addresses. I guess this is to limit the size of routing tables. Seems like a waste.

Interactive map

[citking]

There is an interactive map on their site [isi.edu] that allows you to zoom into the IP space pretty nicely. Our uni has a B range of addresses and we use only two Cs of that right now. When we split off from the main building and got onto city fiber, they decided that, rather than give us a private IP range like the other campuses, we would be allocated one of the C ranges.

Of course, no one knew what they were doing so getting the ASA and default routes set-up properly was a nightmare, but hey, we're using more of our IP space now! (sarcasm intended)

Re:TCP and ICMP

[Anonymous Coward]

Do you realize that dropping all ICMP breaks PMTUD among other things?
Don't block all ICMP just block the ICMP you don't want.

Re:TCP and ICMP

[Anonymous Coward]

I drop ICMP entirely

Then you're an idiot [freelabs.com] who has no business managing a firewall.

Re:screw ipv4

[Anonymous Coward]

Indeed.

So why isn't IPv6 widely adopted yet?

Because

1> IPv4 still works fine AND
2> It costs money to implement IPv6 AND
3> Implementation cost of IPv6 is more likely to drop than to raise over time.

The implementation cost is most likely to drop, hardware prices have nothing but dropped ever since there was hardware for sale. Another couple of years from now the price of those routers will probably be cut in half again.

So there's nothing strange going on, it's just business as usual. If someone somehow finds more IPv4 address space to use they'll probably claim they've saved the entire internet from collapsing but in my opinion it'll just postpone the switch to IPv6 and save everybody a couple of bucks.

just a few examples

[marvinglenn]

See http://www.iana.org/assignments/ipv4-address-space/ [iana.org]

019/8 Ford Motor Company 1995-05 LEGACY
marvin@tribble:~$ host www.ford.com
www.ford.com is an alias for
www.ford.com.edgesuite.net.
www.ford.com.edgesuite.net is an alias for a1200.g.akamai.net.
a1200.g.akamai.net has address 96.17.109.74
a1200.g.akamai.net has address 96.17.109.18

013/8 Xerox Corporation 1991-09 LEGACY
marvin@tribble:~$ host www.xerox.com
www.xerox.com is an alias for www.xerox.com.edgekey.net.
www.xerox.com.edgekey.net is an alias for
e82.c.akamaiedge.net.
e82.c.akamaiedge.net has address 72.246.128.108

009/8 IBM 1992-08 LEGACY
marvin@tribble:~$ host www.ibm.com
www.ibm.com is an alias for www.ibm.com.cs186.net.
www.ibm.com.cs186.net has address 129.42.58.216

003/8 General Electric Company 1994-05 LEGACY
marvin@tribble:~$ host www.ge.com
www.ge.com has address 192.131.227.156

048/8 Prudential Securities Inc. 1995-05 LEGACY
marvin@tribble:~$ host www.prudential.com
www.prudential.com is an alias for web.prudential.com.
web.prudential.com has address 12.34.100.148

Apple (17) and HP (15) have their public website within their allocation. Eli Lil(l)y (40) appears also has their public website within their allocation, but I have a hard time believing that they could ever need that many public IP addresses.

So there... I just found an extra quarter million addresses. (5 x 2^16) Y'all can pay me by giving me my own /24.

Re:Give back class As

[Bill Barth]

Isn't this what DHCP is for? I'm a little surprised you have 25k boxes come in via a merger with static addresses.

My experience with RIPE

[Richard W.M. Jones]

This story rings true. I worked for a company during the dot-com boom and just after which requested an allocation from RIPE [ripe.net] (the European equivalent of ARIN). I was the designated & trained "LIR" (I think that was the term?).

We received 8,192 IP addresses. We actually had them authorized to us in blocks of 256 addresses, and each time we needed another 256 we had to go back to RIPE and justify the expansion. However it is my understanding that the full 8,192 addresses were reserved for us.

We ended up using 3 x 256 addresses, but after a later downturn in the fortunes of the company, even many of those went unused.

I left the company many many years ago. However I notice the company that acquired it is still using those 3 x 256 addresses, and the original 8,192 are still reserved at RIPE. The IP addresses are even registered to the name of a director who was ousted when the company was taken over, at a street address that the company hasn't occupied for many years.

Rich.

Re:Pedantic Correction for the Headline

[NeverVotedBush]

It's best, however, when you are laying someone else -- as in "I'm laying your girlfriend." "I got laid by your wife."

Re:screw ipv4

[Chris Pimlott]

If you're like most of us, all your devices at home are living behind NAT. There's no reason they can't keep living in an ipv4 private network behind an ipv6 router.

Re:Why is anyone surprised?

[bendodge]

NAT is a hack, not a firewall.

Re:NAT is a hack.

[entrigant]

You might want to sit down for this...

NAT is not a firewall.

Try this:

iptables -P INPUT Drop

Suddenly you have the same false sense of safety using a public IP.

This is a peer review paper.

[kilocomp]

Yes I am sure the researchers have no idea what a firewall is. And everyone is a network admin with their home routers...

Of course these researches used logic to determine when a firewall is in place. One possible way would be to look at a subnet as a whole, if neighboring IPs are responding you can make a reasonable guess that other IPs should respond if binded to another node. This is a sampling of 4 billion, so no, individual circumstances where this doesn't hold up won't make a difference.

Wait for the actual paper to come out during the conference. If your research with your home router shows this is an incorrect paper, you can call them out. After all this is what peer review is all about.

Re:screw ipv4

[omgitsthr33]

DD-WRT has been working on the implementation of IPv6 within their firmware. http://www.dd-wrt.com/wiki/index.php/IPv6 [dd-wrt.com]

Re:screw ipv4

[NatasRevol]

You forgot the real reason.

IPv6 numbers are damn hard to remember.

Seriously, what's easier?

192.168.0.1 or
2001:0db8:85a3:0000:0000:8a2e:0370:7334

Re:screw ipv4

[Sancho]

Some perspective:
Right now, there are over 6 billion people on Earth. IPv4 has a theoretical maximum of 2^32 (4.3 billion) IP addresses. IPv6 has a theoretical maximum of 2^128 IP addresses, which works out to more than 2^90 addresses per person currently on the planet. Yeah. Each person could have a whole bunch of IPv4-sized address spaces. A bunch of a bunch. Our planet probably isn't capable of holding so many people that each person would only get 2^32 addresses (size of the IPv4 address space.)

I'd bet a couple of bucks that the human race will never ever need anything more than IPv6.

Re:screw ipv4

[BitZtream]

Its already well defined, there is no need for anyone to 'agree' on it, it was agreed on years ago.

You are confusing NAT and PAT. I seriously doubt you use NAT anywhere. You are likely refering to PAT, NAT just translates addresses from one to another, a one to one mapping, one address external is used by one address internal. What you are used to using is PAT, with is Port and Address translation, which allows for one external address and many internal addresses.

NATing between IPv6 and IPv4 is well defined and not difficult to do, there are already plenty of cheapy boxes for home use that do it. Hell mine will even setup an IPv6 Tunnel to someplace like he.net.

PAT on the other hand is something no one cares about because the ridiculous amount of IPv6 addresses means we can just give EVERYONE a /64 and they can use REAL NAT rather than PAT to get the job done.

Finally, part of the IPv6 protocol requires support for making IPv4 address space available over IPv6. Practically any router on the planet which supports both IPv4 and IPv6 will have the support to deal with both and bridge between them.

So your statement is incorrect in that NAT is supported by pretty much every router that supports IPv6, what you are thinking of is not NAT, its PAT which no one in the IPv6 world cares about since its an old hack that doesn't need to exist in the new world of IPv6. Because of that, no routers are going to bother supporting it.

For reference, since the defacto standard at the moment appears to be giving individual users a /64 block, From: http://en.linuxreviews.org/Why_you_want_IPv6 [linuxreviews.org]

Number of IP Addresses in a IPv6 /64 prefix, the typical space a home user gets: 18,446,744,073,709,551,616

IPv6 gives citizens the opportunity to become real Internet participants. IPv4 makes citizens into passive consumers who are only able to connect to compartmentalized networks run by companies or governments. This is why the establishment does not want IPv6.

There is a total of 2^128, or 340,282,366,920,938,463,463,374,607,431,768,211,456 unique IPv6 adresses. That's roughly 667 quadrillion addresses per square millimeter of the Earth's surface!

Basically, we can not possibly exhaust this address space on the planet earth, there simply isn't enough matter on the planet to do so, and adding the matter required to do so would result in a gravitaional singularity forming as the matter collapsed onto itself. So ... there is no actual NEED to do it with IPv6.

If you wanted to pick something to worry about, it would probably be the lack of stateful firewalling in those home/cheapie routers which the NATs of today effectively provide a outbound only initiation of connections, with IPv6 and the fact that cheapie routers aren't firewalling by default, we'll end up with a lot more machines fully exposed to the Internet by default.

Re:screw ipv4

[BitZtream]

You're missing the fact that an IPv6 /64 is what a home user gets, not the total address space. The IPv6 address space is 128 bits, meaning you get 2^64 blocks of 2^64 addresses.

Meaning every square millimeter of the earths surface can be assigned approximately 667 quadrillion unique addresses. With your math, I personally can assign every 0.29cm^2 of the Earth an address out of my block alone.
Please see:
http://en.linuxreviews.org/Why_you_want_IPv6 [linuxreviews.org]

Re:screw ipv4

[Cajal]

I'm not confusing NAT and PAT. There was a nice writeup at ars technica recently about the IETF's efforts to define a v6/v4 NAT - http://arstechnica.com/news.ars/post/20081006-ietf-working-on-making-ipv6-and-ipv4-talk-to-each-other.html [arstechnica.com]