Through some weird happenings I've recently got access to an /22 and its ASN. Now I'm looking for some fun things to do with it, things which are only possible with such a "large" number of IPs. Any suggestions?
Realistically, you should sell it while it's valuable. Take a look at IPv6 adoption. I know, I know, "IPv6 will never be here blah blah blah", so the naysayers say, but look at what Google is getting now, for instance:
We're counting down the years before IPv6 will become the major protocol, after which, IPv4 addresses will slowly start to loose value.
"But it's only FAANG, noone else has IPv6!"
Just not the case anymore. But even if, most people don't care about anything else anyway.
I have a friend who helps to operate a university dorm network. Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).
Anyway, that's still at least a few years away though, you can have some fun with it for now :)
> Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).
The fact that the "sad part" is that the student only uses big tech websites and not that this netop was able to do something like this with no alerting or guardrails says a lot about HN's culture these days.
In general I wonder what kind of alerting these dorm ISPs run. Do they ever do reachability tests for devices on their network?
Some university networks are run tightly, others are rather loose when it comes to security, monitoring and debugging network cables that are syncing up at lower speeds. Really depends on who is staffing the IT team...
Many older universities give you a public IPv4 address with no NAT when you plug into a network port.
OP, one neat thing you should try is broadcasting a /25 through /29 and seeing which ISPs this is routable from (eg: Lumen (aka Centurylink/Quantum), Verizon, T-Mobile, AT&T, Comcast, etc). There are a number of blocks smaller than /24's being broadcast, and it would be quite interesting to see which ISPs are willing to route traffic to smaller blocks.
There's a management system that assigns IPs automatically, written in-house in the late 2000s, but yes, anything there can be manually overridden. He was probably diagnosing something earlier and forgot to clean up. Meanwhile, new students moved in I guess.
Missing IPv4 addresses are not reported as some systems are left IPv6-only intentionally. It's a dorm network, but it's sort-of a research project at the same time. It is also run by students themselves (there's a "student's union") and the school does not pay or maintain the dorm's infrastructure.
I know alerting is done for some things, but not for the individual student's machine. This is different for every dorm, but in this case, a wired symmetrical gigabit connection is provided to every member student, public IPv4 and IPv6 included. The only restriction is to not download torrents, besides that, pretty much anything can be arranged, including opening port 25, routing additional IPv6 prefixes, hosting...
It's a very free environment is what I'm getting at.
Good question! It's spiking up on weekends, the reason for that is that corporate networks are not as incentivized as large public ISPs to adopt IPv6.
They have a lot more customers and are more directly affected by IPv4 exhaustion, especially the mobile providers.
People want to host Internet services from their homes. They don't have static IPs, and/or they don't want to open their home IP address directly to the public, for good reason.
You can setup some wireguard servers with static IPs. Then people can tunnel their services running at home through your servers. They avoid the cost of having to pay for cloud hosting, and you provide a shield so that they aren't exposed.
Obviously, the IP addresses on their own aren't enough to make this work. You're going to need some computing infrastructure. But you won't need lots of storage and compute. You'll mostly need bandwidth and networking equipment. The thing is, getting IP addresses is harder than getting hardware and bandwidth. You already did the hard part.
You know, at some point, in the interest of a free internet we should consider whether penalizing the mostly-benevolent-cogs along the way is the right way to go about it. It's not like someone operating that service is specifically consenting to every packet that flows through them so it shouldn't be treated in a court room as if they gave their explicit blessing for whatever malfeasance came to happen.
I don't accept the argument that by attempting to benefit the common good that one must be responsible for what happens or how that's used. Many items and actions of good will can be weaponized, in ways that the media finds odious like the things you mentioned, but nobody comes after the cell phone operators, the ISPs, they attack the weak link that cant afford representation in court - the solo and small operators. It's stupid and I'm surprised it fools the voter base in the current epoch.
My interpretation of what's been suggested is basically an ip you can port forward, as if you had a public ip.
For example, let's say you want to run a minecraft server for your friends from your home. You use this hypothetical service to get an ip you can use, and tunnel the needed ports in to your network (and ultimately, your minecraft server).
This couldn't be provided with a single ip, since at best that would limit you to selling off individual ports. The product becomes worthwhile if each customer has their own ip.
It is getting increasingly difficult for Tor exit operators to find ISPs that are willing to let the relays "poison" IP space. I know the torservers.net non-profit has a /22 that it manages and assigns to relay operators. If that's something you would like to support, the Tor community would surely appreciate it.
Aren't most of the Tor exit nodes widely thought to be run by government agencies? People thought that was true at a security firm I used to work at. I wouldn't be surprised if Tor was a honey pot designed to catch people doing nefarious things.
It's not. The entire purpose of Tor was for US spies overseas to be able to make anonymous secure communications. They opened it up to the rest of the world, because if the only people using Tor are US spies, it's pretty easy to tell what someone's using it for.
Governments also run a lot of relays and exit nodes for a similar reason. Not to make it easier for themselves to identify traffic. For no one actor to have a majority of nodes, which would make it a lot easier to identify traffic.
> I wouldn't be surprised if Tor was a honey pot designed to catch people doing nefarious things.
So far, the high profile busts involving Tor all involve some other weaker link in the chain, such as traffic analysis[0], a CI, a targeted sting operation. etc.
If this is the case and your hypothesis is true, then it appears to be unnecessary on their part, since all the folks they're prosecuting are those for whom other evidence is more readily available.
(Before someone replies with "parallel construction": the point of parallel construction is to use methods that are easy but illegal to obtain evidence that can be used to help find "legal" sources of evidence that would otherwise not be easy or feasible. That doesn't really apply here, where the illegal (or in this case, secretive) method is more work than the "official" method).
[0] e.g. that case a decade ago where a student called in a bomb threat using Tor, and the university was able to determine that exactly one person on campus was using Tor at that time - not by compromising Tor itself, but because Tor traffic is detectable by ISPs.
Assuming that was true - wouldn't it be much easier to simply remove their exit nodes, making Tor intolerably slow, let the users leave for alternatives like VPNs, and then just buy up some VPN providers through shell companies?
After all, with a VPN you get to see source and destination IPs, username, e-mail, payment information, and maybe they even download your connection tool and run it as root.
Even if that were true, how would it work practically? For anyone who might be interested in identifying or tracking you, how would they "use Tor" to look up your identity? Over 200 countries, across all government agencies, and then including non-governmental actors? Maybe a Tor user isn't trying to protect from "the NSA" (or whoever you think is "running the Tor network")?
And, again assuming this is true, how would any other technology protect you better?
Especially people working at "a security firm" should know that security is not black and white, but has many dimensions to it.
And then, here we are talking about diversifying relay operations, so even if you believe the rest of the network to be totally compromised, it would still add some net benefit, no?
Others have already presented good reasons that's unlikely, but either way - and especially if that is the case, then all the more reason to add non government exit nodes.
I run a largeish Tor relay family on rented servers and have thought about running exits on my own "ISP" for quite some time. I already have an ASN and IPv6 addresses but Tor needs v4 and those are prohibitively expensive to buy and leasing is not possible because of the blacklist problematic. My email is in my profile if that is something you want to support and could spare a /24 of your assignment.
Depends on what you plan to do with it long term I think. If you have no plans to make it commercially viable, then I agree with the other poster who recommends using it as blocks friendly for ToR exit node operators and/or similar style services (e.g. public nitter instance). You could delegate /24's as-needed for individual sites. Exit node operators tend to be technically clueful, so they will understand what will need to be done to make this work.
However, that will likely put that /22 on quite a number of blacklists out there for an indefinite period of time.
Other than honeypot stuff or more grey area things like botting/scanning having a zillion IPs really isn't super interesting unless you have customers for them, in my opinion.
If I were in your position I'd simply lease them out until I have a real use-case for the block. This can also carry reputational risks of course as well. IPXO is a market I've used in the past to accomplish this, although others do exist.
I do think having a block of IPv4 and an ASN is definitely a nice strategic asset to keep around if at all financially viable to do so. The cost of ARIN/RIPE registration isn't crazy, but is more than an individual would typically want to carry. Leasing out your unused strategic asset to at least pay for itself until you might need it seems prudent to me.
Had a similar situation with a /16 at a research institution. Deployed non-interactive, multi-service sinkhole type honeypots across the entire /16 and collected a massive cache of data. A lot of fun developing something that could scale on that size of network. We used Go for the honeypots and Clickhouse to analyze the TBs of data.
I'm a former neteng and I'm having a really difficult time coming up with anything that is remotely interesting. I'm not going near running a Tor exit node.
With proxies and NAT I really can't think of a single thing I care about doing with tons of ips.. I feel uncreative here.
You could get into some form of webhosting but not everyone needs a public IP since apache/nginx proxy everything for wordpress and you'd just do hostname routing.
Selling the space either entirely or per block/IPs might be interesting since the price of IPs has gone way up.
A lot of people here are assuming ownership but your post says "access". Can you clarify if this is a /22 you have rights to manage through something like an employer or a /22 you have full personal ownership of?
Readit News
https://www.google.com/intl/en/ipv6/statistics.html
We're counting down the years before IPv6 will become the major protocol, after which, IPv4 addresses will slowly start to loose value.
"But it's only FAANG, noone else has IPv6!" Just not the case anymore. But even if, most people don't care about anything else anyway. I have a friend who helps to operate a university dorm network. Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).
Anyway, that's still at least a few years away though, you can have some fun with it for now :)
The fact that the "sad part" is that the student only uses big tech websites and not that this netop was able to do something like this with no alerting or guardrails says a lot about HN's culture these days.
In general I wonder what kind of alerting these dorm ISPs run. Do they ever do reachability tests for devices on their network?
Many older universities give you a public IPv4 address with no NAT when you plug into a network port.
OP, one neat thing you should try is broadcasting a /25 through /29 and seeing which ISPs this is routable from (eg: Lumen (aka Centurylink/Quantum), Verizon, T-Mobile, AT&T, Comcast, etc). There are a number of blocks smaller than /24's being broadcast, and it would be quite interesting to see which ISPs are willing to route traffic to smaller blocks.
Missing IPv4 addresses are not reported as some systems are left IPv6-only intentionally. It's a dorm network, but it's sort-of a research project at the same time. It is also run by students themselves (there's a "student's union") and the school does not pay or maintain the dorm's infrastructure.
I know alerting is done for some things, but not for the individual student's machine. This is different for every dorm, but in this case, a wired symmetrical gigabit connection is provided to every member student, public IPv4 and IPv6 included. The only restriction is to not download torrents, besides that, pretty much anything can be arranged, including opening port 25, routing additional IPv6 prefixes, hosting...
It's a very free environment is what I'm getting at.
Are the spikes in IP6 usage driven by work, home or mobile?
[1] https://files.littlebird.com.au/Shared-Image-2024-01-13-12-0...
tragic :sob:
People want to host Internet services from their homes. They don't have static IPs, and/or they don't want to open their home IP address directly to the public, for good reason.
You can setup some wireguard servers with static IPs. Then people can tunnel their services running at home through your servers. They avoid the cost of having to pay for cloud hosting, and you provide a shield so that they aren't exposed.
Obviously, the IP addresses on their own aren't enough to make this work. You're going to need some computing infrastructure. But you won't need lots of storage and compute. You'll mostly need bandwidth and networking equipment. The thing is, getting IP addresses is harder than getting hardware and bandwidth. You already did the hard part.
I don't accept the argument that by attempting to benefit the common good that one must be responsible for what happens or how that's used. Many items and actions of good will can be weaponized, in ways that the media finds odious like the things you mentioned, but nobody comes after the cell phone operators, the ISPs, they attack the weak link that cant afford representation in court - the solo and small operators. It's stupid and I'm surprised it fools the voter base in the current epoch.
Like, just look at Playit.gg, they have issues with both ip blacklists and domain blacklists (+ safe browsing warnings)
T-Mobile is a big one that apparently blocks their ip ranges.
My interpretation of what's been suggested is basically an ip you can port forward, as if you had a public ip.
For example, let's say you want to run a minecraft server for your friends from your home. You use this hypothetical service to get an ip you can use, and tunnel the needed ports in to your network (and ultimately, your minecraft server).
This couldn't be provided with a single ip, since at best that would limit you to selling off individual ports. The product becomes worthwhile if each customer has their own ip.
Governments also run a lot of relays and exit nodes for a similar reason. Not to make it easier for themselves to identify traffic. For no one actor to have a majority of nodes, which would make it a lot easier to identify traffic.
So far, the high profile busts involving Tor all involve some other weaker link in the chain, such as traffic analysis[0], a CI, a targeted sting operation. etc.
If this is the case and your hypothesis is true, then it appears to be unnecessary on their part, since all the folks they're prosecuting are those for whom other evidence is more readily available.
(Before someone replies with "parallel construction": the point of parallel construction is to use methods that are easy but illegal to obtain evidence that can be used to help find "legal" sources of evidence that would otherwise not be easy or feasible. That doesn't really apply here, where the illegal (or in this case, secretive) method is more work than the "official" method).
[0] e.g. that case a decade ago where a student called in a bomb threat using Tor, and the university was able to determine that exactly one person on campus was using Tor at that time - not by compromising Tor itself, but because Tor traffic is detectable by ISPs.
After all, with a VPN you get to see source and destination IPs, username, e-mail, payment information, and maybe they even download your connection tool and run it as root.
And, again assuming this is true, how would any other technology protect you better?
Especially people working at "a security firm" should know that security is not black and white, but has many dimensions to it.
And then, here we are talking about diversifying relay operations, so even if you believe the rest of the network to be totally compromised, it would still add some net benefit, no?
https://en.wikipedia.org/wiki/Tor_(network)
However, that will likely put that /22 on quite a number of blacklists out there for an indefinite period of time.
Other than honeypot stuff or more grey area things like botting/scanning having a zillion IPs really isn't super interesting unless you have customers for them, in my opinion.
If I were in your position I'd simply lease them out until I have a real use-case for the block. This can also carry reputational risks of course as well. IPXO is a market I've used in the past to accomplish this, although others do exist.
I do think having a block of IPv4 and an ASN is definitely a nice strategic asset to keep around if at all financially viable to do so. The cost of ARIN/RIPE registration isn't crazy, but is more than an individual would typically want to carry. Leasing out your unused strategic asset to at least pay for itself until you might need it seems prudent to me.
FYI it is spelled Tor, not ToR and not TOR.
With proxies and NAT I really can't think of a single thing I care about doing with tons of ips.. I feel uncreative here.
You could get into some form of webhosting but not everyone needs a public IP since apache/nginx proxy everything for wordpress and you'd just do hostname routing.
Selling the space either entirely or per block/IPs might be interesting since the price of IPs has gone way up.