UK Government Owns 16.9 Million Unused IPv4 Addresses 399
hypnosec writes "The Department of Work and Pensions in the UK has a /8 block of IPv4 addresses that is unused. An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region. John Graham-Cumming, the person who first discovered the unused block, discovered that these 16.9 million IP addresses were unused after checking in the ASN database."
Re:Who cares (Score:5, Informative)
Dude, it's time to learn how to set up DNS. Honest, it's not that hard. Your DHCP server can automatically update the DNS for you. Try it—you'll like it!
Re:Who cares (Score:5, Informative)
I won't even get into how IPv6 makes it much easier to track you.
Because that's nonsense? (Almost) Everybody implements the privacy extensions [wikipedia.org], so your world-visible address is random and changes every 10-ish minutes.
Re:Sell the Addresses? Don't Give Them Ideas (Score:2, Informative)
RIPE's terms and conditions prohibit selling IP addresses. RIPE actually has the power to take them back if they're unused and they're needed - and they are needed, RIPE just allocated its last block!
In this instance, I shall be voting for RIPE to do just that.
Some of that 51.0.0.0/8 actually is in use (Score:5, Informative)
Local government network admin here. Parts of the 51.0.0.0/8 address space is in our internal routing table, because it's used for shared private networks between different government organisations. Just because it's not in the public Internet routing table doesn't mean it's not used.
Granted perhaps not the whole /8 is in use (I only see 3 x /16s out of a possible 256 in my routing table at present), but who's to say other sectors which I don't have network connectivity to aren't using it.
We're actually pushing for and slowly enabling IPv6 internally on our core and servers where we can, rather than delay the inevitable. This is despite our organisation ourselves owning a whole public /16 block, yet have maybe only 10-15k addressable nodes max across all our networks we control at present. It will take us much much longer to re-IP/re-subnet the entire network more efficiently so some of that space can be returned to RIPE, than for it to be reallocated and used up after returning, due to old systems and old proprietary software in use. Not to mention the resources required to do such a massive task.
Personally I think the people asking for addresses to be returned by any organisation (supposedly) not using them (including all the other apparently wasted /8 allocations out there) are not looking long term enough. IPv6 is the way to go.
Re:Who cares (Score:5, Informative)
When IPV6 is what we have to work with, we will be swarmed by those bastard botnets with no way to block that many IP addresses that will be used to attack.
You'll probably want to just block the prefix rather than the address, which is just as easy under v6. In fact, having sparsely populated address space is good for security since it makes blindly scanning addresses much less effective for the malware.
ith it either.
Imo the botnet criminals have been trying to force the use of IPV6 by getting all new ranges of IPV4 allocated as soon as possible.
Huh? Botnets run on existing machines (frequently home PCs), how does that have anything to do with IPv4 exhaustion?
Rather than IPV6 globally and IPV4 internally, I think IPV6 should be what the countries that attack us, who just happen to have very large populations, can use for themselves.
Why do you want to penalise the "good countries" by forcing them to stay on an obsolete protocol? (that said, a good number of attacks against my servers come from the US)
Not publicly routed doesn't mean unused (Score:5, Informative)
Just because this block is not public does not mean it is unused.
The UK Government has a huge darknet [wikipedia.org].
Re:DHCP6 preferable to autoconf (Score:5, Informative)
What's wrong with manually assigning IPv6 addresses? That works just the same as it did with IPv4:
iface eth0 inet6 static
address 2001:6a0:114::9
netmask 64
gateway 2001:6a0:114::1
iface eth0 inet static
address 192.168.0.9
netmask 255.255.255.0
gateway 192.168.0.1
You just get a much bigger range to choose from, which you may use or not.
Re:Who cares (Score:5, Informative)
IPv6-addresses can actually be much easier to remember than IPv4. Why? Because there is a system to it.
Here in the RIPE region there is only three possible prefixes for any address: 2001::, 2003:: and 2a0x::
In practice you are only working with one or a few ISPs. This means the first two blocks are always going to be the same. My ISP has 2001:1448::.
We got a /48. We happens to be number 201. So our addresses are all starting with 2001:1448:201::.
Everything from that point on is something I decided. If I want easy to remember addresses I would choose easy to remember addresses. My primary server could be 2001:1448:201::1. I would remember it as the ::1 server.
It is true that if you let your hosts autoconfigure to a random interface identifier that will be impossible to remember. But there is nothing stopping you from using manually configuration or DHCPv6 to number your hosts in a human friendly manner.
Re:Who cares (Score:2, Informative)
Unless you are running Windows 8 which will helpfully rewrite your hosts file for you when you are done.
Re:Who cares (Score:5, Informative)
Calculating masks in your head will still be a more difficult task
Why would you do this, unless you work for a large ISP?
With IPv6, everyone uses /64 for each broadcast domain, cutting the address exactly in 1/2. It is easy.
Devices that need statics are DNS servers and routers, and neither should be changed fequently. Also, you're likely to use simple addresses for them, so it will be:
NetworkPrefix::1, Network::2, Network::3, etc.
For me, I have 2601:d:881:b::1 for a default gateway, and 2601:d:881:b::101 for my DNS server #1, and 2601:d:881:b::102 for DNS server #2.
That isn't hard to remember, and it isn't hard to type. What exactly is the problem?