Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Government The Internet Your Rights Online

UK Government Owns 16.9 Million Unused IPv4 Addresses 399

hypnosec writes "The Department of Work and Pensions in the UK has a /8 block of IPv4 addresses that is unused. An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region. John Graham-Cumming, the person who first discovered the unused block, discovered that these 16.9 million IP addresses were unused after checking in the ASN database."
This discussion has been archived. No new comments can be posted.

UK Government Owns 16.9 Million Unused IPv4 Addresses

Comments Filter:
  • Who cares (Score:5, Insightful)

    by Formalin ( 1945560 ) on Monday September 17, 2012 @11:05PM (#41371113)

    Just apply the real cure already... This is so ridiculous.

    • Re:Who cares (Score:5, Insightful)

      by GNUALMAFUERTE ( 697061 ) <almafuerte AT gmail DOT com> on Monday September 17, 2012 @11:12PM (#41371139)

      I know IPv6 is needed, and it'll be great having disposable addresses to throw at any device. I'll be certainly happy to get rid of NAT in many circumstances, but OTOH, IPv6 is going to suck. I have tens of IPs in my head, which I access daily by memory. IPv4 addresses are easy to remember, easy to pass over the phone, easy to type, and easy to operate (i.e, calculate things such as masks in your head, etc). IPv6 is going to make it way harder, and that's not taking into account he migration process ...

      • Re:Who cares (Score:5, Informative)

        by mellon ( 7048 ) on Monday September 17, 2012 @11:17PM (#41371157) Homepage

        Dude, it's time to learn how to set up DNS. Honest, it's not that hard. Your DHCP server can automatically update the DNS for you. Try it—you'll like it!

        • Re: (Score:3, Interesting)

          by Anonymous Coward

          I think you'll find that this complaint comes mainly from folks that do know how to set up DNS.

          The real difference isn't realizing that we have DNS, it's that with IPv6 and no more NAT, devices will do DNS and it won't be such an annoyance.

        • Comment removed (Score:5, Interesting)

          by account_deleted ( 4530225 ) on Monday September 17, 2012 @11:38PM (#41371241)
          Comment removed based on user account deletion
          • by wvmarle ( 1070040 ) on Tuesday September 18, 2012 @01:34AM (#41371745)

            that's the price of progress

            • by mjwx ( 966435 )

              that's the price of progress

              Why not make them human readable? Keep the hex numbers in the background but have a human readable translation for them in the foreground? IIRC, it's just the same 256 characters as IPv4 but there's 8 octets instead of 4. Obviously 255.255.255.255.255.255.255.255 is not ideal but I'm sure someone can come up with a better system.

              • Re:Who cares (Score:4, Interesting)

                by Anonymous Coward on Tuesday September 18, 2012 @06:47AM (#41372905)

                Like RFC 1751 (http://tools.ietf.org/html/rfc1751) for instance :)

                Although it does tend to come up with sequences that have some comedy smutty parts.

          • Custom hosts files will probably go far for this. Instead of keeping a txt file or something of your ipv6 ips. Throw them all in your hosts file.

          • Re:Who cares (Score:5, Informative)

            by bbn ( 172659 ) <baldur.norddahl@gmail.com> on Tuesday September 18, 2012 @04:55AM (#41372487)

            IPv6-addresses can actually be much easier to remember than IPv4. Why? Because there is a system to it.

            Here in the RIPE region there is only three possible prefixes for any address: 2001::, 2003:: and 2a0x::

            In practice you are only working with one or a few ISPs. This means the first two blocks are always going to be the same. My ISP has 2001:1448::.

            We got a /48. We happens to be number 201. So our addresses are all starting with 2001:1448:201::.

            Everything from that point on is something I decided. If I want easy to remember addresses I would choose easy to remember addresses. My primary server could be 2001:1448:201::1. I would remember it as the ::1 server.

            It is true that if you let your hosts autoconfigure to a random interface identifier that will be impossible to remember. But there is nothing stopping you from using manually configuration or DHCPv6 to number your hosts in a human friendly manner.

            • by upside ( 574799 ) on Tuesday September 18, 2012 @08:04AM (#41373333) Journal

              "The Slashdot user known as bbn has a /48 block of IPv6 addresses that is unused. An e-petition was created ..."

            • We got a /48. We happens to be number 201. So our addresses are all starting with 2001:1448:201::.

              When you've got a block that's bigger than the entire IPv4 Internet, you know you're cool.

              • Er this is completely standard. I've been on native IPv6 for two years now, on my standard residential $29.95/month DSL plan, and also have a block way bigger than the entire IPv4 internet. Though mine's only a /56 rather than a /48 (oh noes, only 4,722,366,482,869,645,213,696 globally-addressable IPs for my home LAN??)

                That's the whole beauty of IPv6 :)

        • My DHCP server is a crappy consumer appliance that can't update DNS from DHCP without unsupported and buggy third-party firmware hacks. I think the majority of internet users are in the same situation.

        • The problem is, DNS is like USB, and IPv4 is like RS232. If you're anywhere close to being right, you can probably get ipv4 (or a real serial port set to 9600-8-N-1) to work well enough to give you clues about what the real problem is. In contrast, DNS (like USB) tends to just fail hard and catastrophically, giving no obvious clues about what might actually be wrong.

        • Re:Who cares (Score:5, Interesting)

          by GNUALMAFUERTE ( 697061 ) <almafuerte AT gmail DOT com> on Tuesday September 18, 2012 @12:21AM (#41371447)

          mysql> select count(host) from systems;
          | count(host) |
                            498 |
          1 row in set (0.00 sec)

          (stupid slashdot thinks mysql's output are junk characters)

          Since most of those 498 servers I manage are behind NAT and have dynamic public IPs, I do have a system to track them (not ddns, but a homemade solution), and I have scripts in place that allow me to get any server's IP. Combine that with shell expansion and I can ssh root@`gethost customer_id server_id` and similar stuff. That doesn't mean you don't have to deal with IP addresses anyway, and it doesn't mean doing ifconfig eth0 2001:0db8:85a3:0042:0000:8a2e:0370:7334 is gonna be easy. Imagine debugging a routing table! Imagine reading the output of tcpdump with such meaningless addresses. IPv6 is gonna be a PITA.

        • I don't want somebody knowing who I'm looking up so I downloaded the entire DNS and dumped it into my /etc/hosts file. I feel so safe now....

      • Re:Who cares (Score:5, Insightful)

        by fm6 ( 162816 ) on Tuesday September 18, 2012 @12:18AM (#41371425) Homepage Journal

        I think you need to ask yourself why you have to remember all those IP addresses. I'll bet that in each one could be dispensed with if you had the motivation to work out a DNS-based way to access these systems — with the possible exception of the DNS servers themselves.

      • Re:Who cares (Score:5, Interesting)

        by phantomfive ( 622387 ) on Tuesday September 18, 2012 @01:09AM (#41371651) Journal
        It won't be that bad at first, until a lot of addresses are used, because of the IPv6 notation shorteners. For example, ff06:0:0:0:0:0:0:c3 may be written as ff06::c3. Unless your ISP gives you a random number as an IP address, it'll still be fine to work with.
      • by burne ( 686114 )

        I know I'm a bit of a nerd, but I know my prefix (2001:470:XXXX::) and after the double double colon I am master of my domain, so my website lives on ::10, the mailserver on ::20 etc. If you can remember a ipv4 address, ipv6 shouldn't be more difficult, in general.

      • First things first - for IPv6, DHCP6 is a better idea than DHCP4 was for IPv4. Use that to manage your addresses. You can assign certain addresses (or ranges) as static, certain address ranges as dynamic, and be off to the races. No need to struggle w/ subnetting the way you did in IPv4.

        Next thing - if it's important for you to remember your IPv6 address, remember that the first 12-16 digits (depending on what your ISP gives you) are gonna be common. You then have the remaining 16 digits. If it's imp

      • by JSBiff ( 87824 )

        Is abc1:2345::10 that much harder? Ok, solution:

        In your OS, set an environment variable that persists across logins:
        6NET=abc1:2345

        Then when using networking tools:
        ping %6NET%::10

        Was that so hard?

      • by suso ( 153703 ) *

        You're missing the oppurtunity to use hexidecimal characters in memorable ways in your IPv6 addresses though:

        2001::FEED:FACE:DEAD:BEEF (For non-vegans)
        2001::C0DA:0B0E:BA55:C1EF (For musicians)
        2001::CA11:D011:FACE:BABE (For a good time)
        2001::FEE1:DEAD:BABE:B00B (For necrophiliacs)

    • Agree completely, but how the hell did the DWP end up with that many ip addresses?
    • Re:Who cares (Score:5, Insightful)

      by fm6 ( 162816 ) on Monday September 17, 2012 @11:22PM (#41371171) Homepage Journal

      As any climate scientist will tell you, the ability of people to deny impending disaster is remarkable, especially when doing something about it costs money. That includes people on Slashdot, who keep telling me that the whole address depletion thing is bogus, that we can keep going indefinitely by discovering unused blocks and using existing blocks more efficiently.

      A few years ago, I was part of the product team that was working on a new Sun server. Now, every Sun server comes with an ILOM (Integrated Lights Out Manager), a little embedded Linux system that lets an administrator manage the server remotely. Naturally, the ILOM has its own network interface — but the one planned for this system did not support IPv6. I pointed out all the IPv4 address exhaustion issues, but was basically told to mind my own business. "No customer demand for this feature." Never mind that a few years down the pipe, customers would be very unhappy they didn't have it.

      • Re: (Score:2, Funny)

        by fm6 ( 162816 )

        Oops, I mentioned global warming, I guess that makes me a troll.

      • by MaerD ( 954222 )

        Straw man argument. If you, in your individual data center/office/etc are able to exhaust all of the private ip blocks for your management network that has no business facing the Internet, you have way more hardware than you really need and should probably consider virtualization, blades or some other method of reducing your server footprint.

        All that extra power usage contributes to global warming, after all... ;)

      • Except for the fact that, when an emergency comes, the budget magically opens and people stop counting their pennies.
        That would mean that if/when the IPv4 crunch comes to a point where we HAVE to confront it, IT dept's will get fresh new budgets to buy the NEW Sun server that *does* have IPv6 functionality.
        I'm not saying omitting it was a good idea, but cynically it might make sense.

      • by Eil ( 82413 )

        I pointed out all the IPv4 address exhaustion issues, but was basically told to mind my own business. "No customer demand for this feature."

        Despite being in the business, your forgot one important thing: B2B hardware and software vendors almost universally design products only according to what their customers are actually asking for. It's not quite like the consumer sector where a company designs something new and tries to convince the masses that they need it via marketing. The enterprise is different. If

    • To apply the fix, everyone involved must cooperate and spend a lot of money upgrading.

      The alternative is to carry without ipv6: this will create an artificial scarcity of ipv4 addresses. They will become more and more valuable, so existing businesses will be able to make more and more money renting them out: as no more are available, nobody else will be able to join the cartel to get a slice of the pie.

      So: the choice is: spend a lot of money on ipv6 now to help the customer, or screw the customer over and h

    • Since it's been discovered, what they should do is break it up into, say ~65k blocks of 256 addresses each, and sell them only to customers who have IPv6 transition plans. In other words, these addresses should only be used to enable dual-stack for customers who have taken the initiative in moving to IPv6.

      That forces people to move seriously towards IPv6 - starting w/ the telecom vendors, such as BT, Vodafone, et al. That way, the migration, instead of being pushed out, gets expedited.

      Indeed, that sho

    • The migration is being obstructed by people with hoards of v4's they got back when the addresses were plentiful, as well as ISPs that find more profit in milking their IP space for all its worth and making people pay for a business connection to get out of NAT...and also enforcing "no servers allowed" in their residential contracts.

      Nowadays, stashes of v4's are a gold mine and people holding them are not going to let their windfall go without a fight. Instead, they are going to squat on them, and milk thei

  • You have to be a UK citizen to sign the petition so please sign if you can.

  • by grcumb ( 781340 ) on Monday September 17, 2012 @11:22PM (#41371173) Homepage Journal

    An e-petition was created asking the DWP to sell off the block to ease the IPv4 address scarcity in the RIPE region.

    Why not just ask them to do the right thing and give them back to RIPE? I mean seriously, what kind of example are we trying to set here? Or maybe someone's just trying to bootstrap a market for IPv4 addresses in order to cash in on the increasing scarcity....

    ... In any case, encouraging profit from a public resource like this is a terrible idea.

    • Markets aren't perfect, but efficiently allocating scarce resources is one thing they do well. When you have a quasi-governmental body decide who should get IPs, you end up with situations like this, where people need them can't get them and people who have them don't need them.

    • by jibjibjib ( 889679 ) on Tuesday September 18, 2012 @12:09AM (#41371391) Journal

      Giving away a block of IPv4 addresses worth about $1 billion is the same as literally giving away $1 billion of taxpayers' money. I don't think that would be doing "the right thing" for the people of the UK.

      • by Zocalo ( 252965 )
        Quite. These IP addresses legitimately belong to the UK Government, and therefore by implication to the UK taxpayer. The snag is that they belong to the wrong department of the UK Government to actually do much good and given the usual incompetence of government transferring them to where they might be useful isn't likely to happen in time. If UK.gov can get its thumb out of its ass and come to some kind of arrangement with RIPE to let them it do it (this kind of thing is not currently permitted under RI
    • Why not just ask them to do the right thing and give them back to RIPE?

      The right thing to do is switch to IPv6. Who cares if they have a lot, we have a plan where everyone can have a lot.

    • Re: (Score:2, Informative)

      by Anonymous Coward

      RIPE's terms and conditions prohibit selling IP addresses. RIPE actually has the power to take them back if they're unused and they're needed - and they are needed, RIPE just allocated its last block!

      In this instance, I shall be voting for RIPE to do just that.

    • Screw that. My government (that is to say- the taxpayer, i.e., me) owns a £1 billion asset they probably didn't know they had. And you want them to give them away to companies, corporations, private citizens and whatnot for free?

  • by RulerOf ( 975607 ) on Monday September 17, 2012 @11:26PM (#41371195)
    Am I the only one that sees something like this and immediately wants to call dibs on a "Vanity IP?"
    I'll take:
    • 51.51.51.51
    • 51.52.53.54
    • 51.0.0.1
    • ...and 51.50.49.48

    I'm sure there's an algorithm or list that could tell me all of the possible "desirable" IPs in the /8, but, due to the fact that we shouldn't be greedy, and the completely arbitrary relation to the number 4 for IPv4, and the fact that it's an election year here in the US, I propose that we Slashdotters limit ourselves to four a piece, and leave the remainder to Reddit and 4chan. Or something.

  • How did nobody notice this until now? There isn't that many public /8 blocks (125 or less since the 10 and 127 blocks are for special purposes and 0 is unusable) and they've been trying to recoup unused /8 blocks for over a decade so is this really a new discovery?

    • Re:Really? (Score:5, Funny)

      by camperdave ( 969942 ) on Tuesday September 18, 2012 @01:20AM (#41371691) Journal
      They're holding on to them until the rest of the world coughs up the missing Dr Who episodes.
    • Re:Really? (Score:4, Interesting)

      by Zocalo ( 252965 ) on Tuesday September 18, 2012 @04:23AM (#41372399) Homepage
      Plenty of people have noticed this before now, IANA has published a table [iana.org] showing all the /8 allocations pretty much since they were formed. Anything flagged as "LEGACY" was assigned before the current RIR/LIR assignment process was implemented. Someone even complied a table showing which parts of the legacy IP assignments were not routed some years back, which must have included the DWP's /8 as well unless they were actually advertising it at the time that the table was compiled.

      The only thing that makes this slightly newsworthy is this about a cash strapped sovereign government sitting on a sizable pool of "spare" IPv4 space that has suddenly become a much more valuable commodity following the recent announcement that RIPE is now down to its final /8 and IPv4 allocations within Europe and those parts of Asia that fall under RIPE's remit are now heavily restricted. You can probably expect a similar story about the dozens (see the table above) of underused /8s that are held by US corporations and government agencies, the DoD especially, when ARIN's IPv4 approaches exhaustion as well.
  • relatively common (Score:5, Insightful)

    by Anonymous Coward on Monday September 17, 2012 @11:41PM (#41371253)

    This sort of thing is relatively common, it's probably used internally as a routable address space, but not intended for use on the public Internet. (Saves have to deal with multiple uses of rfc1918). This sort of thing is very common in the government (though usually much less than an /8). They can't use a consistent rfc1918 address space internally as whenever the government changes it's priorities, work units will shuffle between departments. You'll probably find that this address space is now used by many departments, and trying to move all users over to another range will cost more than they can recover from selling the /8

  • The dept of work and pensions is holding them, so that every pensioner can have a static IP. The betyer for the UK gov, to track you with. Taking tinfoil hat off now.
  • Wealth can be measured in pieces of eight.
  • My boss had an entire class C for about 10 years+ with on average maybe 7-8 employees over that time and a web footprint no bigger than a basic corporate contacts website. He probably could have held on to it, too if he didn't see the expense as a waste of money when he was looking to streamline.

  • by Anonymous Coward on Tuesday September 18, 2012 @02:13AM (#41371895)

    Local government network admin here. Parts of the 51.0.0.0/8 address space is in our internal routing table, because it's used for shared private networks between different government organisations. Just because it's not in the public Internet routing table doesn't mean it's not used.

    Granted perhaps not the whole /8 is in use (I only see 3 x /16s out of a possible 256 in my routing table at present), but who's to say other sectors which I don't have network connectivity to aren't using it.

    We're actually pushing for and slowly enabling IPv6 internally on our core and servers where we can, rather than delay the inevitable. This is despite our organisation ourselves owning a whole public /16 block, yet have maybe only 10-15k addressable nodes max across all our networks we control at present. It will take us much much longer to re-IP/re-subnet the entire network more efficiently so some of that space can be returned to RIPE, than for it to be reallocated and used up after returning, due to old systems and old proprietary software in use. Not to mention the resources required to do such a massive task.

    Personally I think the people asking for addresses to be returned by any organisation (supposedly) not using them (including all the other apparently wasted /8 allocations out there) are not looking long term enough. IPv6 is the way to go.

    • by lbft ( 950835 )

      If you need a /8 for private addresses, use 10.0.0.0/8. That's what it's bloody there for.

      > Personally I think the people asking for addresses to be returned by any organisation (supposedly) not using them (including all the other apparently wasted /8 allocations out there) are not looking long term enough. IPv6 is the way to go.

      Consumer internet IPv6 adoption rates are atrocious across the globe. VPSes and dedicated servers require dedicated IPs, and even shared hosting requires a dedicated IP for SSL i

  • by Martin S. ( 98249 ) on Tuesday September 18, 2012 @02:57AM (#41372065) Journal

    Just because this block is not public does not mean it is unused.

    The UK Government has a huge darknet [wikipedia.org].

  • by Chrisq ( 894406 ) on Tuesday September 18, 2012 @04:27AM (#41372413)
    This must be worth more than the Bank of Scotland. Lets sell it quick. The Government is actually much more likely to hold on to it until everyone is on IPv6 and it becomes worthless.

A consultant is a person who borrows your watch, tells you what time it is, pockets the watch, and sends you a bill for it.

Working...