Hacker News new | past | comments | ask | show | jobs | submit login
Pollution in recent IPv4 allocation of 1.0.0.0/8 (ripe.net)
51 points by bensummers on Feb 3, 2010 | hide | past | favorite | 11 comments



My bet is 90% of that traffic is lazy programmers using "1.1.1.1" or "1.2.3.4" as the default, "empty" IP address for their application.


The obvious solution is to assign 1.1.1.1 to example.com


Funny. :D But assignment is the other way around. Simply announcing that the 1.1.1.0/24 and 1.2.3.0/24 IP blocks were routable opened a 50mbit flood of UDP traffic, random pings, etc.


how about routing 1.1.1.0/24 and 1.2.3.0/24 to /dev/null (or equivalent) for some time.

This would interefere with whoever is polluting these addresses and they would stop using them as they would become unusable.


They've _been_ routed like that forever. That's why people have been using them - because it doesn't do any harm (the data gets dropped at the first BGP-aware router). The issue is we can't _start_ using them now.


The problem is that if the router is configured to announce these IP's there is an instant flood of incoming traffic.

You could set the edge routers to drop any traffic to 1.1.1.1, but that still means that the upstream bandwidth is consumed by accepting the packets and then discarding them internally.

With routing at this scale EVERYTHING has a cost, you cannot just accept a blob of traffic without interfering with some other service(s). Every packet has to come down the wire, and then be handled by the router (either dropped or forwarded on).

This scenario is basically an unintended DoS attack.


They've been routed to /dev/null since 1981!


No, they haven't.

These subnets have not been advertised.

The difference is that when a device tries to send a packet to 1.1.1.1, your PC would send the packet to its default gateway, that gateway would send it to your ISP, and one of the ISP's edge routers would determine that there was no route to the host and reply with a message stating the packet is unroutable.

For the classic RFC reserved subnets, like 192.168.0.0, most routers were setup to drop any inbound/outbound packets addressed to or from those subnets, which is more like routing them to /dev/null.


OK, while they may not actually have been dropped or routed to /dev/null in a technical sense, they have been inaccessible in such a way that if making them "inaccessible for a while" was going to reduce the traffic to them, as suggested by the post I was replying to, then it would have had that effect already and this surprise traffic wouldn't be a problem in the first place.


Ah, I see what you were saying. Yes, the problem here is that they WERE unassigned, and so people lazily or unintentionally started using these IP's for other purposes. Now that they are "real", it seems like some portions of these subnets are going to be practically unusable.


The problem is that these aren't just lazy programs, they're unmonitored programs. Somebody needs to actually determine what the major users of the blocks are and tell the developers of those systems about it. Even the malware creators have no benefit to using dead space like 1.1.1.1.

A researcher at a major institute should be allowed to study 1.1.1.1 for a while.




The deadline for YC's W25 batch is 8pm PT tonight. Go for it!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: