26 April 2004
Shrinking resources of IPv4 addresses are forcing us to its
more reasonable managing and that sometimes has quite unexpected consequences.
Author: Tomasz Grabowski
Translation: Aleksandra Malak
At early stage of world net expansion – in times, when ARPANET and few
smaller nets based on IP protocol existed, it was assumed that one IP net would include at least few thousand devices. Establishment
of IP address length on 32 bits seemed at that time exaggerated. Conviction that addresses would never run out caused a situation,
when large classes of addresses were thoughtlessly given away to institutions, which needs weren’t that big at all.
Today we all must incur the consequences of that policy.
APNIC, ARIN, RIPE and LACNIC – organizations
which take care assigning IP addresses in Internet – for few years are warning against danger connected with depleting
of available addresses, and convincing disposers to reasonable and economical managing of those sources. For next few years
we would be protected against the problem of complete exhaustion of addresses, by techniques which deal with recovery of addresses
in a form of NAT translation, or so called masking. Nevertheless, their usage is only fundamental for PC computers. In case
of servers, which has to be seen from Internet, and which number still increases, translation can’t be considered.
Reuse of addresses which from some reasons were released, has become one way of its economization. This is a common
practice of Internet suppliers. It appears however, that in some cases that action is very dangerous and causes many
different problems – including practical immobilization of access to Internet.
this is a wrong number
When we buy a new phone, many times we get the number, which earlier was
used by other person. Half trouble if predecessor used telephone mostly for private purpose. If we get the number after a
known doctor or for example after a pizza place which takes orders by phone, we have a problem. Explaining for a hundred time
that this number doesn’t belong to its previous owner, can cause a headache. For a long distance, usage of that number
might become impossible.
Similar problem concerns IP addresses, but the number of eventual and possible threatens
is in that case much bigger, and its effects on net security might be serious. For a first time, I came into contact with
this problem few years ago. After connecting a small net consist of few computers to Internet, within an hour somebody broke
into it, left insulting messages on web sites, and in the end access to connected net has been practically unable because
of massive Distributed Denial of Service attack.
This situation was weird because this net had no significant
resources, and the time which passed from the moment the net was connected to Internet excluded possibility, that some of
its users could already endanger to somebody in the Internet. Only after few days I was able to determine the real reason
of those attacks. Pool of addresses which has been admitted to this net previously belonged to a company, which offered services
of free accounts with access to system services (so called shellow accounts).
After a conversation with a previous
owner, it appeared that their users very often came into different kinds of conflicts and wars leaded in
Internet, and for that reason company had many problems with attacks. With help of proper barrier systems and link with a
flow capacity about 10 Mb/s, it was able to resist most of them. But when their place in the net was taken by a company disposed
with a link of 256 kb/s and serviced by inexperienced administrators, the problem of attacks became much more serious.
Of course after an intervention in Internet supplier and after admitting different pool of addresses to a company,
the attacks stopped. Unlucky pool of addresses is under attack till now – probably it is a result of automatic DDoS
software, which has been inserted into a net few years ago and still generates unnecessary movement.
Arduous and even dangerous
Probability of getting unlucky pool isn’t that big for
now, however it would increase together with shrinking the pool of available IP addresses. Described situation is not the
only example of problems connected with “recycling” of IP addresses. Other known case was based on receiving IP
address after a mail server, used by spammers for sending commercial letters.
Of course this address was soon putted
on all black lists. New owner had a bad luck when he gave the same address to his mail server, because mail which was send
from his server was blocked or marked as a spam letters. It is hard to have better anti-commercial especially when the company
works on a market, where work quality of computer scientists has a major influence on its reputation.
of problems connected with “recycling” of IP addresses can be unfortunately multiplied. It often occurs that access
to internet services is granted only basing on IP addresses. When net gets address class after somebody, who had for example
blocked access to specified services (for example servers of debatable groups, FTP servers or popular WWW servers), explanation
of the case and unblock the access can last few days or even weeks.
If our address class is the object of the
recycling, our business partners can be in trouble. If someone rigidly sets up access to its net from the addresses which
previously belonged to the class that we have just get rid of, unauthorized persons have the chance to get access to important
resources. Indeed it is interesting, which doors will open in front of us, if we accidentally inherit address class after
government institutions, companies which are dealing with services connected with security or after companies like Microsoft.
That last possibility could also turn against us. Could a small company with a link of 256 Kb/s flow capacity
be satisfied, if it gets IP address that was previously attributed to microsoft.com domain? Enthusiasm connected with unbelievably
large number of visits on www server of the company would soon be replaced by frustration connected with total clogging of
the link. Also because of the attacks. Dangerous appears also for the visitors. New owner of the IP address, that previously
belonged to Microsoft, could use the copy of the original www site and put an information in it, for example about the necessity
of installing a patch, which would in fact contain a Trojan horse.
Who is guilty if the company gets the pool of addresses after some thoughtless predecessor?
Previous owner, actual owner, Internet supplier which administrates address pool, or maybe the owner of badly configured DNS
server, who didn’t manage to refresh information’s on time? Unfortunately, the truth is, that IP addresses are
in fact nobody’s property. They are admitted by some institutions, but it is more a right to use it not to own it. Finding
guilty on the legal course would be a daring challenge. Maybe it would be worth to introduce law regulations which would determine
the person responsible for damages which are result of that situation.
dialog with a supplier
Companies which use Internet for business should, in its security policy,
consider rules concerning procedures when IP addresses would change. In case of change the Internet supplier, it fits
to order for example, to still pay for some time for already unutilized IP addresses, in order to give some time to all DNS
servers and other nets administrators to introduce proper changes.
From the other hand in an agreement signed with
Internet supplier, it’s worth to make a reservation, that eventual changes of IP addresses must be preceded, by an early
few months warning. It is a good idea to guarantee oneself other pool of IP addresses, in case when the pool we’ve just
got hinders or enables correct functioning of the net, as a consequence of action of previous addresses owner. Especially
when it’s a spam, blockades in access to some particular Internet resources, DDoS attacks and so on.