HomeAbout MeSecurityDCLinuxEee PCMusic3D GraphicsRobotsContact Me

IPv4 recycling
26 April 2004
Shrinking resources of IPv4 addresses are forcing us to its more reasonable managing and that sometimes has quite unexpected consequences.

Author: Tomasz Grabowski
Translation: Aleksandra Malak

At early stage of world net expansion – in times, when ARPANET and few smaller nets based on IP protocol existed, it was assumed that one IP net would include at least few thousand devices. Establishment of IP address length on 32 bits seemed at that time exaggerated. Conviction that addresses would never run out caused a situation, when large classes of addresses were thoughtlessly given away to institutions, which needs weren’t that big at all. Today we all must incur the consequences of that policy. 

APNIC, ARIN, RIPE and LACNIC – organizations which take care assigning IP addresses in Internet – for few years are warning against danger connected with depleting of available addresses, and convincing disposers to reasonable and economical managing of those sources. For next few years we would be protected against the problem of complete exhaustion of addresses, by techniques which deal with recovery of addresses in a form of NAT translation, or so called masking. Nevertheless, their usage is only fundamental for PC computers. In case of servers, which has to be seen from Internet, and which number still increases, translation can’t be considered.

Reuse of addresses which from some reasons were released, has become one way of its economization. This is a common practice of  Internet suppliers. It appears however, that in some cases that action is very dangerous and causes many different problems – including practical immobilization of access to Internet.

Hallo, this is a wrong number

When we buy a new phone, many times we get the number, which earlier was used by other person. Half trouble if predecessor used telephone mostly for private purpose. If we get the number after a known doctor or for example after a pizza place which takes orders by phone, we have a problem. Explaining for a hundred time that this number doesn’t belong to its previous owner, can cause a headache. For a long distance, usage of that number might become impossible.

Similar problem concerns IP addresses, but the number of eventual and possible threatens is in that case much bigger, and its effects on net security might be serious. For a first time, I came into contact with this problem few years ago. After connecting a small net consist of few computers to Internet, within an hour somebody broke into it, left insulting messages on web sites, and in the end access to connected net has been practically unable because of massive Distributed Denial of Service attack.

This situation was weird because this net had no significant resources, and the time which passed from the moment the net was connected to Internet excluded possibility, that some of its users could already endanger to somebody in the Internet. Only after few days I was able to determine the real reason of those attacks. Pool of addresses which has been admitted to this net previously belonged to a company, which offered services of free accounts with access to system services (so called shellow accounts).

After a conversation with a previous owner, it appeared that their users very often came    into different kinds of conflicts and wars leaded in Internet, and for that reason company had many problems with attacks. With help of proper barrier systems and link with a flow capacity about 10 Mb/s, it was able to resist most of them. But when their place in the net was taken by a company disposed with a link of 256 kb/s and serviced by inexperienced administrators, the problem of attacks became much more serious.

Of course after an intervention in Internet supplier and after admitting different pool of addresses to a company, the attacks stopped. Unlucky pool of addresses is under attack till now – probably it is a result of automatic DDoS software, which has been inserted into a net few years ago and still generates unnecessary movement.

Arduous and even dangerous

Probability of getting unlucky pool isn’t that big for now, however it would increase together with shrinking the pool of available IP addresses. Described situation is not the only example of problems connected with “recycling” of IP addresses. Other known case was based on receiving IP address after a mail server, used by spammers for sending commercial letters.

Of course this address was soon putted on all black lists. New owner had a bad luck when he gave the same address to his mail server, because mail which was send from his server was blocked or marked as a spam letters. It is hard to have better anti-commercial especially when the company works on a market, where work quality of computer scientists has a major influence on its reputation.

Examples of problems connected with “recycling” of IP addresses can be unfortunately multiplied. It often occurs that access to internet services is granted only basing on IP addresses. When net gets address class after somebody, who had for example blocked access to specified services (for example servers of debatable groups, FTP servers or popular WWW servers), explanation of the case and unblock the access can last few days or even weeks.

If our address class is the object of the recycling, our business partners can be in trouble. If someone rigidly sets up access to its net from the addresses which previously belonged to the class that we have just get rid of, unauthorized persons have the chance to get access to important resources. Indeed it is interesting, which doors will open in front of us, if we accidentally inherit address class after government institutions, companies which are dealing with services connected with security or after companies like Microsoft.  

That last possibility could also turn against us. Could a small company with a link of 256 Kb/s flow capacity be satisfied, if it gets IP address that was previously attributed to microsoft.com domain? Enthusiasm connected with unbelievably large number of visits on www server of the company would soon be replaced by frustration connected with total clogging of the link. Also because of the attacks. Dangerous appears also for the visitors. New owner of the IP address, that previously belonged to Microsoft, could use the copy of the original www site and put an information in it, for example about the necessity of installing a patch, which would in fact contain a Trojan horse.

Addresses only for rent

Who is guilty if the company gets the pool of addresses after some thoughtless predecessor? Previous owner, actual owner, Internet supplier which administrates address pool, or maybe the owner of badly configured DNS server, who didn’t manage to refresh information’s on time? Unfortunately, the truth is, that IP addresses are in fact nobody’s property. They are admitted by some institutions, but it is more a right to use it not to own it. Finding guilty on the legal course would be a daring challenge. Maybe it would be worth to introduce law regulations which would determine the person responsible for damages which are result of that situation.

Indispensable dialog with a supplier

Companies which use Internet for business should, in its security policy, consider rules concerning procedures when IP addresses would change. In case of  change the Internet supplier, it fits to order for example, to still pay for some time for already unutilized IP addresses, in order to give some time to all DNS servers and other nets administrators to introduce proper changes.

From the other hand in an agreement signed with Internet supplier, it’s worth to make a reservation, that eventual changes of IP addresses must be preceded, by an early few months warning. It is a good idea to guarantee oneself other pool of IP addresses, in case when the pool we’ve just got hinders or enables correct functioning of the net, as a consequence of action of previous addresses owner. Especially when it’s a spam, blockades in access to some particular Internet resources, DDoS attacks and so on.