10

Background

I'm attempting to demonstrate, using a real-world example, of why someone would not want to configure their internal network on the 1.0.0.0/8 subnet. Obviously it's because this is not designated as private address space.

As of 2010, ARIN has apparently allocated 1.0.0.0/8 to APNIC (the Asia-Pacific NIC), who seems to have begun assigning addresses in that subnet, though not in 1.1.0.0/16, 1.0.0.0/16, and others (because these addresses are so polluted by bad network configurations all around the Internet).

My Question

My question is this: I'd like to find a website that responds on this subnet somewhere and use it as a counter-example, demonstrating to a non-technical user its inaccessibility from an internal network configured on 1.0.0.0/8. Other than writing a program to sniff all ~16 million hosts, looking for a response on port 80, does anyone know of a directory I can use, or even better yet, does anyone know of a site that's configured on this subnet?

WHOIS seems to be too general of a search for me at this point...

Dave Markle
  • 378
  • 2
  • 11
  • 5
    polluted indeed : http://www.potaroo.net/studies/1slash8/1slash8.html and http://bgpmon.net/blog/?p=275 – petrus Feb 18 '11 at 21:35
  • 1
    Make sure they are aware that the Cyber Police routinely do RFC 1918 compliance checks. For any violators found the consequences will never be the same. – hobodave Feb 18 '11 at 21:36
  • 5
    @hobodave http://www.avaruusmies.com/jokes/images/152.html -- I suppose this falls under the two boxes at the end? :) – voretaq7 Feb 18 '11 at 21:40
  • @voretaq7, your link has a misspelling... those two dashes at the end break it. But still funny, I'm gonna have to print that one out. – Holocryptic Feb 18 '11 at 22:13
  • d'oh - I fixed it in chat but didn't fix it here :P – voretaq7 Feb 18 '11 at 22:30
  • My iPhone regularly is assigned IP addresses in the 1.x.x.x range, but I don't know of any websites that use it. – Mark Henderson Feb 18 '11 at 23:44
  • 1
    tbh it was a bit shortsighted not to allocate 1.x.x.x as private in the first place. – JamesRyan Mar 08 '13 at 15:07
  • 3
    @JamesRyan What are you smoking? It's a bit shortsighted for network administrators to NOT UNDERSTAND RFC1918. – MikeyB May 03 '13 at 20:00
  • It has nothing to do with not understanding the RFC and everything to do with the fact that people start counting at 1 and left to their own devices will tend to use that! Engineers ignored human nature and failed to avoid a forseeable problem. – JamesRyan May 03 '13 at 22:36

5 Answers5

28

I don't know of any live sites in this range, but you do not need a counterexample -- You need RFC 1918.

Print it (possibly several times) and use the hardcopy to bludgeon the person who wants to violate it until they understand the error of their ways.

voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • 17
    Repeat after me, "I will NOT use publicly addressible space for my private intranet". *SMACK* "I will NOT use publicly addressible space for my private intranet". *SMACK* Continue until hardcopy is a shredded mess of paper; switch to hose. – Holocryptic Feb 18 '11 at 21:39
  • Ha, I'm assuming (cough, cough) that the proper route filters are applied and nobody on the rest of the inter-tubes can see their network. I really want the awesome experience of "Hey, try getting to this site on your iPhone. Now try it from your PC. Notice how it doesn't work in your network, but works on your phone?" Maybe I will try scanning the 1.0.0.0/8 range and see what I can see on Port 80. Who knows? I'm sure there's got to be a host out there somewhere. – Dave Markle Feb 18 '11 at 22:10
11
whois -h whois.apnic.net -- "-T inetnum -m 1.0.0.0/8" | less

Just produced 10005 lines of output, which is the first-level allocations under that netblock. There are 566 allocations. A few are in Australia, so might yield English-language web-pages and so might have more of a psychological impact in your re-education efforts?

Phil P
  • 3,040
  • 1
  • 15
  • 19
  • 4
    Oh, and two of the 12 allocations to "country: AU" are `1.40.0.0/14` and `1.44.0.0/16` to Optus, confirming that Mark Henderson's iPhone is legitimately using the IP address he references. – Phil P Feb 19 '11 at 01:50
10

If they use 1.0.0.0/8 and I go and join your network via WiFi or VPN, my iPhone will get confused and explode:

enter image description here

And your work does not want to buy me a new iPhone because they made mine explode. They're expensive.

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
2

Since it specifically mentions 1.0.0.0 , you could quote them -

If you are using public IP addresses that have not been allocated by IANA or your ISP, then you may be using the IP network ID of another organization on the Internet. This is known as illegal or overlapping IP addressing. If you are using overlapping public addresses, then you cannot reach the Internet resources of the overlapping addresses. For example, if you use 1.0.0.0 with the subnet mask of 255.0.0.0, then you cannot reach any Internet resources of the organization that is using the 1.0.0.0 network.

You can also exclude specific IP addresses from the configured range. Excluded addresses are not allocated to private network hosts.

From http://technet.microsoft.com/en-us/library/cc783033(WS.10).aspx

Emphasis is mine, because the word illegal might scare them.

sgmoore
  • 652
  • 5
  • 10
-1

I don't know any websites in the 1/8 range, but I do have my home dsl address in the 2/8 range:

$ host 2.0.232.240
240.232.0.2.in-addr.arpa domain name pointer ANantes-256-1-229-240.w2-0.abo.wanadoo.fr.

Wanadoo is the old french name of the ISP "Orange". They got the 2.0.0.0/12 pool:

$ whois 2.0.232.240

inetnum:        2.0.232.0 - 2.0.232.255
netname:        IP2000-ADSL-BAS
descr:          BSNAN256 Nantes Bloc 2


% Information related to '2.0.0.0/12AS3215'

route:          2.0.0.0/12
descr:          France Telecom Orange
origin:         AS3215

As this pool is used for adsl customers, I don't think a lot of website are hosted in that range.

petrus
  • 5,287
  • 25
  • 42