back to article Crashed RadioShack flogs off its IPv4 stash

Collapsed retail store RadioShack will auction off its public IPv4 addresses as part of its ongoing bankruptcy proceedings. The 32,000-odd addresses will be sold off in /24 and /20 subnets by auction site IPv4Auctions.com, which specializes in the sale and resale of the increasingly valuable online space. The website says it …

  1. Anonymous Coward
    Anonymous Coward

    Whatever happened to the great migration to IPv6?

    Ten years ago I was learning about IPv6 in college, being told that it was needed in order to avoid running out of IPv4 address space.

    Now we have excess IPv4 space thanks to the machinations of capitalism, and I expect to see more companies go bankrupt in the near future. Maybe the problem will sort itself out?

    1. Graham Dawson Silver badge

      Re: Whatever happened to the great migration to IPv6?

      Hardly excess. Capitalism manages scarcity fairly well - and that's the problem here. IPV4 addresses have become scarce and are becoming more scarce by the day. This shuffling of a shrinking pool of addresses isn't providing any sort of excess, it's merely turning the car crash into a gentle stop.

    2. bombastic bob Silver badge
      Devil

      Re: Whatever happened to the great migration to IPv6?

      well, Micro-shaft can't even get it right for their OWN web sites...

      https://www.theregister.co.uk/2017/01/19/windows_10_bug_undercuts_ipv6_rollout/

      if everyone were running Linux or BSD (or OSX for that matter) we wouldn't be having this topic.

      Unfortunately, that is NOT the case, and Micro-shaft's networking INCOMPETENCE is standing in the way.

      And... do you REALLY want 'wannacry' going over IPv6 and affecting EVERY! COMPUTER! with an IPv6 address, because Micro-shaft can't properly firewall, and IPv6's are PUBLICALLY VIEWABLE, yotta yotta yotta? It's bad enough with all of the well-known listening ports [a number that grew starting with XP, then Vista, then 7, then "Ape", and now WIn-10-nic], and you know how it is with Micro-shaft and their open/listening ports. IPv6 exposes them to the _WORLD_ and unless your router can block them for you, you're probably _vulnerable_ because, Micro-shaft INCOMPETENCE in networking stuff.

      Anyway I have IPv6 running on my network. I use a he.net free tunnel. I firewall all of the ports I mentioned, so that any winders boxen on the network are protected, using a FreeBSD machine, which has a really good IPv6 stack and 3 different available firewalls to choose from. You can reject incoming connections on ANY of those ports from anything that comes in over a particular adapter [in this case, the IPv6 tunnel] and voila! BLOCKED! And SMB networking (and other windowsey stuff) still works behind the firewall.

      So why can't Micro-shaft get it right?

      1. Nanashi

        Re: Whatever happened to the great migration to IPv6?

        The firewall in Windows actually works perfectly fine, and the vast majority of ISPs deploying v6 are doing so with CPEs that also have a firewall. Plus, on top of that, it's much harder to find the few unfirewalled machines on v6 because the address space is so damn large. Even just scanning one single /64 takes as long as scanning the v4 internet 4 billion times over.

        If network attacks are what you're worried about, v6 is a lot better than v4 just purely because it's so hard to find devices with a network scan (and most of them are still firewalled anyway). If your malware can't find the vulnerable machines then it can't spread widely enough to be a major problem.

        ...at least not via network scanning. Other infection vectors still work just fine.

        1. bombastic bob Silver badge
          Devil

          Re: Whatever happened to the great migration to IPv6?

          "The firewall in Windows actually works perfectly fine"

          HA HA HA (oh you were serious?)

          "on top of that, it's much harder to find the few unfirewalled machines on v6 because the address space is so damn large"

          ok here's where I demonstrate classic hacker thinking to show you why 'so damn large' doesn't matter:

          a) set up a web server that waits for IPv6 connections, even using embedded advertising on popular web sites

          b) when the IPv6 computer connects, queue up a bot-net to scan for vulnerabilites and infect this new machine (once the vuln has been found)

          c) once infected, new machine is part of the botnet now, to be used for "whatever", or put ransomware on it, or just be malicious and nuke everything on drive 'C' (or whatever)

          etc.

          this is a very valid and likely scenario. We know there have been rogue ads on well-known ad networks before, infecting computers with 0-day vulnerabilities even. I recall MSN being affected once, within the last few years. So this scenario is REAL. And yes, it SHOULD frighten you.

          Besides, Micro-shaft's problems seem to be with their own implementation of DHCPv6 which is, in my opinion, uproariously funny. I would suggest they look at the Linux and BSD implementations, and see how THEY are doing it, as well as server packages like ISC-DHCP, then fix their own stuff so it behaves according to the RFC's. Lots of really really good, and free, sample code out there.

          https://www.isc.org/downloads/dhcp/

          (and others at the same web site)

      2. wallaby

        Re: Whatever happened to the great migration to IPv6?

        "So why can't Micro-shaft get it right?"

        Oh FFS

        Q: Someone mentions Microsoft in an article ostensibly not about them and what do we get ?

        A: Another Linux user rant

        Lots of people like Microsoft - spare us and get over it.

      3. Anonymous Coward
        Anonymous Coward

        Re: Whatever happened to the great migration to IPv6?

        @bombastic bob

        I was going to read your post, but then you used the words "Micro-Shaft" at which point I lost all interest.

        It's a content filter I have built into my mind. Unless tongue-in-cheek, I disregard all posts that contain (or variations of)

        Microshaft

        Micro$oft

        Microsucks

        CrApple

        I do however allow Crapita, unless the the caps lock key has been abused.

    3. Anonymous Coward
      Anonymous Coward

      Re: Whatever happened to the great migration to IPv6?

      The problem is simple: there was no meaningful interoperability designed between IPv4 and IPv6. The idea was to replace the current Internet with a completely new one.

      If you are building a content service (e.g. web server, cloud service) and you only deploy IPv6, then most of your customers cannot reach you. You're not on the Internet. So you are forced to obtain IPv4 addresses to make it visible.

      On the access side (e.g. end users) you can give them IPv6, but if you were to do only that they wouldn't see the vast majority of the Internet. So you are forced to give them IPv4 access too - whether that be by NAT44, NAT64 or some other mechanism. You don't have to give each one their own IPv4 address, but at some point when they make an outbound connection to the IPv4 Internet, they'll be using an IPv4 address that you provided.

      Now you have a vicious circle. At the content side, they *could* deploy both IPv4 and IPv6. But it doesn't gain them anything, since putting content on IPv4 only, it's still going to be reachable by everybody. And hence there is no business pressure to do this; it's just a techie sideline.

      Hence IPv4 addresses have value, IPv6 addresses do not. That's not because of the lack of scarcity of IPv6 addresses, but because of the lack of usefulness. People want to be on The Internet, not this new thing which only a small fraction of Internet users are on.

      And it means that most of the big content providers don't care about IPv6, even the traditional "technical leaders" like the BBC, when there are more pressing things which need to be done.

      Google and Facebook are heavily invested in IPv6, and between them they probably have enough power to stop it collapsing entirely. Maybe.

      1. bombastic bob Silver badge
        Devil

        Re: Whatever happened to the great migration to IPv6?

        "On the access side (e.g. end users) you can give them IPv6, but if you were to do only that they wouldn't see the vast majority of the Internet. "

        not true, there are IPv6 to IPv4 gateway address ranges that map 1:1 from IPv6 to IPv4. One of those, the "well known" mechanism, is described here:

        https://en.wikipedia.org/wiki/IPv6_transition_mechanisms#NAT64

        (in this case the ISP would have to supply a NAT64 server to deal with the IPv4 connections)

        There are others, but generally speaking direct IPv4 to IPv4 would be preferred, yeah. This could ALSO be done via NAT, if the ISP-assigned IPv4 address is an RFC1918 address, for example. [cheaper services do this sometimes, yeah]

        1. Anonymous Coward
          Anonymous Coward

          Re: Whatever happened to the great migration to IPv6?

          > not true, there are IPv6 to IPv4 gateway address ranges that map 1:1 from IPv6 to IPv4.

          But there are no assigned "IPv4 gateway address ranges" on the IPv4 side. If you want to use any of these mechanisms, you need to use your own IPv4 addresses, which is back to the point of always needing IPv4.

          (There is RFC 6598; these are private addresses for NAT444, not public addresses for NAT64)

          > One of those, the "well known" mechanism, is described here:

          > https://en.wikipedia.org/wiki/IPv6_transition_mechanisms#NAT64

          > (in this case the ISP would have to supply a NAT64 server to deal with the IPv4 connections)

          They would have to supply not only the NAT64 router and DNS64 server, but also a pool of their own IPv4 addresses for the back-end of the NAT64 router.

          At that point, all their customers are sharing from this pool of IPv4 addresses, so they are in the same situation as they would be with NAT444 in terms of keeping individual connection records for handling police/abuse searches.

          In one key aspect, I agree with you. The advantage of NAT64 is that you can run *single stack* IPv6 at the customer edge. If people have only to build and deploy a single network technology and get full Internet access, then there is a chance it will work.

          However the message for the past twenty years has been that people should deploy *dual stack*. This means they have to deploy a fully complete and working IPv4 network, *and* an IPv6 network alongside it. But if they don't bother with the IPv6 part, they will still have a complete and working Internet connection. This means there is no business benefit (to themselves) in deploying the IPv6 part.

          Businesses are more savvy than you give them credit for. They will spend their time and money on things which make them money.

      2. Anonymous Coward
        Anonymous Coward

        Re: Whatever happened to the great migration to IPv6?

        > The problem is simple: there was no meaningful interoperability

        > designed between IPv4 and IPv6. The idea was to replace the

        > current Internet with a completely new one.

        You have NAT64, 4in6, 6in4, 4over6, 6over4, IP6 encoded IP4, allowing IP6 software to deal with IP4 connections... Both stacks can co-exist on the same host and network....

        What more could have been done? How are you going to hit an IP4 only device without using IP4?

        How are you going to make an IP6 header backward compatible with an IP4 packet when (amongst other things) the address length is bigger?

        > Google and Facebook are heavily invested in IPv6,

        > and between them they probably have enough power

        > to stop it collapsing entirely. Maybe.

        LOL. ipv6 is more prominent than you seem to think. It's taking ages, but it will get there. There's no chance of it collapsing, either with or without google... How much do you think IP4 addresses will rise to before people have enough? Besides, having an auction shows there is more demand that supply, so it already means some buyers are missing out.

        1. Anonymous Coward
          Anonymous Coward

          Re: Whatever happened to the great migration to IPv6?

          > How much do you think IP4 addresses will rise to before people have enough?

          Large businesses currently pay tens of thousands of dollars and more for a cool domain name.

          They will certainly pay tens of thousands of dollars for an IPv4 address, if without it they would be invisible to a large proportion of their customer base. It is simply *not an option* to deploy IPv6-only at the hosting side.

          Small businesses who want a web presence will go to a shared hosting provider which makes their content visible via IPv4. There are many ways they can share IPv4 addresses between customers: HTTP/HTTPS virtual hosting, reverse proxy, CDN etc. This is how services like CloudFlare work today.

          IPv4 addresses are still extraordinarily cheap: around $12 per address (that's a one-time purchase cost, not a per-month cost). When the price increases, what will happen is that they will be bought up where they are most valuable, which is VM hosting providers like Azure and EC2. This will cause a squeeze at the access side, where NAT444 will become more prevalent.

    4. jcurran

      Re: Whatever happened to the great migration to IPv6?

      Your mobile operators are already using IPv6, and the broadband companies are quickly catching up. Google tracks whether users are connecting via IPv4 or IPv6, and in the US more than 1/3 of all users are connecting via IPv6 (and this is rapidly growing)

      https://www.google.com/intl/en/ipv6/statistics.html#tab=per-country-ipv6-adoption&tab=per-country-ipv6-adoption

  2. Anonymous Coward
    Anonymous Coward

    Wishful thinking

    Well those /29 are bollocks. They're Comcast router p2p links.

    173.8.73.16 - 173.8.73.23 8

    50.78.242.128 - 50.78.242.135 8

    70.91.29.88 - 70.91.29.95 8

  3. Mike 16

    8 addresses, or 6?

    Or at most 7, even if we forget the "Sun Broadcast" address. Plus trying to convince your upstream to route such a small slice. We used to get grief about routing our paired class-Cs (for 512, er, 508 routable addresses).

    1. Anonymous Coward
      Anonymous Coward

      Re: 8 addresses, or 6?

      "Plus trying to convince your upstream to route such a small slice"

      I didn't realise it was even possible to get a /29 PI and expect it to be routed. Obviously it isn't impossible but if the routing tables fragment down to /29 then we will need some bigger routers!

      It is much harder to aggregate lumps of IPv4 address space than it is to fragment it ever further. Think of the entropy. It will continue to fragment and each lump will become more and more "valuable" but IPv6 will take up some slack and eventually we will hit peak IPv4 value (I'm going to guess around 2020).

      If you want a laugh, have a look at the huge numbers of address ranges on this and note how many bloody stupid little IPv6 ranges are also allocated: https://support.office.com/en-gb/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2 I stupidly tried to use one of those lists to tighten up a firewall rule set and giggled hysterically as another address was accessed instead by a DC syncing to Azure Connect that was close but not one of the documented ones. MS are shit.

    2. A Non e-mouse Silver badge

      Re: 8 addresses, or 6?

      You're assuming you use the /29s as traditional subnets. There's nothing to say you can't use it for 8 loopback addresses or /31s for point-to-point links.

  4. mark l 2 Silver badge

    Things aren't helped by the fact that the entire 127.0.0.0/8 range is reserved for loopback. And we have to different ranges for internal none routing networks. I guess when the standards were being devised they couldn't for see it ever running out

    1. elaar

      Using a /8 for everyone to use internally wasn't the problem, it was handing out /8 or /16 to Universities or large corporations.

      Regardless of whether people understood how popular the web would be, doing things like handing out 1/15th of the entire network to 1 particular company (HP) was idiotic.

      When configuring P2P links, we don't use /24 just for the hell of it, we use a /30, because we're not idiots.

      I work for two companies in the UK that have been allocated /16s. One uses 2 public IPs, the other 5. The reason the IPv4 space is fully used isn't primarily due to increased demand, but more due to awful planning and distribution.

      1. Anonymous Coward
        Anonymous Coward

        Back in the day ...

        You need to consider that RFC1918 and NAT were not things when most of the Universities and large corporations were establishing the Internet. And as Universities tended to have large sprawling networks with lots of end points, they could only be allocated those large blocks.

        1. Anonymous Coward
          Anonymous Coward

          Re: Back in the day ...

          Not to mention CIDR/VLSM were not things that existed back then. I'd argue that the biggest issue wasn't even the Class A networks, it was all the mom-n-pop ISPs and midsize companies that outgrew a class C.

      2. Anonymous Coward
        Anonymous Coward

        RFC 3021

        What, your gear doesn't support using /31s for P2P links?

      3. bombastic bob Silver badge
        Unhappy

        "Using a /8 for everyone to use internally wasn't the problem, it was handing out /8 or /16 to Universities or large corporations."

        wide scale IPv6 adoption would render those pretty much WORTHLESS in an auction. It's like they're hanging onto their property for the price to peak. Who wouldn't?

        Name-based hosting SHOULD have rendered the use of all of those IPv4 blocks unnecessary. And we KNOW the effect it has on institutions that still expose everything on a public IPv4 ['wannacry' anybody?]

        years ago a company I did work for bought a block of IPv4 addresses. Several XP boxen were set up with direct IPv4 addresses. As a poignant joke I used one of the 'net' commands on a remote computer [at my house] to pop up a dialog box on one guy's machine, thus pointing out the vulnerability. Couple THAT kind of exposure to the world with viruses and trojans and scanning that was happening in the early noughties, and it wasn't more than a WEEK before their ISP called them up complaining about "all of the DNS queries". Yes, a virus infection (on at least one of their exposed machines) was scanning to infect others on the internet. It was subsequently cleaned and everyone's computer went behind a NAT router.

        So... WHAT need is there for large blocks of IPv4 addresses, other than sitting on them until they're valuable enough?

        1. Nanashi

          Your problem there wasn't running XP machines with a public v4 address, it was failing to put them behind a working firewall. Moving them behind NAT wasn't necessary, you just needed that firewall.

          1. bombastic bob Silver badge
            Holmes

            "Your problem there wasn't running XP machines with a public v4 address, it was failing to put them behind a working firewall. Moving them behind NAT wasn't necessary, you just needed that firewall."

            the implied point is that NAT _IS_ a firewall. And there have been KNOWN vulnerabilities with Micro-shaft's "firewall" running on the same PC it's "firewalling" (because their vulnerable code is still "listening" even if you 'firewall' it). And do you REALLY want a firewall appliance that is capable of filtering and routing multiple IP addresses? That would be FAR more expensive than a simple NAT router that does the same job at a much lower cost (especially for a business with fewer than 10 employees).

            besides, the ENTIRE POINT is the total unnecessary use of IPv4 blocks. What, you'd want this just so you can have a public IP address on a workstation? It is POINTLESS! And, it's a built-in security problem. 'Wannacry' etc.

            If you need a fixed IP address because you run web services, that's different. But for nearly every OTHER use of the interweb, NAT is preferable for IPv4 anyway. Large blocks of IPv4 addresses assigned to major corporations who are NOT doing cloud-based services or hosting are just an excuse for them to hang on to a limited resource until it's profitable enough to sell.

            All of this should be obvious, though. Hence THAT icon.

            1. Lusty

              "NAT _IS_ a firewall"

              No, NAT isn't a firewall. Not even close to being a firewall. Also, firewalls don't improve security of a system anyway, they address poor administrators who leave ports open. That's not to say a firewall isn't useful, they save a lot of effort in locking down systems, but the open ports are just as vulnerable whether there's a firewall or not. Either way, NAT isn't a firewall.

              1. bombastic bob Silver badge
                Coat

                "No, NAT isn't a firewall. Not even close to being a firewall."

                you are arguing semantics and terms. Keep in mind that I've done kernel programming with netfilter modules on WiFi routers for money (it was a while back, but there ya go). Now, THAT is a firewall for sure! Not like the joke that Micro-shaft excreted for windows boxen.

                And your average NAT router runs netfilter/iptables (surprise!). And NAT does that one thing that firewalls are supposed to do: It stops intrusions from attempted connections on open ports, by blocking them. FIREWALL. Deal with it. I'll get my coat. Anything further on this topic, with someone who argues terminology and semantics, is a colossal waste of time.

                1. Nanashi

                  Heh, did you ever actually try using the NAT in netfilter when you were writing modules for it? I've used it, and I can confirm that it absolutely does _not_ stop any connections at all. All it does it change the IP address the packets appear to be coming from. That's all it's supposed to do, so it shouldn't be surprising that that's all it does.

                  If you don't believe me, you can go and set up some VMs and test how netfilter's masquerading works for yourself. I went and did this myself a while ago in response to commenters here telling me I was wrong, and the result was... I wasn't wrong. The NAT didn't block any connections.

                  For reference, my test consisted of setting up a router with... I can't remember the exact ranges, but let's say 192.168.1.x/24 on the "LAN" side and 192.0.2.x/24 on the "WAN" side, with two extra machines, one on each side, that each had their default routes set to the router. All machines could talk to each other. I then configured the router to NAT the source address of connections coming from the LAN (with netfilter's "-j MASQUERADE" target) so that they would appear to come from the router's WAN-side address instead. Guess what? Outbound connections from the LAN were NATed correctly, but inbound connections to the LAN still worked. The conclusion I drew from this is that NAT doesn't block inbound connections, because if it did then those inbound connections would've been blocked, and they weren't.

                  I also did this on a regular internet-connected subnet with exactly the same results.

                  If you can explain what I did wrong or misinterpreted in my test, then I'm willing to listen. But please don't tell me something that either of us could demonstrate is false just by trying it on a test network and looking at what happens.

                  1. Missing Semicolon Silver badge

                    .. I'll bite.

                    I know I shouldn't...

                    So, if you have managed to construct a NAT router that leaked LAN addresses from WAN to LAN, why don't all the other NAT routers out there do the same thing? Because, last I looked, they don't.

                    1. Nanashi

                      Re: .. I'll bite.

                      I assume by "leaks addresses" you mean "allows connections from outside"? Some do, but it's because most of them have an additional firewall that blocks the connections.

                      Don't conflate firewalls with NAT. Just because they run on the same device doesn't mean they're the same thing.

    2. Yet Another Anonymous coward Silver badge

      >Things aren't helped by the fact that the entire 127.0.0.0/8 range is reserved for loopback.

      Don't tell anybody - I sold 127.xxx.xxx.xxx for $10/address to Radioshack

      1. Anonymous Coward
        Joke

        "Don't tell anybody - I sold 127.xxx.xxx.xxx for $10/address to Radioshack"

        I wont tell, if you won't mention the 10.0.0.0/8 172.16.0.0/12 and 192.168.0.0/16 ranges I sold them...oddly not long before the went bankrupt.

  5. Anonymous Coward
    Anonymous Coward

    As part of bankruptcy proceedings, creditors will need to give their email and phone number, and purchase 10,000 packs of AA batteries.

  6. applebyJedi

    Harley Davidson

    I think the Hogs could do with sending some ranges back into the pool, don't they own a shed load?

  7. Roland6 Silver badge

    Is the block as a whole worth more than the sum of the individual addresses?

    Given the size of the blocks being put up for auction, I wonder if a cloud provider would find an entire block more useful and manageable than multiple small blocks distributed across the IPv4 address space...

  8. Martin Summers Silver badge

    "But with the addresses worth increasing amounts of money as companies try to expand, but resist efforts to shift over to IPv6, that approach has become untenable and the RIRs effectively turn a blind eye to the auctions."

    Well they really shouldn't, they should enforce the rules, otherwise what is the point of them existing as a body. It's only untenable to profit mongers who want to make money out of a community asset.

    1. joma0711

      "...It's only untenable to profit mongers who want to make money out of a community asset."

      Indeed. Sadly, looking at recent and current governments in the UK (and doubtless elsewhere), that seems to be the (modern?) way...

    2. jcurran

      RIRs are enforcing the rules

      The Regional Internet Registries are enforcing the rules - these are policies which are developed and adopted by the Internet operator community. What Kieran somehow muddled in the article is that these policies have changed over time, which makes perfect sense since the Internet and address availability have changed since the beginning of the Internet.

      /John

      John Curran

      President and CEO

      American Registry for Internet Numbers

  9. Trigonoceps occipitalis

    Arthur Daly Sales Ltd

    My friend Arthur has asked me to say that he has many IP addresses available in the 192.168.*.* blocks.

    1. Wiltshire

      Re: Arthur Daly Sales Ltd

      Re your friend Arthur and the 192.168.*.* blocks

      Strange. I've just bought some of those from Trotter's Independent Traders.

      1. Wiltshire

        Re: Arthur Daly Sales Ltd

        This time next year, Rodney, we'll be IP billionaires.

  10. Glen Turner 666

    Externalities

    So what's the cost to people running internet routers? We've taken a handful of route table entries and auctioning them by /24 increases the number of route table entries a hundred-fold. I think we should probably put a stop to this behaviour before it becomes endemic and filter out the more specifics of auctioned addresses.

  11. Kevin McMurtrie Silver badge

    Pegboards of old IP addresses

    They're going to print the IP addresses individually onto little pieces of paper and seal them in blister packs selling for $19.99. The sale will be staffed with teens that are going to quit the awful job as soon as they make enough money to get out of town. "May I have your phone number?"

  12. Bob Hoskins

    IPv6 Migration

    Is not going to happen. It's just too insane a standard and a solution to a problem that doesn't exist anymore. If you can't solve it with NAT and CIDR and a little creativity you should not be in IT.

    1. jcurran

      Re: IPv6 Migration

      Bob - It already is happening... nearly 1/5 of the worlds traffic is over IPv6, and growing rapidly -

      https://www.google.com/intl/en/ipv6/statistics.html

  13. JeffyPoooh
    Pint

    IPv8

    I'm holding out for IPv8.

    ;-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon