Most Elite IP Addresses
NB Please do not take it seriously.
There is in Russia a love for “criminal numbers”. Everyone knows about car numbers for cars. Gold phone numbers - are traded in all, and even officially. So, some time ago, even the news about a “beautiful number” of a passport with five zeros surfaced.
What about IP addresses?
')
In the illustration, a Cypriot Pizzehat brags about a thug (alas, telephone) 77.77.77.77. Although url
Well, let's say, some people can get a zero at the end of the IP. All you need is a larger mesh / 24 to use.
And two zeroes? / 15 sounds serious.
But the real majors are the owners of the addresses with three zeros. And no, I'm not talking about the proud owners of 10.0.0.0 and localhost root administrators, I'm talking about real elite white IPs. In the first approximation, it may seem that there are only 256 of them, but taking into account all sorts of multicasts, gray and experimental segments, local locks, etc., there are very few of them. If you believe IANA ( here ), then we have only 221/8 networks. That is, there may be 221 IPv4 thief addresses.
Armed with nmap, nping, whois and other tools, we study who are these happy people who can respond to addresses of the form X.0.0.0?
In fact, on the modern Internet it is quite possible to get yourself .0 (and others .0.0, .0.0.0), even if you use a small network - it is enough to cut / 32 and route through other addresses. Any kind of NAT address pool, unnumbered routes and other “unconventional Internet” in the area of ISP access for home users allow you to do all kinds ofhorrors of unusualness.
For example, if we have network facilities on 31.153.91.0/29, and 31.153.91.248/29 (it is quite possible to get this on a mediocre hosting, .0 by accident, and .248 is quite a common address for / 29), then we can (having access to routing) do this:
And on the host, we simply alias the address to our main interface:
After that, our address starts responding. Why? Because ip uses hop-by-hop routing. We look:
If .0 can happen to someone accidentally (after all, we have more than 8 million such pieces (129 * 255 * 255)), then with people with two zeros in the IP address there can be significantly less - about 32 thousand. As mentioned earlier, with only three zeros there can be only 129 people on the entire planet (for comparison, there are 71 Faberge eggs in total, and Pablo Picasso created about 20,000 works). In other words, solid IP for solid people. If we take into account that issuing x.0.0.0 for humanity and infrastructure is much more complicated than stamping a number of the type
So how many Real Solid People we have with Specifically Solid IP addresses? So to say the elite of elites, the highest cream of society, people who can afford to allow the modest charm of exclusive IP-addresses?
(after a few minutes with nmap)
Actually, we have only three representatives of the Elite Elite, the most serious and respectable Internet sites:
Call them by name:
It can be seen that all three are from explicit ISP ranges and are spent onhome hamsters who are unaware of their own elitism of home Internet users.
Four more nodes respond to pings, and nothing more.
Thus, it can be stated that the most thieves' addresses are spent completely ineptly. Among the rest (silver, XY0.0 type, which is expected to be about 32 thousand), as many as 2204 nodes responded to pings. Already not bad, right?
A casual user may notice that not only an address with zeros can be beautiful. 8.8.8.8 (one of two public dns servers of google'a) - why not a “beautiful” address?
But the real geek knows that because of the peculiarities of the routing device in IP networks, it is the multi-zero addresses that are the most difficult to organize and obtain. The rest (well, except for “XXX.255.255.255”, of which, by the way, only 10 pieces are responding) are too trivial and may interest only an inexperienced user.
There is in Russia a love for “criminal numbers”. Everyone knows about car numbers for cars. Gold phone numbers - are traded in all, and even officially. So, some time ago, even the news about a “beautiful number” of a passport with five zeros surfaced.
What about IP addresses?
')
In the illustration, a Cypriot Pizzehat brags about a thug (alas, telephone) 77.77.77.77. Although url
77.77.77.77 77.77.77.77 would look much more interesting .Well, let's say, some people can get a zero at the end of the IP. All you need is a larger mesh / 24 to use.
And two zeroes? / 15 sounds serious.
But the real majors are the owners of the addresses with three zeros. And no, I'm not talking about the proud owners of 10.0.0.0 and localhost root administrators, I'm talking about real elite white IPs. In the first approximation, it may seem that there are only 256 of them, but taking into account all sorts of multicasts, gray and experimental segments, local locks, etc., there are very few of them. If you believe IANA ( here ), then we have only 221/8 networks. That is, there may be 221 IPv4 thief addresses.
Armed with nmap, nping, whois and other tools, we study who are these happy people who can respond to addresses of the form X.0.0.0?
Technological insert
In fact, on the modern Internet it is quite possible to get yourself .0 (and others .0.0, .0.0.0), even if you use a small network - it is enough to cut / 32 and route through other addresses. Any kind of NAT address pool, unnumbered routes and other “unconventional Internet” in the area of ISP access for home users allow you to do all kinds of
For example, if we have network facilities on 31.153.91.0/29, and 31.153.91.248/29 (it is quite possible to get this on a mediocre hosting, .0 by accident, and .248 is quite a common address for / 29), then we can (having access to routing) do this:
( )
ip route 31.153.91.0/29 via 31.153.91.250
And on the host, we simply alias the address to our main interface:
ip address add 31.153.91.0/32 dev eth0
After that, our address starts responding. Why? Because ip uses hop-by-hop routing. We look:
- does the router know what to do with the packet at 31.153.91.0? He knows. Send to 31.153.91.250, which is, let's say, directly connected (that is, the router in this network has its own address, for example, 31.153.91.249/29).
- Our server knows what to do? Of course, he has this address on the interface is registered. We receive an ip-package with such dst, we process. If there are still doubts about MACs: when routing, the MAC address of the router is substituted in mac-dst (and ip-dst does not change), and in the case of directly connected, the mac-address of the destination node is substituted in mac-dst. That is, from the point of view of the recipient, he cannot even find out, traffic is “routed” to him, or sent as to an end node.
- After the answer is generated, the address 31.153.91.0 falls into ip-src. In the ip-dst gets the address of the sender (someone from the Internet).
- The package "on the Internet" goes through the default gateway (default gateway). Which (we assume a primitive installation) is allocated on the network 31.153.91.248/29, that is, for example, 31.153.91.249. What we have with this “other” ip-src doesn't bother anyone - we have dst-based hop-by-hop routing, that is, when routing, they look only at dst.
- The router receives the packet “to the Internet” and processes it “as usual”
Returning to the gilded IP
If .0 can happen to someone accidentally (after all, we have more than 8 million such pieces (129 * 255 * 255)), then with people with two zeros in the IP address there can be significantly less - about 32 thousand. As mentioned earlier, with only three zeros there can be only 129 people on the entire planet (for comparison, there are 71 Faberge eggs in total, and Pablo Picasso created about 20,000 works). In other words, solid IP for solid people. If we take into account that issuing x.0.0.0 for humanity and infrastructure is much more complicated than stamping a number of the type
oOOOoo|78 , then the number of actually available .0.0.0 is much less. Why? Because in classic routing, “all zeros” in the host address means “network number” and nodes are not assigned. Any provider with a “classic routing”, having gotten X.0.0.0 / 21, will most likely lose this address (even if it cuts the network on a subnet - the resulting X.0.0.0 / 29 will still have X.0.0.0 as a number network).So how many Real Solid People we have with Specifically Solid IP addresses? So to say the elite of elites, the highest cream of society, people who can afford to allow the modest charm of exclusive IP-addresses?
(after a few minutes with nmap)
Actually, we have only three representatives of the Elite Elite, the most serious and respectable Internet sites:
Call them by name:
- 84.0.0.0 - WD My Cloud Ex admin panel (Magyar Telecom, Hungary, DSL pool, according to PTR).
- 117.0.0.0 - something strange, covered by http-auth, "TD-8840T". Vietnamese Telecom Online Technologies LTD.
- 151.0.0.0 is a weird http that returns an empty response. Ukrainian telecom Online Technologies LTD, Donbass.
It can be seen that all three are from explicit ISP ranges and are spent on
Four more nodes respond to pings, and nothing more.
- 75.0.0.0
- 92.0.0.0
- 109.0.0.0
- 112.0.0.0
Thus, it can be stated that the most thieves' addresses are spent completely ineptly. Among the rest (silver, XY0.0 type, which is expected to be about 32 thousand), as many as 2204 nodes responded to pings. Already not bad, right?
Editor's sidebar: during the editing and formatting of the article, everything has changed. Now we have 19 IP addresses that respond to pings, and of them http (s) was only on: 117.0.0.0 , and at least some reasonable network activity (tcp) was only on one more node: 61.0.0.0
Comment
A casual user may notice that not only an address with zeros can be beautiful. 8.8.8.8 (one of two public dns servers of google'a) - why not a “beautiful” address?
But the real geek knows that because of the peculiarities of the routing device in IP networks, it is the multi-zero addresses that are the most difficult to organize and obtain. The rest (well, except for “XXX.255.255.255”, of which, by the way, only 10 pieces are responding) are too trivial and may interest only an inexperienced user.
Source: https://habr.com/ru/post/253343/
All Articles