Minutes before Trump left office, millions of the Pentagon’s dormant IP addresses sprang to life: WaPo

Since Snowden's announcements of the technological sneakiness of the NSA, I am not at all sure what opening extra addresses would add to their capabilities. They can already read whatever they want. Any advances would come in cryptography and in compromising further software and hardware, not in watching a few more packets. It may be that a group of previously unused addresses are needed for testing an interesting 'something' I suppose?
 

Tool

LE
I'd go with a combination/discrete of pen testing and/or new methodologies in detection of ddos attacks, or just trying to get a handle of what the Defense structure owns. Nothing to see, and no "nefarious" activity on this side.

Just curious as to them "giving up" 175 million IP's. How many do they own in total?
 
I'd go with a combination/discrete of pen testing and/or new methodologies in detection of ddos attacks, or just trying to get a handle of what the Defense structure owns. Nothing to see, and no "nefarious" activity on this side.

Just curious as to them "giving up" 175 million IP's. How many do they own in total?
Given the relationship between the Internet / ARPANet and the DoD I suspect the answer is "as many as they wanted".
 
I was a coder, and always regarded networking as “white man’s magic” (a phrase probably not allowed nowadays) but I did pick up the basics.

I see nothing politically or financially sinister in the report (at the moment). For example, I believe MOD bought the world rights to all IP addresses beginning with a particular number and we let a third party manage that. MOD doesn’t actually need all those addresses.

On tbe basis that a simple reason is often the most likely option, this may just be the Pentagon outsourcing the management of those IP addresses or deciding it doesn’t need all the addresses it has.

But there is always the option that this is cyber-warfare related. By nature, internet traffic is not fussy which route it takes (although you can force it to take prescribed routes). It’s like travelling from Edinburgh to London: you can take the train, you can drive down the A1, you can get a bus to Edinburgh airport, fly to Heathrow then jump on the tube. Or you can get a train to Glasgow, bus to Prestwick, fly to New York, have your bags searched, then fly to Gatwick before jumping on the Gatwick express.

Internet traffic takes whatever route is available at that precise moment unless told otherwise.

If you can get internet traffic routed through addresses you control, you can interrogate that traffic. Similarly, if you can get your traffic only routed via addresses you control, your traffic cannot be interrogated by foreign powers. Bringing billions of previously unused addresses back into play brings lots of new potential routes.

Isn't that how they cracked some nefarious website that was on the Dark web, with its criminal users accessing via TOR a few years back? They had managed to get it routing through their servers and they started dropping off breadcrumbs to follow?
 
Isn't that how they cracked some nefarious website that was on the Dark web, with its criminal users accessing via TOR a few years back? They had managed to get it routing through their servers and they started dropping off breadcrumbs to follow?
Two things about TOR:

1. It's a US Naval Research project funded by DARPA
2. It's only as secure as your entry (and possibly exit) point is.
 
Just curious as to them "giving up" 175 million IP's. How many do they own in total?
No idea, but IPv4 allows about 4.3 billion unique IP addresses

Using MOD as an example, they own everything from xx.1.0.0 to xx.256.256.256.

That’s 1 x 256 x 256 x 256 which equals 16,777,216 IP addresses.

That suggests that the US are giving up about 11 of the first numbers, which is a little over 4% of all (technically) available IP addresses.
 

Tool

LE
No idea, but IPv4 allows about 4.3 billion unique IP addresses

Using MOD as an example, they own everything from xx.1.0.0 to xx.256.256.256.

That’s 1 x 256 x 256 x 256 which equals 16,777,216 IP addresses.

That suggests that the US are giving up about 11 of the first numbers, which is a little over 4% of all (technically) available IP addresses.
As mentioned upthread, DoD were instrumental in the original "Internet", (D)ARPANET, so would have taken what they thought they would need up front.
 
There may be nothing amiss at all but even leaving politics aside for a moment you can understand why an Investigative Reporter from the WAPO would question the announcement.

Stars & Stripes. Quoting WAPO & AP.

WASHINGTON — While the world was distracted with President Donald Trump leaving office on Jan. 20, an obscure Florida company discreetly announced to the world's computer networks a startling development: It now was managing a huge unused swath of the Internet that, for several decades, had been owned by the U.S. military.

What happened next was stranger still.

The company, Global Resource Systems LLC, kept adding to its zone of control. Soon it had claimed 56 million IP addresses owned by the Pentagon. Three months later, the total was nearly 175 million. That's almost 6% of a coveted traditional section of Internet real estate – called IPv4 – where such large chunks are worth billions of dollars on the open market.

The entities controlling the largest swaths of the Internet generally are telecommunications giants whose names are familiar: AT&T, China Telecom, Verizon. But now at the top of the list was Global Resource Systems – a company founded only in September that has no publicly reported federal contracts and no obvious public-facing website.

As listed in records, the company's address in Plantation, Fla., outside Fort Lauderdale, is a shared workspace in an office building that doesn't show Global Resource Systems on its lobby directory. A receptionist at the shared workspace said Friday that she could provide no information about the company and asked a reporter to leave. The company did not respond to requests for comment.

He wrote that the timing was "moments after the swearing-in of Joe Biden as the President of the United States and minutes before the statutory end of the administration of Donald Trump at noon Eastern time."

The AP and Post sent reporters to the listed address for the Global Resource Systems, according to reports. Both times, the reporters were turned away without information.
 
The answer is in the the story. You just have to understand the context. Basically, it's intended to deter Internet pikeys.
Brett Goldstein, the DDS’s director, said in a statement that his unit had authorized a “pilot effort” publicizing the IP space owned by the Pentagon.

“This pilot will assess, evaluate and prevent unauthorized use of DoD IP address space,” Goldstein said. “Additionally, this pilot may identify potential vulnerabilities.”

There are two types of IP network addresses, IPv4 and IPv6. IPv4 is the original one, and still the most common.

IPv4 is a 32 bit number, so there are roughly 4 billion of them. That should be loads, right? Well, it was when it started out, but now we've run out of them.

To deal with that they came up with IPv6, which is a 128 bit number, so there are loads more of them. However IPv6 is not backwards compatible with IPv4 and lots of existing systems want to see IPv4 numbers. So, there is a lot of resistance to switching to IPv6 instead of using IPv4.

That means that there is still a high demand for using IPv4 numbers. The demand is high enough that the rights to an IPv4 addresses are changing hands for increasingly large sums of money.

Now technically organisations that have these addresses assigned to them are not supposed to just auction them off, but it happens. The result is that there is a market for these addresses.

Now if something is worth money, then somebody will find a way to steal it, or at least to sell something that doesn't belong to him. Various companies have been selling or renting IPv4 addresses that they don't own but which the rightful owner aren't using. Organisations that own these addresses and want to use them are finding them in use by someone else altogether. It's like going on vacation and on coming home finding that a family of pikeys have moved into your house.

What the US DoD are doing here is having a company setting up the official Internet address system (this is the BGP routing that they mention) to say that "these addresses belong to us, and here's how you get to the proper servers that they belong to".

For example, somewhere there are multiple servers which translate "www.arrse.co.uk" into a numerical address. That numerical address get attached to your messages at your PC and is used by the switches and routers which connect the Internet together to get scaleyalberto's pictures of larger ladies onto your screen.

There is a system for setting up all the intervening hardware to make the connections to make this all happen. If someone else is also using ARRSE's IP address, then the messages aren't going to work properly. Someone in the UK might get the pictures from the scaleyalberto thread, while an expat in Thailand might get a powerpoint presentation from a car dealer in Singapore. I'm over-simplifying the explanation for the sake of those who don't want the long explanation so don't take that literally, but that gives you the general concept.


What the US DoD appear to be doing at the moment is to be doing some general reconnaissance to assert their claim on those addresses in order to deter other people from using them. The DoD might be thinking of using them, or perhaps selling them to raise cash, or perhaps for some other reason. The explanation they are giving though (as quoted above) is a reasonable one dealing with a known problem.

The ultimate solution to all this is for everyone to use IPv6, but that takes effort and companies running networks see it as time is money and they can't be bothered to do so until they finally have no choice.
 
Very, very interesting. Doug Madory knows his onions and is worth listening to.

A recent example is Cloudflare’s announcement of 1.1.1.0/24 and 1.0.0.0/24 in 2018

For a long, long time, the block beginning 1 - 1/8 - wasn't actually allocated to anybody and therefore shouldn't have been in use at all, but people insisted on using 1.1.1.1 or 1.2.3.4 for random things and there was a peer to peer VPN app - Hibachi? - that squatted in there. When it actually came up for allocation, RIPE did what it usually does and announced the routes itself ahead of time so everyone would see that they were now going to be in use...and got twatted by 10Gbps or so of crap.

Google very decently offered to collect the traffic for them in order to help work out what weirdness was growing in that space. IIRC a meaningful percentage of it was one particular system within T-Mobile Netherlands. Later, Cloudflare actually registered those two /24 blocks and did a similar experiment.

My guess, like Doug's, is that they wanted a really big honeynet to observe what's flying around and chose that moment so nobody would notice for a while.
 

OneTenner

LE
Book Reviewer
No idea, but IPv4 allows about 4.3 billion unique IP addresses

Using MOD as an example, they own everything from xx.1.0.0 to xx.256.256.256.

That’s 1 x 256 x 256 x 256 which equals 16,777,216 IP addresses.

That suggests that the US are giving up about 11 of the first numbers, which is a little over 4% of all (technically) available IP addresses.
Nearly, a class A address is xx.0.0.0 to xx.255.255.255 less the broadcast addresses, so that's 2,147,483,648 per digit in the first octet.


I need a drink now!
 
Last edited:
Isn't that how they cracked some nefarious website that was on the Dark web, with its criminal users accessing via TOR a few years back? They had managed to get it routing through their servers and they started dropping off breadcrumbs to follow?
Not sure about which one you're referring to.

Sabu was a famous victim of forgetting to use TOR. FBI identified him and rolled him up as an informant.


There's a bunch of good work been done on de-anonymisation of TOR, couple of years ago Portsmouth uni did good work. From memory this was the study which gave estimates of the amounts of child sex abuse material being transmitted over it.

But as ever, easier to attack the device or rely on human error than the TOR protocol.
 
I haven't read all the posts in this thread, but here's my take. The first part is all fact.

When IPv4 addressing got going, it was all under the control of the US government. They, and some US companies, bagged a big chunk of the available addresses and kept them for themselves. Why not, it's not like there were that many users foreseen. The DoD took control of a whole Class A block of addresses, which is about 0.4% of all those available to the whole world. I think it was 10 .x. x. x That is a lot of IP addresses (16.5 million+) when you consider that they are a finite resource.

Now the speculation bit. They have finally realised that they don't need them (all) anymore, for a number of reasons, and a lot of the reserved subnets or address blocks have been given up.

Not sinister at all, after all an IP address on its own is not a lot of use to anyone.

ETA: Having read a few of the posts now...I'd forgotten about IP Squatters, who sit on seemingly unused IP blocks to which they have no rights. I can imagine the US DoD had loads of unused addresses and wants to stop people using them for nefarious purposes, such as illegally piggy-backing on whitelists to gain access they shouldn't have, or mis-representing themselves as genuine US DoD sites/addresses to the outside world.
 
Last edited:
Isn’t that the American way? The US government has a history of setting up obscure companies to provide future deniability.

It’s just harder to do it without being noticed nowadays.

Without wishing to be confrontational, what makes people think this is so sinister? Is it a ”Trump grrrr” thing?
Might be the British way as well....there are lots of reasons you'd not want your IP to show and having a different one returned instead .
 
Last edited:
Might be the British way as well....there are lots of reasons you'd not want your IP to show and having a different on returned instead .
Possibly. But there’s nothing in the article suggesting the US DoD wants to spoof or hide addresses.

What seems to have sparked concern is a tenuous link to Trump. It’s opaque, no one seems to know who is doing this or why, no one knows who will benefit, and as it occurred on Trump’s watch (and as he is the worst human being who has ever lived) he must be benefitting somehow either directly or via a favour to a crony.

If it happened on cuddly Uncle Joe’s watch, people woul have found it curious, not sinister.
 

Nemesis44UK

LE
Book Reviewer
Possibly. But there’s nothing in the article suggesting the US DoD wants to spoof or hide addresses.

What seems to have sparked concern is a tenuous link to Trump. It’s opaque, no one seems to know who is doing this or why, no one knows who will benefit, and as it occurred on Trump’s watch (and as he is the worst human being who has ever lived) he must be benefitting somehow either directly or via a favour to a crony.

If it happened on cuddly Uncle Joe’s watch, people woul have found it curious, not sinister.

Playing Devil's Advocate with a healthy tin foil supply, it's easy -

Happened whilst Joe Biden was being sworn in, minutes before Trump leaves office.
By a company based in Florida
Mar-a-Lago is in Florida
Mar-a-Lago is owned by Trump
Trump is owned by Putin
Putin gets DoD secrets
Profit.

See?
 

New Posts

Latest Threads

Top