IP addresses are in short supply – the pool is drying up. Some time before hell freezes over, or even cools noticeably, we will all need to move to the wider vistas (so to speak) of IPv6. This will bring its own “interesting times” to the security world. (Try port-scanning a single IPv6 subnet. Let me know if you finish in your lifetime…)
As the oversight organization IANA gets requests for new IPv4 address space, it hands out space that is currently “unused.” (I put “unused” in quotes for a reason.)
So why should you care about such administrivia? Because this time, they handed out a space that you are quite likely to be using already! Not that you should be using it – I’m just saying the odds are pretty good that you do, and once it belongs to somebody else you will have problems.
Why would you be using someone else’s space? Because of the way networks are built and maintained. Most corporate networks include some “Wild West” spaces where time-pressured projects get done without thinking about long term consequences. (Some networks are basically all Wild West, end to end.) The problem is that once IT fabric is set up, operators are loath to take it down again. Who knows what might depend on this strange corner? If you know your organization is different, and everything is done with due care and deliberation, and any messy projects get cleaned up promptly, then feel free to stop reading here (and congratulations).
Now that the irrationally optimistic have surfed elsewhere, what exactly has happened? As of January 2010, IANA marked the space of addresses of form “1.*.*.*” (aka 1.0.0.0/8) as allocated. This means it’s been given to an Internet address registry (APNIC in this case), and they in turn will hand it out as requests for new space are filed. Just how rapidly the addresses will be doled out to end users is not clear, but it’s now inevitable that this space will begin to see active use. For details, take a look at their reference list here:
http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt
(Look for “001/8″, near the top of the table, and note the minty-fresh date.)
At RedSeal, we have quite a bit of experience mapping out corporate networks, and we’ve seen a great many cases where parts of this address space (1.0.0.0/8) are in use. Why? Well, think Wild West. You need to bring up something temporary, you don’t want to go through all the overhead of formal allocation, and your quick solution isn’t going to last, right? So you just think up something quick that isn’t being used by anyone you know about. People routinely pick addresses like “1.1.1.1″, or “1.2.3.4″. (You also see a lot of “10.10.10.10″, especially in labs, but that’s another story.) Why don’t they go for something random, such as 208.47.89.62? Well, because that almost certainly belongs to someone. The example I picked at random happens to belong to Qwest Communications. If I want to talk to Qwest from those addresses, it’s not going to work–Packets won’t know if they are coming or going!
OK, so network teams under pressure to build quickly pick addresses from known “empty” space–especially 1.0.0.0/8 because it’s easy to remember. Unfortunately, IANA just decided to allow new colonists into that space. Soon, the address “1.2.3.4″ is going to belong to someone, and you won’t be able to talk to them if your network thinks “1.2.3.4″ still belongs to you.
So what’s the easiest way to check if this change applies to you? If you use RedSeal, it’s really easy – open up the client, go to Maps and Views, set the View to Subnets, and open the Trusted folder. This folder is sorted, so any subnets from 1.0.0.0/8 will pop right to the top of the list. You can see how many you have, and you can open any of them to see where in the network the addresses are being used. If you have any, I recommend you open a ticket saying it should be changed to use truly private (RFC-1918) space as soon as reasonably possible – include the reference to the IANA update for anyone who didn’t hear about the change.
