To Squat or not to Squat? [Archived]

By Cathy Aronson

Cathy Aronson’s crash course in ISPs adding to RFC 1918 space with unrouted IPv4 address blocks.

Recently I got an email from a colleague at a sizable ISP. He said his boss wanted to know whether it was safer to use 22.0.0.0/8 or 30.0.0.0/8 for additional RFC1918 address space.

I have to say I was shocked. I thought maybe I didn’t understand him. I rewrote back, “Are you saying that you are going to use 22.0.0.0/8 and 30.0.0.0/8 as additional RFC 1918 space?” His answer, “Yes”. I was shocked. I did not know this was happening. Certainly this had to be an isolated incident? It is an incredibly bad idea for so many reasons that I’ll talk about as I go on here.

Since I was on my way to IETF 94 in Yokohama the next week I decided to look into this matter and see who is doing this. A number of people talked candidly to me about this situation.

Before I left on my trip I did some googling to see what I could find out there on the net about this. I have attached some links below. It amused me that a large number of folks out there are seeing these addresses in their traceroutes and thinking it’s government surveillance. Of course that’s not at all the case. The not so amusing part of my googling was that there is a lot of this squatting happening out there on the net.

It turns out there are a LOT of organizations considering squatting on other organizations address space. Some of them include large ISPs, cable providers, and large enterprises.. The blocks used are not just 22.0.0.0/8 and 30.0.0.0/8 but there are discussions (see links below) of companies using 7.0.0.0/8 and 25.0.0.0/8.

I talked to another colleague at a large enterprise that is currently using 25.0.0.0/8. He heard that the UK Government (the 25.0.0.0/8 block belongs to the UK Ministry of Defense) may soon sell their rights to this block and it will be globally routed. There are folks trying to persuade the UK government to not sell, but it worth a tidy sum of money.

So why is this a bad idea? It is a bad idea because someone else holds rights to these blocks. If the rightful entity decides to route them or transfer them to someone else who then routes them, then everyone has a problem. The network that is squatting will not be able to get to the legitimate users of the block. The legitimate user of the block will not be able to get to a sizable number of eyeballs on those squatting ISPs’ networks.

How likely is this problem to occur? I would think that due to IPv4 address exhaustion it will become likely that some of these blocks will end up in the global routing table. For a while IPv4 address blocks will be worth quite a bit of money and it will be tempting for owners of such blocks to transfer them to whoever is willing to pay the most.

When a block like this becomes routed globally any ISP who is squatting on the space has to quickly renumber a large number of devices. This is not a trivial amount of work. That time would be better spent connecting all these internal devices via IPv6.   At least one ISP I talked to said they were using some squat space as an interim step until all the devices could do IPv6. I am not sure why others are not spending their time and energy deploying IPv6, but they are setting themselves up for a major crisis in the future.

Links of discussions of this squatting:

These are about 7.0.0.0/8:

http://www.dslreports.com/forum/r25679029-Why-is-my-first-hop-to-a-DoD-assigned-IP-address

http://www.dslreports.com/forum/r26519598-First-hop-to-DoD-in-Ohio

http://www.abovetopsecret.com/forum/thread761697/pg1

These are about 25.0.0.0/8:

http://android.stackexchange.com/questions/11388/are-tmobile-using-bogus-dod-ip-addresses-bogons

http://www.dslreports.com/forum/r27324698-LTE-access-early

https://www.reddit.com/r/conspiracy/comments/1sql0i/if_you_have_an_android_you_can_find_out_where/

These are about 30.0.0.0/8:

http://blog.erratasec.com/2013/12/dod-address-space-its-not-conspiracy.html#.VkAG28qTnL0

Some other providers who are doing this:

http://hardforum.com/archive/index.php/t-1776268.html

https://www.reddit.com/r/networking/comments/1ylnr8/ipv4_squat_space/

Photo by Dominik Van Opdenbosch

Any views, positions, statements or opinions of a guest blog post are those of the author alone and do not represent those of ARIN. ARIN does not guarantee the accuracy, completeness or validity of any claims or statements, nor shall ARIN be liable for any representations, omissions or errors contained in a guest blog post.