Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Got a /22, cool things to do with it?
92 points by dosguy42 11 months ago | hide | past | favorite | 89 comments
Through some weird happenings I've recently got access to an /22 and its ASN. Now I'm looking for some fun things to do with it, things which are only possible with such a "large" number of IPs. Any suggestions?



Realistically, you should sell it while it's valuable. Take a look at IPv6 adoption. I know, I know, "IPv6 will never be here blah blah blah", so the naysayers say, but look at what Google is getting now, for instance:

https://www.google.com/intl/en/ipv6/statistics.html

We're counting down the years before IPv6 will become the major protocol, after which, IPv4 addresses will slowly start to loose value.

"But it's only FAANG, noone else has IPv6!" Just not the case anymore. But even if, most people don't care about anything else anyway. I have a friend who helps to operate a university dorm network. Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).

Anyway, that's still at least a few years away though, you can have some fun with it for now :)


> Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).

The fact that the "sad part" is that the student only uses big tech websites and not that this netop was able to do something like this with no alerting or guardrails says a lot about HN's culture these days.

In general I wonder what kind of alerting these dorm ISPs run. Do they ever do reachability tests for devices on their network?


Some university networks are run tightly, others are rather loose when it comes to security, monitoring and debugging network cables that are syncing up at lower speeds. Really depends on who is staffing the IT team...

Many older universities give you a public IPv4 address with no NAT when you plug into a network port.

OP, one neat thing you should try is broadcasting a /25 through /29 and seeing which ISPs this is routable from (eg: Lumen (aka Centurylink/Quantum), Verizon, T-Mobile, AT&T, Comcast, etc). There are a number of blocks smaller than /24's being broadcast, and it would be quite interesting to see which ISPs are willing to route traffic to smaller blocks.


There's a management system that assigns IPs automatically, written in-house in the late 2000s, but yes, anything there can be manually overridden. He was probably diagnosing something earlier and forgot to clean up. Meanwhile, new students moved in I guess.

Missing IPv4 addresses are not reported as some systems are left IPv6-only intentionally. It's a dorm network, but it's sort-of a research project at the same time. It is also run by students themselves (there's a "student's union") and the school does not pay or maintain the dorm's infrastructure.

I know alerting is done for some things, but not for the individual student's machine. This is different for every dorm, but in this case, a wired symmetrical gigabit connection is provided to every member student, public IPv4 and IPv6 included. The only restriction is to not download torrents, besides that, pretty much anything can be arranged, including opening port 25, routing additional IPv6 prefixes, hosting...

It's a very free environment is what I'm getting at.


Why is this data so spikey[1]?

Are the spikes in IP6 usage driven by work, home or mobile?

[1] https://files.littlebird.com.au/Shared-Image-2024-01-13-12-0...


Good question! It's spiking up on weekends, the reason for that is that corporate networks are not as incentivized as large public ISPs to adopt IPv6. They have a lot more customers and are more directly affected by IPv4 exhaustion, especially the mobile providers.


Interestingly enough if you zoom in you'll notice that all the tips of the spikes are Saturdays.


I'd guess work VPNs don't implement IPv6 (why would they, if they only need to share 1 IPv4), which results to home internet usage being higher on the weekends.


> the student casually mentioned that only Google, Facebook and other big sites seem to work

tragic :sob:


Setup a competitor to Cloudflare tunnel.

People want to host Internet services from their homes. They don't have static IPs, and/or they don't want to open their home IP address directly to the public, for good reason.

You can setup some wireguard servers with static IPs. Then people can tunnel their services running at home through your servers. They avoid the cost of having to pay for cloud hosting, and you provide a shield so that they aren't exposed.

Obviously, the IP addresses on their own aren't enough to make this work. You're going to need some computing infrastructure. But you won't need lots of storage and compute. You'll mostly need bandwidth and networking equipment. The thing is, getting IP addresses is harder than getting hardware and bandwidth. You already did the hard part.


The hard part is when all of the malware c&c and CP is now being served from your network.


You know, at some point, in the interest of a free internet we should consider whether penalizing the mostly-benevolent-cogs along the way is the right way to go about it. It's not like someone operating that service is specifically consenting to every packet that flows through them so it shouldn't be treated in a court room as if they gave their explicit blessing for whatever malfeasance came to happen.

I don't accept the argument that by attempting to benefit the common good that one must be responsible for what happens or how that's used. Many items and actions of good will can be weaponized, in ways that the media finds odious like the things you mentioned, but nobody comes after the cell phone operators, the ISPs, they attack the weak link that cant afford representation in court - the solo and small operators. It's stupid and I'm surprised it fools the voter base in the current epoch.


The moment you give someone an opportunity to create outbound connection to port 25 from your IP, you are certainly risking (well, guaranteeing) those IPs to be listed at various blocklists.

And you will be the one that will have to deal with abuse complaints.


Unfortunately its intractable to separate oblivious rubes from willing accomplices.

Thankfully we have common carrier protection laws that people can argue they're protected by or not.


Yeah, that's a huge issue.

Like, just look at Playit.gg, they have issues with both ip blacklists and domain blacklists (+ safe browsing warnings)

T-Mobile is a big one that apparently blocks their ip ranges.


Why would you need unique IPs for this? This entire setup can work perfectly fine with a single public IP address if needed.


I'm not sure it can?

My interpretation of what's been suggested is basically an ip you can port forward, as if you had a public ip.

For example, let's say you want to run a minecraft server for your friends from your home. You use this hypothetical service to get an ip you can use, and tunnel the needed ports in to your network (and ultimately, your minecraft server).

This couldn't be provided with a single ip, since at best that would limit you to selling off individual ports. The product becomes worthwhile if each customer has their own ip.


You can still do it off of one IP but it becomes more expensive as you now have to understand the protocol, and to route based on the handshake.

For tls1.2, that's usually routing based on server name identifier in the ClientHello and you can do it pretty trivially

For Minecraft.. you would probably need to write your own proxying logic. But as long as the protocol includes some info on what it's trying to connect to you could still do it.

Alternatively you could do it like the old quakeworld spectator proxies and just write a custom Minecraft server people connect to that then presents a menu in game to pick a server that it then connects to.


It's a very different product then.

The fixed ip product more or less lets a user use it for anything they could with their own static ip.

The single ip product only allows the end user to use protocols for which you have built forwarding logic. For some, like sip or http, this would be simple, but for others you would need a much higher understanding of the application protocol.

One is a geeks Swiss army ip, the other is "now you can self host one of these 5 services, some or which might stop working if the application makes breaking changes."


That's a layer 7 proxy/router and would require a lot of application specific logic. If you want a static IP for your home network, you want it routed directly.


That won't work if you want reuse incoming port numbers across customers.


Ngrok already exists, so between them, cloudflare, and tailscale, this market already has a lot of players.


It is getting increasingly difficult for Tor exit operators to find ISPs that are willing to let the relays "poison" IP space. I know the torservers.net non-profit has a /22 that it manages and assigns to relay operators. If that's something you would like to support, the Tor community would surely appreciate it.


Aren't most of the Tor exit nodes widely thought to be run by government agencies? People thought that was true at a security firm I used to work at. I wouldn't be surprised if Tor was a honey pot designed to catch people doing nefarious things.


It's not. The entire purpose of Tor was for US spies overseas to be able to make anonymous secure communications. They opened it up to the rest of the world, because if the only people using Tor are US spies, it's pretty easy to tell what someone's using it for.

Governments also run a lot of relays and exit nodes for a similar reason. Not to make it easier for themselves to identify traffic. For no one actor to have a majority of nodes, which would make it a lot easier to identify traffic.


> I wouldn't be surprised if Tor was a honey pot designed to catch people doing nefarious things.

So far, the high profile busts involving Tor all involve some other weaker link in the chain, such as traffic analysis[0], a CI, a targeted sting operation. etc.

If this is the case and your hypothesis is true, then it appears to be unnecessary on their part, since all the folks they're prosecuting are those for whom other evidence is more readily available.

(Before someone replies with "parallel construction": the point of parallel construction is to use methods that are easy but illegal to obtain evidence that can be used to help find "legal" sources of evidence that would otherwise not be easy or feasible. That doesn't really apply here, where the illegal (or in this case, secretive) method is more work than the "official" method).

[0] e.g. that case a decade ago where a student called in a bomb threat using Tor, and the university was able to determine that exactly one person on campus was using Tor at that time - not by compromising Tor itself, but because Tor traffic is detectable by ISPs.


> So far, the high profile busts involving Tor all involve some other weaker link in the chain, such as traffic analysis[0], a CI, a targeted sting operation. etc.

(If I recall, the Snowden files also contained a claim by NSA that they could not break Tor.)


Assuming that was true - wouldn't it be much easier to simply remove their exit nodes, making Tor intolerably slow, let the users leave for alternatives like VPNs, and then just buy up some VPN providers through shell companies?

After all, with a VPN you get to see source and destination IPs, username, e-mail, payment information, and maybe they even download your connection tool and run it as root.


You assume that the same part of the government that runs it wants to stop crime.

If you control the exit nodes, you can snoop on the content, even if you don’t have the destination. The goal for governments isn’t catching crime, it’s spying on secrets. Same way WikiLeaks was supposedly started by snooping on Tor traffic.


The traffic is almost all SSL-encrypted, so all you get to snoop on is the fact that someone unknown is connecting to https://www.example.com

Anyone browsing non-SSL sites through Tor is a fool, because malicious exit nodes are well known to exist, doing things like replacing bitcoin addresses in unencrypted web traffic. You don't need to be the NSA to benefit from doing that.


Or just get a FISA warrant for the VPN provider


Even if that were true, how would it work practically? For anyone who might be interested in identifying or tracking you, how would they "use Tor" to look up your identity? Over 200 countries, across all government agencies, and then including non-governmental actors? Maybe a Tor user isn't trying to protect from "the NSA" (or whoever you think is "running the Tor network")?

And, again assuming this is true, how would any other technology protect you better?

Especially people working at "a security firm" should know that security is not black and white, but has many dimensions to it.

And then, here we are talking about diversifying relay operations, so even if you believe the rest of the network to be totally compromised, it would still add some net benefit, no?


Others have already presented good reasons that's unlikely, but either way - and especially if that is the case, then all the more reason to add non government exit nodes.


do you not know why Tor was actually created?

https://en.wikipedia.org/wiki/Tor_(network)


I run a largeish Tor relay family on rented servers and have thought about running exits on my own "ISP" for quite some time. I already have an ASN and IPv6 addresses but Tor needs v4 and those are prohibitively expensive to buy and leasing is not possible because of the blacklist problematic. My email is in my profile if that is something you want to support and could spare a /24 of your assignment.


Depends on what you plan to do with it long term I think. If you have no plans to make it commercially viable, then I agree with the other poster who recommends using it as blocks friendly for ToR exit node operators and/or similar style services (e.g. public nitter instance). You could delegate /24's as-needed for individual sites. Exit node operators tend to be technically clueful, so they will understand what will need to be done to make this work.

However, that will likely put that /22 on quite a number of blacklists out there for an indefinite period of time.

Other than honeypot stuff or more grey area things like botting/scanning having a zillion IPs really isn't super interesting unless you have customers for them, in my opinion.

If I were in your position I'd simply lease them out until I have a real use-case for the block. This can also carry reputational risks of course as well. IPXO is a market I've used in the past to accomplish this, although others do exist.

I do think having a block of IPv4 and an ASN is definitely a nice strategic asset to keep around if at all financially viable to do so. The cost of ARIN/RIPE registration isn't crazy, but is more than an individual would typically want to carry. Leasing out your unused strategic asset to at least pay for itself until you might need it seems prudent to me.


> ToR exit node

FYI it is spelled Tor, not ToR and not TOR.


Onion is the most salient part of the name so I propose "tOr".


Had a similar situation with a /16 at a research institution. Deployed non-interactive, multi-service sinkhole type honeypots across the entire /16 and collected a massive cache of data. A lot of fun developing something that could scale on that size of network. We used Go for the honeypots and Clickhouse to analyze the TBs of data.


Can you elaborate on the honeypots a bit more? What honeypot software did you use? Which services were most popular and effective?


I'm a former neteng and I'm having a really difficult time coming up with anything that is remotely interesting. I'm not going near running a Tor exit node.

With proxies and NAT I really can't think of a single thing I care about doing with tons of ips.. I feel uncreative here.

You could get into some form of webhosting but not everyone needs a public IP since apache/nginx proxy everything for wordpress and you'd just do hostname routing.

Selling the space either entirely or per block/IPs might be interesting since the price of IPs has gone way up.


Aa awful of a lot of people _think_ they need dedicated public IP's for their hosting though.


It's sure a lot easier with a dedicated public IP.


A lot of people here are assuming ownership but your post says "access". Can you clarify if this is a /22 you have rights to manage through something like an employer or a /22 you have full personal ownership of?


If you can think of more fun things to do with cash, I'll buy them from you.


You answered what OP can do with them, but you didn't answer what cool things can be done with them.


Making $30k isn't cool?


Maybe this can be a better (crowdfunded) open dyndns network?

Eversince dyndns got bought all similar services went to shit, and people that want to self host are very limited in their options...and most public hosting providers oblige to DMCA bogus spam way too often, so a lot of valueable knowledge has been lost over the last years of carrier-grade NAT rollouts.

This might be a nice way to counteract this, and have a community of self hosted blogs or similar. Could use user subdomains, so reverse proxies and letsencrypt is easier to setup (and potentially integrated in the public suffix list) and could focus on maybe ssh and https only as protocols/ports.


If learning is "fun" for you, you can play around with BGP and build your own global CDN with Anycast.


Unless you actually have several machines spread around the globe, you're not building a "global" CDN.


Well if it’s for learning, you can rent vms from hosting providers. That’s a fairly inexpensive way to learn about BGP with a global “toy” CDN.

I have a small ipv6 subnet I purchased for just this purpose. It was interesting setting everything up in multiple locations and seeing traffic routing around as I turned machines on and off.

I also set up my machines as a reverse proxy of a sort, a small fake CDN, and experimented with caching at different locations and moving content around.

I would have gotten a bit more serious about it, but I’m still on the waiting list for an ipv4 subnet after 2 years. And pretty sure it would be too expensive now. Would have to check though.


What are /22 and ASN?


It’s a way to represent a range of IP addresses. Using CIDR notation. https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing

OP is saying that they have control of 1022 public IP addresses.


Normally when you buy a static IPv4 address you get a single "1.2.3.4". OP is basically saying they have access to something like "1.2.[0-3].[0-255]". /22 is a fancy way of describing that kind of slice in CIDR notation. So they have 256*4=1024 IP addresses in total.


> Normally when you buy a static IPv4 address you get a single "1.2.3.4"

Is it common to purchase (to own, not "rent" as what you get from cloud platforms) single IP addresses? I thought they were always bought/sold in blocks.


No, in general, the smallest block of IPv6 addresses you can "own" is /24. You have to pay yearly fees to your RIR (Regional Internet Registry) as an ANS (Autonomous system). Think of it as owning land and paying a land tax.


I have a /24 registered in the early 90's. I pay no registration fees for it since it's a legacy block.


I should have said lease instead of buy, yes.


I think it's 1022, as the first and last one in the block are the gateway and broadcast address, right?


That's the recommendation, yes, but even then all 1024 are in your control and you can do whatever you want with them.


IP Subnet with IIRC 1024 IPs, and Autonomous System Number respectively.

ASN:s are related to BGP, the Border Gateway Protocol, which is part of how the IP network is organized.


To explain a bit more: the first 22 bits (of the 32 bit IPv4 address) are fixed, so there are 10 free bits = 1024 addresses.


This is a fantastic, simple explanation of subnetting and CIDR notation. Well done.


.22s are light calibre weapons good for plinking and vermin...

Oh, not that kind of .22. An IPv4 /22 is a network segment where the /22 stands for the number of bits used for the network address. Since an IPv4 address is 32 bits wide this leaves 10 bits which can be freely assigned by the address 'owner'. Those 10 bits (1024 addresses) can be used for individual hosts or the range can be further subdivided into smaller networks, e.g. 4 /24 networks.

This type of network address is called a Classless Inter Domain Routing (CIDR [1]) address, this in opposition to 'class A/B/C' addresses which identify networks in 8-bit steps. A class A network is a /8, class B a /16 and class C a /24.

[1] https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing


I thought he meant .22 for a moment but asked myself: "of all the places to ask what to do with a case of ammo, why all HN?".

Then I realized it was probably some neteorking stuff


Thanks, that was a really good explanation.


Take it into the woods and shoot at tin cans and watermelons.


I'm glad someone else thought this!


I'm not sure of the going rate for such things currently, but a year or two back it was approximately $10k per /24.

So there is that possibility.


Boring, but at my last company, we got a /22 so we could run authoritative DNS on four separate /24s.

Maybe something something anycast in general.

Also, you don't really need a /22 for it, but maybe you can collect data on how much of the internet can't connect to hosts on .0 or .255 addresses. (Some firewalls block access to those as a misguided attempt to reduce smurfing.)

I have some ideas for path mtu testing where you'd setup a different IP for each MTU from 576 to 1500. It's overkill, but you could do it with a /22.


There is no consumer/hobbyist use case for an entire subnet worth of IPs. I can guarantee that whatever you want to do (and whatever people here are suggesting) can be achieved with a single public address. If you actually own this range, and don't have founding a networking company on your bucket list, your best bet is to sell it (can get something like $35K for it right now).


What does "got access to" mean exactly? Do you own it permanently? Or just have it to play around with? For how long?



Networking isn’t my thing but could this be used to create a VPN in order to federate a bunch of servers? I’m thinking something like Tilde servers that would benefit from running on their own subnet along with other trusted servers so they could provide services similar to the way they worked on the early net e.g. email, news, finger, etc?

Might be a stupid question and I could be way off base but worth asking.


Run a whole whack of ArchiveTeam warrior clients. :)


We can always buy it or rent it from you. :)

We always need more IPs. My direct email is julien at serpapi.com.


If you don't have a good use for them then you can sell them. There is a market for IPv4 and 3,4,5-digit ASN's.

ARIN does not frown on this marketplace, in fact they encourage it and even endorse specific brokers.


Note they have a new fee schedule, this would cost $500 in the fee to sell, and IPs are going for $48-$52 right now:

https://www.arin.net/resources/fees/fee_schedule/


In case anyone is confused, the $500 ARIN fee is per transaction, not per IP.

$48 x 1024 (IPv4 /22) = $49,152. For that transaction the ARIN fee is effectively 1%, considerably lower than the commissions charged by the brokers (which also comes out of the seller's proceeds).

The ARIN fee covers their staff time to review the transfer - specifically the history of the legal entities involved, which as anyone who has dealt with ARIN knows is extremely thorough.


Try running MetalLB on it. And use it to deploy load balancers based on BGP.

And then be disappointed at how the Internet is actually so fragile based on a lot of wrong premises and hidden stuffs.


Assuming the IPs are clean, you have the foundation for starting an a transactional emails send service (eg Postmark, Sendgrid, etc).


Do `traceroute6 cv6.poinsignon.org` but with IPv4?


I gives this for reference:

    traceroute6 to cv6.poinsignon.org (2001:bc8:3eff:c0::ff) from 2a01:e34:ec68:5f30:6ce3:1ef7:b198:a396, 64 hops max, 28 byte packets
     1  2a01:e34:ec68:5f30::1  2.320 ms  2.028 ms  1.642 ms
     2  * * *
     3  * * *
     4  * * *
     5  2001:bc8:0:2::11  4.029 ms  4.608 ms  4.318 ms
     6  *
        2001:bc8:0:2::20  5.587 ms
        2001:bc8:0:2::26  4.422 ms
     7  2001:bc8:400:1::8e  4.689 ms
        2001:bc8:400:100::cb  4.666 ms  4.945 ms
     8  2001:bc8:400:1::13e  1017.472 ms *  813.992 ms
     9  hello  3.597 ms  3.785 ms  3.915 ms
    10  my.name.is.louis.poinsignon  3.914 ms  3.750 ms  4.083 ms
    11  i.am.a.network.and.systems.engineer  5.913 ms  4.322 ms  3.886 ms
    12  this.is.my.resume.over.traceroute  3.832 ms  3.833 ms  3.860 ms
    13  o---experience---o  3.275 ms  4.009 ms  3.529 ms
    14  2021.apple.engineer.sf.usa  3.496 ms  4.197 ms  6.186 ms
    15  2018.cloudflare.engineer.sf.usa  4.406 ms  3.754 ms  4.213 ms
    16  2017.cloudflare.engineer.london.uk  3.704 ms  3.594 ms  5.262 ms
    17  2016.cloudflare.engineer.intern.sf.usa  3.950 ms  4.165 ms  4.197 ms
    18  o---education---o  14.514 ms  5.284 ms  5.510 ms
    19  2015-2016.drexeluni.exchange.ce.philadelphia.usa  5.520 ms  4.718 ms  3.956 ms
    20  2011-2016.utt.master.ce.france  3.853 ms  4.164 ms  4.386 ms
    21  o---skills---o  3.928 ms  4.617 ms  5.827 ms
    22  golang.c.python  3.833 ms  4.415 ms  3.647 ms
    23  networks.linux.automation.kafka.clickhouse.kubernetes  4.706 ms  31.174 ms  5.454 ms
    24  statistics.maths  4.595 ms  3.685 ms  3.952 ms
    25  o---various---o  3.988 ms  5.320 ms  17.645 ms
    26  swimming.karate.piano  4.509 ms  4.844 ms  6.080 ms
    27  o---contact---o  12.460 ms  4.527 ms  3.768 ms
    28  mail.jobs.at.poinsignon.org  6.822 ms  3.953 ms  3.670 ms
    29  * * *
    30  * * *
    31  * * *
    32  * * *
    33  * * *
    34  * * *
    35  * * *
    36  * *


That's the most expensive resume you could probably have! I don't have access to a whole /22, but I'm now tempted to do this at a smaller scale, thanks for the idea!


Are there non-profits that could benefit from these? Something like Wikipedia or Internet Archive?


Lease them through an IPv4 broker. The going price for a /22 is about $120 per month.


you’re likely thinking of a /24 at that price. most /22 leases (1024 contiguous addresses) is in the neighborhood of 500/m (eur, usd, chf…)


Phew! Not a gun.


Which RIR?

Either lease them or start a web hosting business.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: