Most Elite IPs

    NB Please do not take what is written seriously.

    There is a love of “thieves numbers” in Russia. Everyone knows about license plates for cars. Gold phone numbers - traded in full, and even officially. Well, some time ago news surfaced even about the “beautiful number” of the passport with five zeros.

    But what about IP addresses?

    In the illustration, the Cypriot Pizza restaurant boasts a thief (alas, a telephone) Although url have looked much more interesting .

    Well, let's say, someone with a little effort can get a toe at the end of IP. All you need to do is use the mesh over / 24.

    And two zeroes? / 15 sounds serious already.

    But the real majors are the owners of addresses with three zeros. And no, I'm not talking about the proud owners of and the localhost root administrators, I'm talking about real elite white IPs. In a first approximation, it may seem that there are only 256 of them, but taking into account all sorts of multicasts, gray and experimental segments, localhosts, etc., there are very few of them. If you believe IANA ( here ), then we have only 221/8 networks. That is, there may be a total of 221 thieves IPv4 addresses.

    Armed with nmap, nping, whois and other tools, we study who these happy people are capable of answering addresses of the form X.0.0.0?

    Technological inset

    In fact, it’s quite possible to get yourself .0 (and other .0.0, .0.0.0) on the modern Internet, even if you use a small network, you just need to cut / 32 and route it through other addresses. All kinds of pools of NAT-addresses, unnumbered routes and other "non-traditional Internet" in the area of ​​ISP'shny access for home users can do all sorts of horrors of unusualness.

    For example, if we have and networks on the farm (it’s quite possible to get one on a hosting of the middle hand, .0 - by pure chance, and .248 - a quite common address for / 29), then we can (with access to routing) do this: And on the host, we just hang the address with an alias on our main interface:
    (на маршрутизаторе)
    ip route via

    ip address add dev eth0

    After that, our address begins to respond to requests. Why? Because ip uses hop-by-hop routing. We look:
    • Does the router know what to do with the packet on He knows. Send to, which, say, is directly connected (that is, the router on this network has its own address, for example,
    • Our server knows what to do? Of course, he has this address on the interface registered. We get the ip packet with such a dst, process it. If there are still doubts about MACs: during routing, the MAC address of the router is substituted in mac-dst (and ip-dst does not change), and in the case of directly connected, the mac-address of the receiving host is substituted in mac-dst. That is, from the point of view of the recipient, he can’t even find out whether they “route” traffic to it, or send it as an end node.
    • After the response is generated, the address falls into ip-src. The sender address (someone from the Internet) gets into ip-dst.
    • The packet "to the Internet" leaves through the default gateway. Which (we assume a primitive installation) is highlighted on the network, that is, for example, That we do not care about the “other” ip-src - we have dst-based hop-by-hop routing, that is, when routing, they look only at dst.
    • The router receives the packet “to the Internet” and processes it “as usual”

    Going back to the gilded IP

    If .0 can get over to someone by accident (in the end, we have more than 8 million of these pieces (129 * 255 * 255)), then there can be significantly less people with two zeros in the IP address - about 32 thousand. As mentioned earlier, with three zeros there can be only 129 people on the whole planet (for comparison, there are 71 Faberge eggs in total, and Pablo Picasso created about 20,000 works). In other words, solid IP for solid people. If we take into account that issuing x.0.0.0 for humanity and infrastructure is much more complicated than stamping a type numberoOOOoo|78, then the number of really available .0.0.0 is much less. Why? Because in classical routing, “all zeros” in the host address mean “network number” and are not assigned to nodes. Any provider with “classical routing”, having received X.0.0.0 / 21, will most likely lose this address (even if it cuts the network into subnets, the resulting X.0.0.0 / 29 will still have X.0.0.0 as the number network).

    So how many Really Solid People with Specific Solid IP addresses? So to speak, the elite of elites, the highest cream of society, people who can afford the modest charm of exclusive IP addresses?

    (after a few minutes with nmap)

    Actually, we have only three representatives of the Elite of Elite, the most serious and respectable Internet sites:

    We will name them by name:
    • - WD My Cloud Ex admin (Magyar Telecom, Hungary, DSL pool, according to PTR).
    • is something weird, covered in http-auth, "TD-8840T." Vietnamese Telecom Online Technologies LTD.
    • is a weird http that returns an empty response. Ukrainian telecom “Online Technologies LTD”, Donbass.

    It can be seen that all three are from explicit ISP ranges and were spent on home hamsters not suspecting anything of their own elite home Internet users.

    Four more nodes respond to pings, and nothing more.

    Thus, it can be stated that the most thieves addresses are spent completely mediocre. Among the rest (silver ones, of the XY0.0 type, of which about 32 thousand are expected), as many as 2204 nodes answered pings . Already good, right?
    Editor's sidebar: during the editing and formatting of the article, everything has changed. Now we have 19 IP addresses that respond to pings, and of these, http (s) was only on: , and at least some reasonable network activity (tcp) turned out to be on only one more node:


    A casual user may notice that not only an address with zeros can be beautiful. (one of two public google dns servers) - why is it not a “beautiful” address?
    But the real geek knows that because of the features of the routing device in IP networks, it is multi-zero addresses that are the most difficult to organize and get. The rest (well, except for "XXX.255.255.255", of which, by the way, answers only 10 pieces) are too trivial and may interest only an inexperienced user.

    Also popular now: