Through some weird happenings I've recently got access to an /22 and its ASN. Now I'm looking for some fun things to do with it, things which are only possible with such a "large" number of IPs. Any suggestions?
Realistically, you should sell it while it's valuable. Take a look at IPv6 adoption. I know, I know, "IPv6 will never be here blah blah blah", so the naysayers say, but look at what Google is getting now, for instance:
We're counting down the years before IPv6 will become the major protocol, after which, IPv4 addresses will slowly start to loose value.
"But it's only FAANG, noone else has IPv6!"
Just not the case anymore. But even if, most people don't care about anything else anyway.
I have a friend who helps to operate a university dorm network. Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).
Anyway, that's still at least a few years away though, you can have some fun with it for now :)
> Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).
The fact that the "sad part" is that the student only uses big tech websites and not that this netop was able to do something like this with no alerting or guardrails says a lot about HN's culture these days.
In general I wonder what kind of alerting these dorm ISPs run. Do they ever do reachability tests for devices on their network?
People want to host Internet services from their homes. They don't have static IPs, and/or they don't want to open their home IP address directly to the public, for good reason.
You can setup some wireguard servers with static IPs. Then people can tunnel their services running at home through your servers. They avoid the cost of having to pay for cloud hosting, and you provide a shield so that they aren't exposed.
Obviously, the IP addresses on their own aren't enough to make this work. You're going to need some computing infrastructure. But you won't need lots of storage and compute. You'll mostly need bandwidth and networking equipment. The thing is, getting IP addresses is harder than getting hardware and bandwidth. You already did the hard part.
It is getting increasingly difficult for Tor exit operators to find ISPs that are willing to let the relays "poison" IP space. I know the torservers.net non-profit has a /22 that it manages and assigns to relay operators. If that's something you would like to support, the Tor community would surely appreciate it.
Aren't most of the Tor exit nodes widely thought to be run by government agencies? People thought that was true at a security firm I used to work at. I wouldn't be surprised if Tor was a honey pot designed to catch people doing nefarious things.
I run a largeish Tor relay family on rented servers and have thought about running exits on my own "ISP" for quite some time. I already have an ASN and IPv6 addresses but Tor needs v4 and those are prohibitively expensive to buy and leasing is not possible because of the blacklist problematic. My email is in my profile if that is something you want to support and could spare a /24 of your assignment.
Depends on what you plan to do with it long term I think. If you have no plans to make it commercially viable, then I agree with the other poster who recommends using it as blocks friendly for ToR exit node operators and/or similar style services (e.g. public nitter instance). You could delegate /24's as-needed for individual sites. Exit node operators tend to be technically clueful, so they will understand what will need to be done to make this work.
However, that will likely put that /22 on quite a number of blacklists out there for an indefinite period of time.
Other than honeypot stuff or more grey area things like botting/scanning having a zillion IPs really isn't super interesting unless you have customers for them, in my opinion.
If I were in your position I'd simply lease them out until I have a real use-case for the block. This can also carry reputational risks of course as well. IPXO is a market I've used in the past to accomplish this, although others do exist.
I do think having a block of IPv4 and an ASN is definitely a nice strategic asset to keep around if at all financially viable to do so. The cost of ARIN/RIPE registration isn't crazy, but is more than an individual would typically want to carry. Leasing out your unused strategic asset to at least pay for itself until you might need it seems prudent to me.
Had a similar situation with a /16 at a research institution. Deployed non-interactive, multi-service sinkhole type honeypots across the entire /16 and collected a massive cache of data. A lot of fun developing something that could scale on that size of network. We used Go for the honeypots and Clickhouse to analyze the TBs of data.
I'm a former neteng and I'm having a really difficult time coming up with anything that is remotely interesting. I'm not going near running a Tor exit node.
With proxies and NAT I really can't think of a single thing I care about doing with tons of ips.. I feel uncreative here.
You could get into some form of webhosting but not everyone needs a public IP since apache/nginx proxy everything for wordpress and you'd just do hostname routing.
Selling the space either entirely or per block/IPs might be interesting since the price of IPs has gone way up.
A lot of people here are assuming ownership but your post says "access". Can you clarify if this is a /22 you have rights to manage through something like an employer or a /22 you have full personal ownership of?
Maybe this can be a better (crowdfunded) open dyndns network?
Eversince dyndns got bought all similar services went to shit, and people that want to self host are very limited in their options...and most public hosting providers oblige to DMCA bogus spam way too often, so a lot of valueable knowledge has been lost over the last years of carrier-grade NAT rollouts.
This might be a nice way to counteract this, and have a community of self hosted blogs or similar. Could use user subdomains, so reverse proxies and letsencrypt is easier to setup (and potentially integrated in the public suffix list) and could focus on maybe ssh and https only as protocols/ports.
Normally when you buy a static IPv4 address you get a single "1.2.3.4". OP is basically saying they have access to something like "1.2.[0-3].[0-255]". /22 is a fancy way of describing that kind of slice in CIDR notation. So they have 256*4=1024 IP addresses in total.
.22s are light calibre weapons good for plinking and vermin...
Oh, not that kind of .22. An IPv4 /22 is a network segment where the /22 stands for the number of bits used for the network address. Since an IPv4 address is 32 bits wide this leaves 10 bits which can be freely assigned by the address 'owner'. Those 10 bits (1024 addresses) can be used for individual hosts or the range can be further subdivided into smaller networks, e.g. 4 /24 networks.
This type of network address is called a Classless Inter Domain Routing (CIDR [1]) address, this in opposition to 'class A/B/C' addresses which identify networks in 8-bit steps. A class A network is a /8, class B a /16 and class C a /24.
Boring, but at my last company, we got a /22 so we could run authoritative DNS on four separate /24s.
Maybe something something anycast in general.
Also, you don't really need a /22 for it, but maybe you can collect data on how much of the internet can't connect to hosts on .0 or .255 addresses. (Some firewalls block access to those as a misguided attempt to reduce smurfing.)
I have some ideas for path mtu testing where you'd setup a different IP for each MTU from 576 to 1500. It's overkill, but you could do it with a /22.
There is no consumer/hobbyist use case for an entire subnet worth of IPs. I can guarantee that whatever you want to do (and whatever people here are suggesting) can be achieved with a single public address. If you actually own this range, and don't have founding a networking company on your bucket list, your best bet is to sell it (can get something like $35K for it right now).
Networking isn’t my thing but could this be used to create a VPN in order to federate a bunch of servers? I’m thinking something like Tilde servers that would benefit from running on their own subnet along with other trusted servers so they could provide services similar to the way they worked on the early net e.g. email, news, finger, etc?
Might be a stupid question and I could be way off base but worth asking.
[+] [-] kdklol|2 years ago|reply
https://www.google.com/intl/en/ipv6/statistics.html
We're counting down the years before IPv6 will become the major protocol, after which, IPv4 addresses will slowly start to loose value.
"But it's only FAANG, noone else has IPv6!" Just not the case anymore. But even if, most people don't care about anything else anyway. I have a friend who helps to operate a university dorm network. Allegedly, he once removed an IPv4 address by mistake from one student's computer. He only heard about it half a year later, when the student casually mentioned that only Google, Facebook and other big sites seem to work. Apparently, if Google, Facebook, and the School's website works, it's acceptable to most (which is sad for different reasons, but that's not my point).
Anyway, that's still at least a few years away though, you can have some fun with it for now :)
[+] [-] Karrot_Kream|2 years ago|reply
The fact that the "sad part" is that the student only uses big tech websites and not that this netop was able to do something like this with no alerting or guardrails says a lot about HN's culture these days.
In general I wonder what kind of alerting these dorm ISPs run. Do they ever do reachability tests for devices on their network?
[+] [-] schappim|2 years ago|reply
Are the spikes in IP6 usage driven by work, home or mobile?
[1] https://files.littlebird.com.au/Shared-Image-2024-01-13-12-0...
[+] [-] valsk|2 years ago|reply
tragic :sob:
[+] [-] Apreche|2 years ago|reply
People want to host Internet services from their homes. They don't have static IPs, and/or they don't want to open their home IP address directly to the public, for good reason.
You can setup some wireguard servers with static IPs. Then people can tunnel their services running at home through your servers. They avoid the cost of having to pay for cloud hosting, and you provide a shield so that they aren't exposed.
Obviously, the IP addresses on their own aren't enough to make this work. You're going to need some computing infrastructure. But you won't need lots of storage and compute. You'll mostly need bandwidth and networking equipment. The thing is, getting IP addresses is harder than getting hardware and bandwidth. You already did the hard part.
[+] [-] westhanover|2 years ago|reply
[+] [-] paxys|2 years ago|reply
[+] [-] atomicnumber3|2 years ago|reply
[+] [-] rendx|2 years ago|reply
[+] [-] andy_ppp|2 years ago|reply
[+] [-] bauruine|2 years ago|reply
[+] [-] phil21|2 years ago|reply
However, that will likely put that /22 on quite a number of blacklists out there for an indefinite period of time.
Other than honeypot stuff or more grey area things like botting/scanning having a zillion IPs really isn't super interesting unless you have customers for them, in my opinion.
If I were in your position I'd simply lease them out until I have a real use-case for the block. This can also carry reputational risks of course as well. IPXO is a market I've used in the past to accomplish this, although others do exist.
I do think having a block of IPv4 and an ASN is definitely a nice strategic asset to keep around if at all financially viable to do so. The cost of ARIN/RIPE registration isn't crazy, but is more than an individual would typically want to carry. Leasing out your unused strategic asset to at least pay for itself until you might need it seems prudent to me.
[+] [-] forward1|2 years ago|reply
FYI it is spelled Tor, not ToR and not TOR.
[+] [-] alexw1|2 years ago|reply
[+] [-] runjake|2 years ago|reply
[+] [-] swozey|2 years ago|reply
With proxies and NAT I really can't think of a single thing I care about doing with tons of ips.. I feel uncreative here.
You could get into some form of webhosting but not everyone needs a public IP since apache/nginx proxy everything for wordpress and you'd just do hostname routing.
Selling the space either entirely or per block/IPs might be interesting since the price of IPs has gone way up.
[+] [-] ollybee|2 years ago|reply
[+] [-] zamadatix|2 years ago|reply
[+] [-] kazanz|2 years ago|reply
[+] [-] johnklos|2 years ago|reply
[+] [-] cookiengineer|2 years ago|reply
Eversince dyndns got bought all similar services went to shit, and people that want to self host are very limited in their options...and most public hosting providers oblige to DMCA bogus spam way too often, so a lot of valueable knowledge has been lost over the last years of carrier-grade NAT rollouts.
This might be a nice way to counteract this, and have a community of self hosted blogs or similar. Could use user subdomains, so reverse proxies and letsencrypt is easier to setup (and potentially integrated in the public suffix list) and could focus on maybe ssh and https only as protocols/ports.
[+] [-] hendi_|2 years ago|reply
[+] [-] uxp8u61q|2 years ago|reply
[+] [-] brianzelip|2 years ago|reply
[+] [-] poxrud|2 years ago|reply
OP is saying that they have control of 1022 public IP addresses.
[+] [-] paxys|2 years ago|reply
[+] [-] marginalia_nu|2 years ago|reply
ASN:s are related to BGP, the Border Gateway Protocol, which is part of how the IP network is organized.
[+] [-] the_third_wave|2 years ago|reply
Oh, not that kind of .22. An IPv4 /22 is a network segment where the /22 stands for the number of bits used for the network address. Since an IPv4 address is 32 bits wide this leaves 10 bits which can be freely assigned by the address 'owner'. Those 10 bits (1024 addresses) can be used for individual hosts or the range can be further subdivided into smaller networks, e.g. 4 /24 networks.
This type of network address is called a Classless Inter Domain Routing (CIDR [1]) address, this in opposition to 'class A/B/C' addresses which identify networks in 8-bit steps. A class A network is a /8, class B a /16 and class C a /24.
[1] https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing
[+] [-] unknown|2 years ago|reply
[deleted]
[+] [-] toddm|2 years ago|reply
[+] [-] throwaway_08932|2 years ago|reply
[+] [-] gertrunde|2 years ago|reply
So there is that possibility.
[+] [-] toast0|2 years ago|reply
Maybe something something anycast in general.
Also, you don't really need a /22 for it, but maybe you can collect data on how much of the internet can't connect to hosts on .0 or .255 addresses. (Some firewalls block access to those as a misguided attempt to reduce smurfing.)
I have some ideas for path mtu testing where you'd setup a different IP for each MTU from 576 to 1500. It's overkill, but you could do it with a /22.
[+] [-] paxys|2 years ago|reply
[+] [-] paxys|2 years ago|reply
[+] [-] costco|2 years ago|reply
[+] [-] throwuwu|2 years ago|reply
Might be a stupid question and I could be way off base but worth asking.
[+] [-] myself248|2 years ago|reply
[+] [-] hartator|2 years ago|reply
We always need more IPs. My direct email is julien at serpapi.com.