WingNews logo WingNews
top | item 44926176

(no title)

ludwik | 6 months ago

Turns out what constitutes "claiming" an IP on the site is nothing like you’d expect. You don’t need to prove you control the IP. All it takes is embedding a transparent 1x1 tracking pixel on a website, and every IP that loads the page gets counted as “claimed” by you. In other words, it’s just a tally of visitors (or even ad impressions), not actual control of the IPs. So there’s really nothing meaningful here.

discuss

order

treve|6 months ago

It's still an interesting post, because if true I'd still be curious how you'd get 20 million people to load anything.

But the title here is totally misleading because it sure sounds like someone took control of 9% of the ipv4 address space but the actual post starts with context.

karel-3d|6 months ago

I would guess a WordPress plugin or something.

20 million is a lot, but if you look at geoip, they are around the whole world; I took 3 random latest IPs and I saw Vietnam, Brazil and Angola. So it's not that much when it's worldwide.

But it suggests it's not a geographically limited website. If it's through a website. It's probably not a ad buy. (Who would burn money on that...)

However the requests are literally every second. So it's something very popular. (Or a bot and they are somehow faking the source address...)

reactordev|6 months ago

You can get 100 million people to load the 1x1 by adding it using javascript to an adsense ad you publish on Google...

The number of times my browser has been hijacked from their ad network is numerous.

Odds are, the culprit owns some IP that is running on 20M devices. Whether it's a mobile game. A bot net. An ad. Or some other script/service that allows other machines to make the request on his/her behalf.

nicomt|6 months ago

I find this really interesting, I can see a few different ideas on GitHub to claim IPs, but I don't see any of those reaching that scale.

https://github.com/search?q=ipv4.games%2Fclaim&type=code&p=1

While running ads is definitely a possibility, reaching 9% of all available IPs sounds like a crazy expensive campaign. I don't know what the ratio of people to public IP is but I doubt it's one.

LunaSea|6 months ago

The commenters on the linked post mention loading the pixel image embedded in an advertisement campaign.

This would make it possible to have thousands of impressions for relatively low amounts of money.

chmod775|6 months ago

If you run some random mid-sized web page with ~2 million monthly "unique" (by IP) visitors you'll get there very quickly.

Onavo|6 months ago

Maybe IoT software, though I wonder how they are doing the NAT busting if it's behind a router.

schmichael|6 months ago

> So there’s really nothing meaningful here.

If it’s not meaningful it should be trivial to beat right? ;)

This seems like a super fun game to find the upper bound on IPv4 addresses someone can open a socket from!

motbus3|6 months ago

It could be just reverse engineer how it works for one or few IPs and send all requests in the correct order mimicking what the server expects to see from a real claim.

For this test to be valid it would need to do much more than just that I think

Retr0id|6 months ago

I've considered putting a tracking pixel on my blog so I can turn frontpage HN traffic into ipv4.games points, but it feels a little rude