Squatting prefixes
From Telecomix Crypto Munitions Bureau
Squatting prefixes is the act of using networks that has been assigned to companies, government agencies or military organizations without official permission. You replace their networks with your own, reshaping how internets looks like on a micro-scale (it will only work inside your and your friends networks, no other people at the internets will notice). Squatting prefixes from organizations like the US Military means that you make it impossible for you to connect to their intertubes IP-addresses (and they can not connect to you since the replies will go into your own networks, of blocked by your firewall if it can detect spoofing attempts). But maybe its pretty good to be unable to send traffic to them, if you want them to fuck off.
The power over how the internet looks like is not determined by some global authority (IANA), but by you. Squatting prefixes is a means to deny their authority over your networks. You do not need to obey their authority.
(If ISPs start doing this, the internet will become segmented and some parts of internets will become inaccessible from parts of the world. This can happen at any moment if russia, china, usa or any other country starts fighting over the control of IANA/internet address allocation.)
Contents |
[edit] IPv4
214.0.0.0/8 and 215.0.0.0/8 is used by the DoD Network Information Center (US mil), and almost completely black on the intertubes. No replies sent to ping. Either they has sekrit networks in this block, or they are not using it. In any case, its two huge /8 blocks that can be used for good instead of evil :D
The technique of BGP peer spoofing dates back to 2002 at least (probably earlier as the research took time to complete). Here is some newer research which may be of assistance to parties interested in using it to hijack unused parts of allocated netblocks.
[edit] class E
Class E (240.0.0.0-255.255.255.254), which is reserved by IETF, in theory for experiments, isn't assigned to anyone (and will never be), so you can treat it as empty space and use for private networks and darknets. However, the following OSes and tools can't use it for communication:
- Crappy unhackable routers
- Windows
- 2003 server
- probably 2000, XP, and others, too.
- Linux
- ancient
ifconfiginterface (superseded by iproute2), used by:- ifupdown (
/etc/network/interfaces) - OpenVPN (
ifconfigcommand in config file) - dhclient3
- ifupdown (
- ancient
Luckily, everything works perfectly with iproute2 (ip command) and dhclient4. Also, no (or very few) server software complains about class E addresses.
[edit] IPv6
There is plenty of space available for everyone. Just select any prefix at random in the available address space that has not yet been allocated. ("squatting emply space")
Check out http://www.iana.org/numbers/ for info on available-not-yet-allocated IPv6 address spaces.
