Hacker News new | past | comments | ask | show | jobs | submit login

How many ipv4 are in poss2of the US Gov and military? Do they really need all of those?

With all these elastic search instances running open to the public I have the feeling that with IPv6 this will get worse as NAT no longer protects you.




> How many ipv4 are in poss2of the US Gov and military? Do they really need all of those?

Their requirement is probably for their addresses to be globally unique.

Historical addressing plans being what they are, they probably have sparse assignments across all blocks. Re-numbering existing systems is a non-trivial exercise with high costs. There is no benefit to them to doing this, and we have known this exhaustion is coming for literally decades now.

Just because they're not in use on the Internet, doesn't mean they're not in use.

> With all these elastic search instances running open to the public I have the feeling that with IPv6 this will get worse as NAT no longer protects you.

Stateful firewalls protect you. NAT does not.


> How many ipv4 are in poss2of the US Gov and military? Do they really need all of those?

You're not the first person to ask this, and the answer is: not nearly enough.

Demand for IPv4 is orders of magnitude larger than the current address space. There is no level of freeing up addresses that can make this problem go away. At most we're buying us a few months until we run out again.


You don't need to run NAT to have a firewall. Even a stateful one.


You don't need to, but it's a nice side effect for people who don't know what a firewall is.

I'd wager most home networks are protected only by the fact that they use NAT. ISPs are getting better about shipping routers with firewalls on by default, but it's still not there.


I had to renumber a /24 once, and it was weeks of misery. Renumbering an /8 is a fate I wouldn't wish on my worst enemy. So while it would be nice if the USG and large companies did give back their /8's, I can hardly blame them for not wanting the trouble. It would only delay the inevitable anyway.


Most home routers that support ipv6 still act as firewall.


Let's not create uncertainty here: All home routers that support IPv6 include a firewall, and it's active by default.

(Have you ever seen even an old IPv4-only home router that didn't include a firewall? I haven't.)


I was going to say yes, back in 2001. But thinking about it, it was actually an ADSL modem, not a router. My Windows 2000 box was p0wned in about 30 seconds!


Well, for an IPv4 only home router, you don't really need a firewall since the NAT acts as a natural firewall (though even models from the 90s have firewall specific features like fixed port forwarding). Which is why I think some people assume that the absence of NAT will imply the absence of firewall.


Port forwarding is still a bit of a NAT feature tho on these routers.

On a real firewall, generally you don't reroute a port to a different IP, you just pass or fail the packet.


(a) Approximately 20%, and (b) I have no idea, but it really doesn't matter.

Other large holders include Apple, Ford, Prudential Insurance and the USPS.

More easy answers to similar questions here: https://en.wikipedia.org/wiki/List_of_assigned_/8_IPv4_addre...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: