[arin-ppml] "Millions of Internet Addresses Are Lying Idle" (slashdot)

Sena, Rich rsena at mitre.org
Sat Oct 18 19:58:35 EDT 2008

I agree with Leo - studies like this do nothing but agitate the uninformed - 90+% of our space is unreachable in anyway shape or form from the outside - now folks may argue - whay don't you NAT - and some of my responses would be spurious - the simplest answer would be my routing policy dictates our need - we have high security stakes and althought there are ways to mitigate and redirect tthe policy - none of them are low impact on our community and some are high impact on our work programs.

We're pushing to go v6 and hoping to avoid some some of the legacy chains that make it so difficult for us to return lefacy resources in the future...

God help us!
via the Blackberry Xpress!

----- Original Message -----
From: arin-ppml-bounces at arin.net <arin-ppml-bounces at arin.net>
To: ppml at arin.net <ppml at arin.net>
Sent: Sat Oct 18 19:05:02 2008
Subject: Re: [arin-ppml] "Millions of Internet Addresses Are Lying      Idle"   (slashdot)

On 10/18/08 2:22 PM, Leo Bicknell wrote:
> In a message written on Sat, Oct 18, 2008 at 09:01:17PM +0000, Paul Vixie wrote:
>> "The most comprehensive scan of the entire internet for several decades
>> shows that millions of allocated addresses simply aren't being
>> used. Professor John Heidemann from the University of Southern California
> Unfortunately while I might even give him that this is the most
> comprehensive, I believe there are more than a few severe holes in
> it that mean it may not be representative.
> A large problem is that many hosts will not respond to unsolicited
> ICMP, TCP, or other packets.


I am seriously concerned about drawing any sort of conclusion from an
study that has methodological holes like this.  Here's some language
from the Technology Review article that sets off alarm bells for me:

> Sending an ICMP packet to another host (an action known as pinging) is generally not seen as hostile, Heidemann says. "There are certainly people who misunderstand what we are doing," and interpret it as the prelude to an attack, he says. "By request, we remove them from the survey, but its fewer people than you might think. Pings are pretty innocuous."

It is my experience that people who are clueful enough to understand
what ICMP does and that blocking ICMP often does more harm than good are
a serious minority, especially when it comes to the population of people
who run firewalls.  While I might agree with the notion that ICMP is
innocuous, attributing that view to the rest of the networking and
security community is dangerously deceptive.  It makes it sound as if
most people let ICMP flow freely across borders when I think our
experiences with network troubleshooting and PMTUD show otherwise.  If
you contradict the assumption that ICMP is recognized as benign and
treated as such by firewall admins, much of the *article's* conclusion
goes out the window.

My *quick* reading of the study itself indicates to me that the study
tries hard not to draw conclusions about address scarcity from the
results.  (IPv6 is mentioned only once, and in passing.)  It appears to
me (and from comments posted by one of the authors) that Technology
Review played fast-and-loose with the study and drew conclusions that
weren't there.

You are receiving this message because you are subscribed to
the ARIN Public Policy Mailing List (ARIN-PPML at arin.net).
Unsubscribe or manage your mailing list subscription at:
Please contact info at arin.net if you experience any issues.

More information about the ARIN-PPML mailing list