Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
United States Government Privacy

Pentagon Explains Odd Transfer of 175 Million IP Addresses To Obscure Company (arstechnica.com) 48

An anonymous reader quotes a report from Ars Technica: The US Department of Defense puzzled Internet experts by apparently transferring control of tens of millions of dormant IP addresses to an obscure Florida company just before President Donald Trump left the White House, but the Pentagon has finally offered a partial explanation for why it happened. The Defense Department says it still owns the addresses but that it is using a third-party company in a "pilot" project to conduct security research. "Minutes before Trump left office, millions of the Pentagon's dormant IP addresses sprang to life" was the title of a Washington Post article on Saturday. Literally three minutes before Joe Biden became president, a company called Global Resource Systems LLC "discreetly announced to the world's computer networks a startling development: It now was managing a huge unused swath of the Internet that, for several decades, had been owned by the US military," the Post said.

The number of Pentagon-owned IP addresses announced by the company rose to 56 million by late January and 175 million by April, making it the world's largest announcer of IP addresses in the IPv4 global routing table. The Post said it got an answer from the Defense Department on Friday in the form of a statement from the director of "an elite Pentagon unit known as the Defense Digital Service." The Post wrote: "'Brett Goldstein, the DDS's director, said in a statement that his unit had authorized a 'pilot effort' publicizing the IP space owned by the Pentagon. 'This pilot will assess, evaluate, and prevent unauthorized use of DoD IP address space,' Goldstein said. 'Additionally, this pilot may identify potential vulnerabilities.' Goldstein described the project as one of the Defense Department's 'many efforts focused on continually improving our cyber posture and defense in response to advanced persistent threats. We are partnering throughout DoD to ensure potential vulnerabilities are mitigated.'"

This discussion has been archived. No new comments can be posted.

Pentagon Explains Odd Transfer of 175 Million IP Addresses To Obscure Company

Comments Filter:
  • I'm sure that group has their own asn and received an LOA from the DOD to advertise those routes. The article doesn't mention it, but I'm sure people who first noticed this were worried it was nefarious actors trying to hijack this unused DOD ip space.
    • Re:LOA by dod (Score:5, Insightful)

      by thogard ( 43403 ) on Tuesday April 27, 2021 @12:23AM (#61318230) Homepage

      They use AS8003 and they don't seem to know how to optimize routes [he.net]. They advertise 29.0.0.0/8 and 29.0.0.0/18, 29.0.0.0/20, /22, /23 and 24. They do the same for 7/8 22/8.

      If they aren't doing any transit, there are a bunch of addresses that should go back to the global pools. They are advertising 9 class A in their entirety 7, 11, 21, 22, 26, 28, 29, 30, 33 for 150 million addresses.

    • by fermion ( 181285 )
      I think what is of concern is it is run like a covert mission, with no provided paper trail or bidding process.

      What is of concern is the company it was awarded is in a shared work space, with on principle, of the same name of another company in the same shared work space that dispersed years ago.

      What is of concern is the listed principle only other business is a box at a UPS store. I understand cost cutting and remote work, Ute we are awarding military contracts to people who for all we know live in Cu

  • by TechyImmigrant ( 175943 ) on Monday April 26, 2021 @10:49PM (#61318006) Homepage Journal

    At least we know a range of addresses to block.

    • You lost me. What is your linksys doing with unblocked incoming traffic?
      • Basking in all the packets!

        • Normal people's home routers should be dropping everything. I thought maybe you had a weird port forwarding situation going on.
          • Up until last year, when I moved house, I had a couple of local servers and a static subnet and I had internet crypto things going on.

            With the encrappening of my internet service that came with a new house, I moved stuff to a cloud server and quit serving my entropy service.

    • by Anonymous Coward

      At least we know a range of addresses to block.

      The IP blocks have been publicly listed with ARIN since at last 1985.
      If you didn't care for the last 35 years, why on earth would you start to care today?

      Or put another way, why did you willingly *allow* connections to these IP blocks for 35 years?
      Why did you choose to let that happen?

      • by bignetbuy ( 1105123 ) <dm@NOsPAM.area2408.com> on Tuesday April 27, 2021 @02:27AM (#61318408) Journal

        The IP blocks have been publicly listed with ARIN since at last 1985.
        If you didn't care for the last 35 years, why on earth would you start to care today?

        Or put another way, why did you willingly *allow* connections to these IP blocks for 35 years?
        Why did you choose to let that happen?

        People care now because a private entity is announcing these blocks instead of the U.S. Government. Who knows what this private entity is doing with these blocks. What data are they collecting? What will they do with said data? Are they subject to the same privacy laws as the U.S. Government? Can I FOIA this private entity to find out? Probably not.

        • by Entrope ( 68843 )

          What threat are you worried about? That your router allows your computer to send your personal information to random IP addresses? That your router spontaneously forwards packets to strange netblocks, but won't if you bought them somehow?

          Private government contractors generally have to follow the same behavioral rules as government itself with respect to work they do for the government. They can't collect private information or PII in situations that the government cannot, to answer one of your specific

        • What data are they collecting?

          Presumably all the data you're not giving them? I mean I own an IP address. Want to take a guess as to how much I know about you as a result? I'll happily comply with a FOIA request you send. Hell I'll save you some time and give you the content. It will be a formal letter with a single line on it: "None. IP addresses don't work like that. Go take your meds."

    • I block everything that is not known addresses I expect. doesn't really change anything.
    • Before we just looked for "Pentagon" in the whois, now they've gone off to Crapco Inc, it'll be *impossible* for us to figure out who's pinging our firewalls ;-)

      Honestly, I wouldn't be surprised if indeed the block was going to be subdivided down for a handful of troll farms (to go live in probably 2-3 years). In the meantime, one small subnet will be used for innocuous looking Internet browsing, and maybe some port scanning. Other blocks may end up getting used for "ddos prevention" to analyse the traffic

  • Where if the Pentagon makes a press release, the only thing you can be sure of is that is not how it happened at all.

  • This pilot will assess, evaluate, and prevent unauthorized use of DoD [unused] IP address space

    Additionally, this pilot may identify potential vulnerabilities

    Typically, you need to have some software using the IP address to be vulnerable...

    • Oh, you thought they meant it was their own vulnerabilities they were gonna hunt for, didn't you? That's cute.

    • I recall some nasty blackmailing viruses were using some unallocated addresses for command and control. It makes sense as the Joe average bozo's would make holes in their firewalls and have rules that .gov and major software makers telemetry wide open. Thus something could slip in. Those Defense blocks may not even have any 'rules' defined. There are still places that tell security 'No Otherwise Block' rules - it breaks things too much. However, by opening the range, you may be allowing exfiltration of sec
  • If 175m is a "pilot", what does the full roll-out look like?

    • If 175m is a "pilot", what does the full roll-out look like?

      176m

    • by Zocalo ( 252965 ) on Tuesday April 27, 2021 @03:02AM (#61318470) Homepage
      Obv. "All your base^H^H^H^H IP belong to us!"

      In practice, I think the use of "Pilot" here is meant as "first stage of a process" rather than "limited rollout" as I'm assuming actual usage of the IP ranges in question on the publically routed Internet is probably the ultimate goal of this effort. We've seen this before when previously "dormant" IP ranges were suddenly advertised with huge amounts of traffic being re-routed from people who should have known better but throught that because a given IP range wasn't actively being routed it was fair game to use as an extension to the RFC1918 IP blocks. (Which, it has to be said, doesn't bode well for their handling of actual RFC1918 blocks since if they'd configured things properly the introduction of a route should NOT have broken things because people with clue explicity block RFC1918 IP space from routing onto the Internet, right?)

      The next phase for the DoD is basically to sit back and enjoy the fun (and probably do some large scale traffic analysis since a lot of IP space squatting is often done by criminals), since there is inevitably going to be some turmoil for those who were actually dumb enough to think they could freely use this space without issue. There might also be a lot of snark from the DoD if they complain about the breakage (which some already have!), or maybe even some legal repercussions since the IP ranges in question are ultimately the property of the US taxpayer after all. Once the bogus traffic drops back to noise - likely in a several months time - we'll see the next phase; most likely some combination of public usage of the ranges by the DoD, transfer to other US government institutions, sale to third parties, or release back to ARIN for inclusion in the free IPv4 pool.
    • by MrL0G1C ( 867445 )

      they have 208 million addresses by the looks of it, it's not a secret who owns IP blocks.

      https://en.wikipedia.org/wiki/... [wikipedia.org]

      IMO now would be a very good time to start cutting down on the ranges they have, I bet they only use less than 10% of all they addresses they have.

      If they don't sell them now then they risk not getting a good price once the transition to ipv6 happens.

  • There are reasons you might need (or want I suppose) globally unique IP addresses while not publishing said IP addresses to the global public internet. An operation on the scale of the US Department of Defense would easily find itself in such a situation. If you have private interconnections with multiple third party organizations (which may be other government agencies, even), private address space is not sufficient. Eventually you either run out of private address space or it becomes impossible to coordin

  • If these addresses are still DoD property, the contractor might be doing something like setting up the world's largest honeypot. Knock yourselves out, China and Russia.
  • Trump's anti-US, pro-civil war assholes are probably planning for a future they will never see.
  • Because US is hoarding V4 addresses (for decades), the whole world has to convert to IPV6?

"The voters have spoken, the bastards..." -- unknown

Working...