Does the US military still have the “other half of the Internet”?

The U.S. Department of Defense surreptitiously transferred control of 175 million dormant IP addresses to a little-known Florida company before President Donald Trump left the White House, the Washington Post reported on Wednesday, making the internet more accessible. Experts are confused and disturbed.

The Defense Department claims it still owns the addresses, but it is using a third-party company for security research in a “pilot” program.

Bigger than China Telecom and Comcast

“Tens of millions of dormant Pentagon IP addresses surfaced minutes before Trump leaves office,” was the headline of a Saturday article in The Washington Post. Three minutes before Joe Biden was sworn in as president, a company called Global Resource Systems LLC suddenly and surreptitiously announced a startling announcement to the world’s computer network: It was now managing a vast, unused Internet (IPv4 address pool), which has been owned by the U.S. military for decades.

According to reports, Global Resource Systems announced that the number of IP addresses owned by the Pentagon increased to 56 million by the end of January and 175 million by April, making it the largest publisher of IP addresses in the IPv4 global routing table, surpassing China Telecom and Comcast. .

The Post article said: “There are many rumors. For example, did someone in the Department of Defense sell some of the IP addresses of the military when Trump was out of office? Did the Pentagon finally withdraw the billions of dollars the military had been sitting on based on the IP address space requirements? These addresses have been in the dust for decades.”

What medicine is sold in DDS gourd?

The Post said it received a response from the Defense Department on Friday from an elite unit of the Pentagon known as the Defense Digital Service (DDS).

Brett Goldstein, the head of DDS, said in a statement that his department had authorized a “pilot” and made public the IP space owned by the Pentagon.

“The pilot program will assess and prevent unauthorized use of the DoD’s IP address space,” Goldstein said. “In addition, the pilot program will identify potential vulnerabilities.”

“This program is one of many DoD efforts to continually improve our cyber posture and defenses against advanced persistent threats,” Goldstein said. “We are working with the entire DoD to ensure potential vulnerabilities are mitigated. “

The six-year-old DDS is made up of 82 engineers, data scientists, and computer scientists working on the much-publicized “hack Pentagon program” and tackling the toughest technical problems faced by various other projects. In an October 2020 article for the Department of Defense, Goldstein called the department a “group of nerds on assignment.”

The Defense Department did not say what the specific goals of the department’s program with GRS were, and Pentagon officials declined to say why Goldstein’s department used a little-known Florida company for the pilot work, rather than the Department of Defense itself through BGP ( Border Gateway Protocol) message “announces” the address, which is a more conventional method.

However, the government’s explanation piqued the interest of Doug Madory, director of internet analytics at cybersecurity firm Kentik.

“I think this means the goal of this work is twofold,” Madory wrote in a Saturday blog post. First, to announce this address space to scare off any would-be cybersquatters, and second, to collect a lot of background internet traffic to for threat intelligence.”

Dormant IP addresses are like a black hole

Security expert Madori noted that the “resurrection” of previously dormant IP addresses could cause routing problems. In 2018, AT&T home internet customers were unable to use Cloudflare’s new DNS service because the same IP address, 1.1.1.1, was used by the Cloudflare service and AT&T gateway.

For decades, Internet routing has been premised on a broad assumption that ASs do not route these prefixes on the Internet (probably because they are typical examples in networking textbooks). Shortly after the DNS resolver (1.1.1.1) was up, Cloudflare received “approximately 10Gbps of unsolicited background traffic” on its interface.

That’s just 512 IPv4 addresses! Of course, these addresses are very special, but it is reasonable to infer that 175 million IPv4 addresses will draw more traffic from misconfigured devices and networks (mistaking all this DoD address space for ever).

The Links:   NL2432HC22-40J   FZ400R12KL4C