Re: NATting a whole country?
all of Qatar appears on the net as a single IP address. I wonder what they use the other 241663 addresses for. Same as you. To address the many machines and networks in Qatar. The existence of a NAT gateway to one portion of the Internet does not remove the need for registered IP addresses. They are still needed to avoid addressing conflicts in the portion of the Internet which is not behind the gateway. --Michael Dillon
Re: NATting a whole country?
On 4-jan-2007, at 14:37, [EMAIL PROTECTED] wrote: all of Qatar appears on the net as a single IP address. I wonder what they use the other 241663 addresses for. To address the many machines and networks in Qatar. The existence of a NAT gateway to one portion of the Internet does not remove the need for registered IP addresses. Whatever. The point is that IF it's true that they NAT (or proxy) the whole country, it's not because of lack of addresses. In other words, whatever ill effects befall them as a result, they only have themselves to blame. By the way, I have two different .qa domain names in my WWW logs, one with proxy in it and one with nat in it...
NATting a whole country?
According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: NATting a whole country?
On Wed, 3 Jan 2007, Steven M. Bellovin wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people. Half related, the amazing Steven Murdoch did some traffic analysis on a similar issue, trying to detect machines behind the annonyzing Tor network. By requesting timestamps from a computer, a remote adversary can find out the precise speed of its system clock. As each clock crystal is slightly different, and varies with temperature, this can act as a fingerprint of the computer and its location. ftp://ftp.fortunaty.net/video/23c3/wmv/timeskew2-t2s1.wmv http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html Anyone remember CAIDA's study on the crystals for detecting machines through NATs? http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaffy05-devicefingerprinting.pdf Another good lecture on traffic analysis at CCC, which was an introduction by George Danezis: http://events.ccc.de/congress/2006/Fahrplan/attachments/1185-DanezisTAIntro.pdf Gadi.
Re: NATting a whole country?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Steven M. Bellovin [EMAIL PROTECTED] wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people. Sweet. :-) - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.5.2 (Build 4075) wj8DBQFFnD+tq1pz9mNUZTMRAo6kAJ9bk/vMGK/uUAZp8mMjbYYCBh0ZTACePN0s ybCrkk82NcUJalY6qrwpY8I= =vAih -END PGP SIGNATURE- -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: NATting a whole country?
On 4-jan-2007, at 0:31, Steven M. Bellovin wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia- Block.html all of Qatar appears on the net as a single IP address. I wonder what they use the other 241663 addresses for. +-+-+--+--++ | rir | country | type | descr| num| +-+-+--+--++ | ripencc | QA | ipv4 | 81.29.160.0 | 4096 | | ripencc | QA | ipv4 | 82.148.96.0 | 8192 | | ripencc | QA | ipv4 | 86.36.0.0| 131072 | | ripencc | QA | ipv4 | 86.62.192.0 | 16384 | | ripencc | QA | ipv4 | 89.211.0.0 | 65536 | | ripencc | QA | ipv4 | 212.77.192.0 | 8192 | | ripencc | QA | ipv4 | 213.130.96.0 | 8192 | | ripencc | QA | ipv6 | 2001:1a10:: | 32 | +-+-+--+--++ They have 0.4 addresses per person in Qatar, which isn't all that bad: Italy has 0.33. (Caveats about EU labeled address space etc apply.)
Re: NATting a whole country?
On Thu, Jan 04, 2007 at 12:53:23AM +0100, Iljitsch van Beijnum wrote: On 4-jan-2007, at 0:31, Steven M. Bellovin wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia- Block.html all of Qatar appears on the net as a single IP address. I wonder what they use the other 241663 addresses for. Internal addressing, perhaps, if the AP story is correct. -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: NATting a whole country?
On Thu, 4 Jan 2007 00:53:23 +0100 Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 4-jan-2007, at 0:31, Steven M. Bellovin wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia- Block.html all of Qatar appears on the net as a single IP address. I wonder what they use the other 241663 addresses for. +-+-+--+--++ | rir | country | type | descr| num| +-+-+--+--++ | ripencc | QA | ipv4 | 81.29.160.0 | 4096 | | ripencc | QA | ipv4 | 82.148.96.0 | 8192 | | ripencc | QA | ipv4 | 86.36.0.0| 131072 | | ripencc | QA | ipv4 | 86.62.192.0 | 16384 | | ripencc | QA | ipv4 | 89.211.0.0 | 65536 | | ripencc | QA | ipv4 | 212.77.192.0 | 8192 | | ripencc | QA | ipv4 | 213.130.96.0 | 8192 | | ripencc | QA | ipv6 | 2001:1a10:: | 32 | +-+-+--+--++ They have 0.4 addresses per person in Qatar, which isn't all that bad: Italy has 0.33. (Caveats about EU labeled address space etc apply.) Honeypots? (As I noted, there might also be a port 80 packet filter, combined with an official web proxy that can get out.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: NATting a whole country?
On Wed, 3 Jan 2007, Fergie wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Steven M. Bellovin [EMAIL PROTECTED] wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people. Sweet. :-) i can't wait for the: uhm, that ip is being synflooded, perhaps we should just null route it? call :( we've seen this more than 1 time with cable operators :( it's always fun!
Re: NATting a whole country?
On Wed, 3 Jan 2007, Steven M. Bellovin wrote: According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people. I think I read at Wikipedia that this is their proxy-servers IP address (or proxy server farm probably). Also, the only thing that was stopped was anonymous editing, editing after login and anonymous reading wasn't stopped. -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
Re: NATting a whole country?
Le Wed, Jan 03, 2007 at 07:07:22PM -0500, Joseph S D Yao a écrit : I wonder what they use the other 241663 addresses for. Internal addressing, perhaps, if the AP story is correct. Servers maybe ? I hope that they are not NATed. Taping devices may need a separate management address too :) -- Vassili Tchersky
Re: NATting a whole country?
I wonder what they use the other 241663 addresses for. +-+-+--+--++ | rir | country | type | descr| num| +-+-+--+--++ | ripencc | QA | ipv4 | 81.29.160.0 | 4096 | | ripencc | QA | ipv4 | 82.148.96.0 | 8192 | | ripencc | QA | ipv4 | 86.36.0.0| 131072 | | ripencc | QA | ipv4 | 86.62.192.0 | 16384 | | ripencc | QA | ipv4 | 89.211.0.0 | 65536 | | ripencc | QA | ipv4 | 212.77.192.0 | 8192 | | ripencc | QA | ipv4 | 213.130.96.0 | 8192 | | ripencc | QA | ipv6 | 2001:1a10:: | 32 | +-+-+--+--++ Just taking the first two ranges... route-serversho ip bgp 81.29.160.0 % Network not in table nmap -sP 82.148.96.0/24 Nmap finished: 256 IP addresses (71 hosts up) For example: Host dialpop01-7300-itn.ispnoc.qa (82.148.96.12) appears to be up. tcptraceroute 82.148.96.12 ... 5 sl-gw1-prl-8-0-1.sprintlink.net (144.223.63.169) ... 11 sl-bb20-nyc-8-0.sprintlink.net (144.232.7.13) ... 14 sl-gw23-lon-15-0.sprintlink.net (213.206.128.63) 212.552 ms 15 82.195.188.22 (82.195.188.22) 212.058 ms 16 so-0-0-0.0.cjr03.alx001.flagtel.com (62.216.129.206) 282.853 ms 17 ge-3-2-0.0.cjr01.alx001.flagtel.com (62.216.134.30) 283.292 ms 18 80.77.1.182 (80.77.1.182) 359.834 ms ... 20 89.211.0.74 (89.211.0.74) 359.881 ms 21 dialpop01-7300-itn.ispnoc.qa (82.148.96.12) [closed] 325.716 ms Deep inspection ;-) would probably show this to not be completely true... scott