Pentagon surfaces giant netblock for recon and anti IP squatting

The mystery behind the appearance of over 175 million unique Internet Protocol version 4 (IPv4) addresses in the global network routing table has been partly solved, after the United States Department of Defence came out with an explanation.

In March this year, participants on the North American Network Operators' Group (NANOG) spotted that several very large - unused - IPv4 address blocks allocated to the US DoD were announced into the Border Gateway Protocol, which is used to set routes between autonomous systems (AS) that form the internet worldwide.

Network operators watched the announcements grow, reaching 175 million unique addresses eventually, making the Pentagon's AS 8003 the largest such system in the history of the internet by a large margin.

In comparison, Doug Madory of network monitoring firm Kentik noted that the second largest AS, China Telecom, has just 114 million addresses.

Although at first a BGP hijack was suspected, this was ruled out by NANOG members.

Instead, the Pentagon provided an explanation to the Washington Post, saying the large-scale network route announcement was a pilot.

The purpose of the pilot is two-fold, the Pentagon said: first, to assess, evaluate and prevent unauthorised use of DoD IP space; and second, the DoD referred to cyber security, to respond to advanced persistent threats (APTs) which are often nation-state actors.

Madory interpreted the latter as an effort to collect and analyse massive amounts of background internet traffic for threat intelligence.

He pointed to reverse proxy provider Cloudflare receiving over 10 gigabit per second after announcing two /24 sized networks in the 1.1.1.0 and 1.0.0.0 ranges, with just 512 IPv4 addresses.

The Pentagon did not, however, explain why it set up a shell company, Global Resource Systems LLC, to manage AS 8003.

That company was incorporated on October 13 last year in Florida as a Foreign Limited Liability entity.

The internet started life as a Defense Department project, and the US military was allocated vast amounts of the original, 32-bit IPv4 address space.

Much of that address space was not used even though the IPv4 internet was running out of space.

Madory said that last year the US Congress tried to force the DoD to sell unused IPv4 space at market price, which could have fetched the Treasury close to US$1 billion had most of it been sold.