According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people. --Steve Bellovin, http://www.cs.columbia.edu/~smb
On Wed, 3 Jan 2007, Steven M. Bellovin wrote:
According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people.
Half related, the amazing Steven Murdoch did some traffic analysis on a similar issue, trying to detect machines behind the annonyzing Tor network. "By requesting timestamps from a computer, a remote adversary can find out the precise speed of its system clock. As each clock crystal is slightly different, and varies with temperature, this can act as a fingerprint of the computer and its location." ftp://ftp.fortunaty.net/video/23c3/wmv/timeskew2-t2s1.wmv http://events.ccc.de/congress/2006/Fahrplan/events/1513.en.html Anyone remember CAIDA's study on the crystals for detecting machines through NATs? http://www.caida.org/publications/papers/2005/fingerprinting/KohnoBroidoClaf... Another good lecture on traffic analysis at CCC, which was an introduction by George Danezis: http://events.ccc.de/congress/2006/Fahrplan/attachments/1185-DanezisTAIntro.... Gadi.
On 4-jan-2007, at 0:31, Steven M. Bellovin wrote:
According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia- Block.html all of Qatar appears on the net as a single IP address.
I wonder what they use the other 241663 addresses for. +---------+---------+------+--------------+--------+ | rir | country | type | descr | num | +---------+---------+------+--------------+--------+ | ripencc | QA | ipv4 | 81.29.160.0 | 4096 | | ripencc | QA | ipv4 | 82.148.96.0 | 8192 | | ripencc | QA | ipv4 | 86.36.0.0 | 131072 | | ripencc | QA | ipv4 | 86.62.192.0 | 16384 | | ripencc | QA | ipv4 | 89.211.0.0 | 65536 | | ripencc | QA | ipv4 | 212.77.192.0 | 8192 | | ripencc | QA | ipv4 | 213.130.96.0 | 8192 | | ripencc | QA | ipv6 | 2001:1a10:: | 32 | +---------+---------+------+--------------+--------+ They have 0.4 addresses per person in Qatar, which isn't all that bad: Italy has 0.33. (Caveats about EU labeled address space etc apply.)
On Thu, Jan 04, 2007 at 12:53:23AM +0100, Iljitsch van Beijnum wrote:
On 4-jan-2007, at 0:31, Steven M. Bellovin wrote:
According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia- Block.html all of Qatar appears on the net as a single IP address.
I wonder what they use the other 241663 addresses for.
Internal addressing, perhaps, if the AP story is correct. -- Joe Yao ----------------------------------------------------------------------- This message is not an official statement of OSIS Center policies.
Le Wed, Jan 03, 2007 at 07:07:22PM -0500, Joseph S D Yao a écrit :
I wonder what they use the other 241663 addresses for.
Internal addressing, perhaps, if the AP story is correct.
Servers maybe ? I hope that they are not NATed. Taping devices may need a separate management address too :) -- Vassili Tchersky
On Thu, 4 Jan 2007 00:53:23 +0100 Iljitsch van Beijnum <iljitsch@muada.com> wrote:
On 4-jan-2007, at 0:31, Steven M. Bellovin wrote:
According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-> Block.html all of Qatar appears on the net as a single IP address.
I wonder what they use the other 241663 addresses for.
+---------+---------+------+--------------+--------+ | rir | country | type | descr | num | +---------+---------+------+--------------+--------+ | ripencc | QA | ipv4 | 81.29.160.0 | 4096 | | ripencc | QA | ipv4 | 82.148.96.0 | 8192 | | ripencc | QA | ipv4 | 86.36.0.0 | 131072 | | ripencc | QA | ipv4 | 86.62.192.0 | 16384 | | ripencc | QA | ipv4 | 89.211.0.0 | 65536 | | ripencc | QA | ipv4 | 212.77.192.0 | 8192 | | ripencc | QA | ipv4 | 213.130.96.0 | 8192 | | ripencc | QA | ipv6 | 2001:1a10:: | 32 | +---------+---------+------+--------------+--------+
They have 0.4 addresses per person in Qatar, which isn't all that bad: Italy has 0.33. (Caveats about EU labeled address space etc apply.)
Honeypots? (As I noted, there might also be a port 80 packet filter, combined with an official web proxy that can get out.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
all of Qatar appears on the net as a single IP address.
I wonder what they use the other 241663 addresses for.
Same as you. To address the many machines and networks in Qatar. The existence of a NAT gateway to one portion of the Internet does not remove the need for registered IP addresses. They are still needed to avoid addressing conflicts in the portion of the Internet which is not behind the gateway. --Michael Dillon
On 4-jan-2007, at 14:37, Michael.Dillon@btradianz.com wrote:
all of Qatar appears on the net as a single IP address.
I wonder what they use the other 241663 addresses for.
To address the many machines and networks in Qatar. The existence of a NAT gateway to one portion of the Internet does not remove the need for registered IP addresses.
Whatever. The point is that IF it's true that they NAT (or proxy) the whole country, it's not because of lack of addresses. In other words, whatever ill effects befall them as a result, they only have themselves to blame. By the way, I have two different .qa domain names in my WWW logs, one with "proxy" in it and one with "nat" in it...
On Wed, 3 Jan 2007, Steven M. Bellovin wrote:
According to http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html all of Qatar appears on the net as a single IP address. I don't know if it's NAT or a proxy that you need to use to get out to the world, but whatever the exact cause, it had a predictable consequence -- the entire country was barred from editing Wikipedia, due to abuse by (presumably) a few people.
I think I read at Wikipedia that this is their proxy-servers IP address (or proxy server farm probably). Also, the only thing that was stopped was anonymous editing, editing after login and anonymous reading wasn't stopped. -- Mikael Abrahamsson email: swmike@swm.pp.se
participants (7)
-
Gadi Evron -
Iljitsch van Beijnum -
Joseph S D Yao -
Michael.Dillon@btradianz.com -
Mikael Abrahamsson -
Steven M. Bellovin -
Vassili Tchersky