OK so what's going with these millions of Pentagon-owned IPv4 addresses lighting up all of a sudden?
Network advertisement of military addresses by obscure corporation not so exciting after all
The unexplained awakening over the past four months of more than 100 million previously dormant US Department of Defense (DoD) IPv4 addresses now has an explanation.
On January, 20, 2021, as noted over the weekend by Doug Madory, director of internet analysis at network monitoring biz Kentik, a sizable portion of unused IPv4 address space registered to the DoD (GRS-DoD) and referred to as AS8003, began announcing the reachability of millions of previously unreachable addresses via the Border Gateway Protocol (BGP).
Coming ten minutes after President Joseph Biden was sworn into office and three minutes prior to the statutory conclusion of Donald Trump's term, the timing of the BGP announcement invited speculation about the motives for lighting up so many previously dark addresses.
More so, because the company administering the growing swath of addresses – Plantation, Florida-based Global Resource Systems LLC – lacks a meaningful web presence and because that opacity extends to the organization's ownership.
China showing signs of brewing IPv6 eruptionREAD MORE
When the Washington Post sent a reporter to knock on the door of the company's office – a shared workspace – the receptionist declined to provide any information about the business and asked the reporter to leave.
The Register called the biz and emailed to learn more about who's running things at Global Resource Systems, and we've not heard back.
Up through April, the advertised address range continued to expand to that point that Global Resource Systems is now representing almost 175 million DoD-registered IPv4 addresses, more than any other Autonomous Systems Number in the US, including AT&T.
That's a potentially valuable asset at time when the supply of available IPv4 addresses is scarce.
Concerned about the possibility that this government-owned resource might be sold – contemplated by lawmakers in 2019 [PDF] but not enacted – or given away to an opaque private company, The Register asked the Defense Department to clarify what's going on.
A DoD spokesperson suggested that merely advertising the validity of the IP addresses within AS8003 hasn't changed anything.
"There was no change in the allocation and assignment of address space," the spokesperson said in an email. "The address space was not sold, and the address space is still registered, allocated and assigned to the DoD Network Information Center (NIC)."
Asked to provide further detail about who's running Global Resource Systems, the DoD spokesperson did not respond, but did provide a statement from Brett Goldstein, director of the US military's Defense Digital Service (DDS).
Formed in 2015, the DDS aims to apply private sector expertise to Defense Department projects. The agency, said Goldstein, authorized the advertisement of the previously unused DoD IP addresses as part of a pilot test.
"This pilot will assess, evaluate and prevent unauthorized use of DoD IP address space," said Goldstein. "Additionally, this pilot may identify potential vulnerabilities."
He characterized the effort as one of many cybersecurity initiatives undertaken in response to sophisticated threats as a way to mitigating potential vulnerabilities.
Madory in his post interpreted the address space advertisement as a way to deter squatters who might try to abuse unused DoD addresses as a way to bypass blocklists, and as a way to gather internet traffic data for threat analysis.
And well, now we know. ®
- Black Hat
- Black Hole
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Federal government of the United States
- Government of the United Kingdom
- Identity Theft
- Kenna Security
- Network switch
- Palo Alto Networks
- Radio Access Network
- Software-defined network
- Streaming video
- Submarine cable
- Systems Approach
- Trusted Platform Module
- World Wide Web
- Zero trust