[pgn674]

Ohh, I think I see. So instead of (or in addition to) creating internal subnets inside 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16, they set up subsets inside DoD's 11.0.0.0/8 etc., and it worked out because there were no external BGP announcements for those ranges. But now that there are, if they did not explicitly configure their border gateways to route those ranges inside their networks, the traffic may now leak out to DoD's pilot effort.

[jasonhansel]

Maybe DoD is trying to catch security flaws caused by traffic intended for their own internal networks accidentally reaching the public internet? Advertising those IPs publicly and logging all traffic could be a good way of detecting such bugs in DoD systems.

[freeflight]

From the article:

> What is clear, however, is the Global Resource Systems announcements directed a fire hose of Internet traffic toward the Defense Department addresses. Madory said his monitoring showed the broad movements of Internet traffic began immediately after the IP addresses were announced Jan. 20.

> Madory said such large amounts of data could provide several benefits for those in a position to collect and analyze it for threat intelligence and other purposes.

It's interesting how this is framed as something "defensive in nature", when it's yet another massive funnel for data being slurped up by a US government agency.

If China or Russia would suddenly reroute a ton of traffic from outside their countries, to their respective government agencies, I doubt anybody would believe a benign "Just checking our security!" explanation.

[ev1]

> If China or Russia would suddenly reroute a ton of traffic from outside their countries, to their respective government agencies

It is their IP space. It is entirely on your incompetent network staff if you are stealing IPs that are 1) not yours, 2) in use, 3) not in your country for internal use and on top of that, not rejecting external routes to it.

It is not "rerouting a ton of traffic", the traffic was destined toward them in the first place.

[Galanwe]

These IPs have been unused since so long, that using these for private networks is absolutely not uncommon.

Somehow the discussion seem to point to China and Russia, but I know a ton of EU companies that use these ranges.

[freeflight]

You can debate semantics all you want, it doesn't change the reality of the situation and how the problem of IPv4 address exhaustion is very real and not just down to "incompetent network staff".

The DoD sitting on all that unused address space actively contributed to that problem and now it's exploiting band-aid fixes around it to once again play data kranken of the world under the guise of "We are just fighting APT!".

[bombcar]

It’s pretty clear that the DoD realizes how close they were to being forced to sell all that IP space off and wouldn’t have even been able to say “we’re using it” as it wasn’t routed.

[oarsinsync]

IP address space doesn’t have to be announced to the internet in order to be in use, or require global uniqueness.

[alisonkisk]

Look, if you want to come someone's IP address for your internal network, that's fine, what you do in your private network is your business. But don't blame the owner when they say "hi, I exist" and you forgot to configure your routers to ignore them. It's not the DoD's fault that other netops didn't bother break the rules in a safe way.

[xwolfi]

Reading what the DOD said "officially" it appears that maybe they were just looking to see if these IP could be registered, simply.

It sounds a bit weird they would have needed 170+M ips to get a good attack sample from the internet if the ip are contiguous, a few thousands would have sufficed. It sounds very weird to expect "China" to suddenly route Xi's dirty videos and why not Iran, Japan, everyone suddenly routing craps there, it's not very targetted and would cost quite a bit to read all the potential tcp packets that got lost by bad WAN vs LAN priority decisions in routers.

Also, it's one shot, so why now ? They would have just lost a huge weapon, if true, in a very public manner, for no particular visible threat, not precise target and at great cost possibly.

I'm okay to believe this was possibly just an inventory/activation exercise because someone noticed they owned stuff they can't use until they register them.

[dannyw]

It also explains the lack of public commentary.

[jasonhansel]

Indeed. Publicly commenting on it would expose the potential vulnerability (i.e. the accidental leakage of traffic onto the public internet).

[capableweb]

Not sure. If the government is doing something large-scale in public (like construction projects [or maybe global IP routing]), they should communicate what is happening before doing it, in order to not phase people.

[kelnos]

Eh, I wouldn't be surprised if an org like the Pentagon is secretive about things that aren't really necessary to be secrets. It's just kinda in their nature to be that way (kinda like Apple's default-secrecy about products and features).

(Also, sorry to be That Guy, but this one always gets to me: in the sense you've used it, it's "faze", not "phase".)

[dunmalg]

I used to work in intelligence. "Secrecy creep" has long been a serious problem inside DoD. How information get classified has largely been left up to low level federal bureaucrats, people my father used to angrily refer to as "big haired women from Mississippi". Basically, they are low level federal office drones, with minimal knowledge about the actual content of classified programs, who re left to determine how they are classified. They start with the core information of a project and classify it "Top Secret". Then they take all the peripheral information of that project and classify it TS as well, just to be safe, because it might overlap with the core info, but they have no clue because they're a GS-4 clerk from Boogerville with a high school diploma. Later as more content is generated in a program, stuff peripheral to the previous peripheral data, which realistically should be classified "Confidential" at most, it too gets classified as TS because of its proximity to the previously over-classified peripheral data. Lather-Rinse-Repeat for a few decades and you have huge swathes of widely known, utterly inconsequential information classified Secret or Top Secret.

[MereInterest]

Don't answer this if it isn't legal to answer, but do you have any examples you can share? I can entirely picture the process, and completely believe that it happens, but I don't have a mental image of what the end result looks like.

[ajross]

Right, because if there's anything the Pentagon has been known for over the past seven decades or so it's clear publication and transparent disclosure of all its large scale classified projects so as not to phase the public.

[hujun]

it is very unlikely to for a company like Alibaba not configuring their BGP right

[zeusk]

Have you seen the talk about AI with Jack Ma and Elon?

I wouldn't be surprised.

[Jach]

FWIW Ma seems significantly smarter than he showed during that event when you look at translations of his Chinese (speaking or written). But in any case, even an incompetent CEO can still have competent IT.