back to article How a dispute over IP addresses led to a challenge to internet governance

One of the world's five regional internet registries, or RIRS, has been the subject of campaigns by a secretive lobby group calling itself the Number Resource Society (NRS). We have learned this is part of the NRS's push for changes to the role of RIRs, the bodies that, among other things, centrally manage the internet's …

  1. Neil Barnes Silver badge
    Holmes

    Nice internet you got here.

    Be a shame if anything happened to it, right?

    1. Anonymous Coward
      Anonymous Coward

      Re: Nice internet you got here.

      Sounds like yet another CCP operation.

    2. Ian Mason

      Re: Nice internet you got here.

      Rather: "Nice block of IP addresses you've got there. Be a shame if people refused to route traffic to or from them."

      It'd only take a few people in the right places to decide that they don't like a particular block(s) and blackhole them to make the block(s) essentially worthless. Just saying.

      1. Yes Me Silver badge

        Re: Nice internet you got here.

        Fortunately the transit operators have more sense.

      2. doublelayer Silver badge

        Re: Nice internet you got here.

        Yes, a few people could do that, but the people you would need to make that happen are also the kind of people who wouldn't do it. Their job is not breaking the internet, no matter how bad certain things on the internet might be, and they take that job seriously. Meanwhile, if you and I decide to drop traffic to them, it will do nothing whatsoever; either we weren't going to use them anyway or we'll have to fix things when they don't work by removing the rule. It's the same reason that, even when people suggest that we drop some country which has been committing serious offenses from the internet, websites hosted in that country still work. Things have to get pretty bad before an address block is dropped in a way that shuts down the operator for good.

        1. Anonymous Coward
          Anonymous Coward

          Poison routes are still a major architectural problem with the modern internet

          We slapped on a few band-aids, but if a few semi-reputable agencies start advertising routes for those blocks, they can send the traffic wherever they want, at least for a bit.

          The usual gag is to then claim it was all an accident.

          The foundations of the internet were built on sand. DNS, RIP, SSL. All had no or broken security, authority, and trust models. None were ever really fixed, and inevitably to many entities would need to update their shit, and never do. So to this day any CA can sign any cert they want and it will test as valid unless the local app pinned that specific cert. Unless every client app sets a known good DNS with DNSSEC and transport level security, and web request can be forged, and not only can the internet backbone no support jumbo frames, it's basic routing can be hijacked by untrusted actors from the other side of the world.

          So maybe blacklisting bad actors IP blocks isn't one of the problems breaking the internet. Maybe we have already been doing it, just not from the RIR level. Maybe that's fine, and low reputation networks shouldn't expect equal treatment or footing with the rest of the internet. It didn't break the internet when we were blocking DDoS attacks, malware, and spam domains after all.

  2. Yorick Hunt Silver badge
    Facepalm

    Time for IPv8

    A more sane solution with easy upgrade from IPv4 - eight bytes instead of four, with the existing IPv4 netspace being mapped to 0.0.0.0.x.x.x.x and (ideally) the two MSBs of the new numbering being used to designate countries for easy geo-identification (hey, the way politics are going these days, we may well get to having 64K+ countries).

    Also... The courts should be given tech-savvy advisors who could simply tell them "tell these private entities to FOaD, they have no business interfering in RIRs' workings."

    1. Richard 12 Silver badge

      Re: Time for IPv8

      Thing is, any change to IP cannot be backwards compatible at all, by definition.

      So it's only ever going to be possible to send IPv4 over IPvN by using a specific wrapper, no matter what. Better to leave the IPv4 packet alone, as every (successful) wrapper of IP has always done.

      There's simply no reason not to go all the way to 128bits.

      Frankly, almost all of the arguments about IPv6 boil down to either "my business is based on charging people for IPv4 addresses", or "I don't like colons".

      1. abend0c4 Silver badge

        Re: Time for IPv8

        I've been critical of IPv6 for, literally, decades, but it's frankly the only game in town and so much time has elapsed that many of the issues are less relevant because so much old kit has dropped off the network while the world dragged its feet.

        It's IPv6 or nothing at this stage and the sooner IPv4 is buried the better.

        1. Anonymous Coward
          Anonymous Coward

          Re: Time for IPv8

          The main issue I see is that there are plenty of firewalls that are still not quite up to the job when it comes to IPv6, yet that's of massive importance if we switch all the way due to frankly embarrassingly weak software by companies that can do a lot better such as Microsoft and Adobe.

          IPv6 has enough capacity to make desktops and devices directly accessible, so even the relatively narrow moat of Network Address Translation (nicely bridged by uPnP, thanks a bunch) is no longer there, and as soon as you have breached one weak device you have a bridgehead to the rest of the network. Frankly, it sometimes appears like these companies do this deliberately to give their own three letter agencies a global leg up. Thankfully most IoT things are too low powered and based on too old hardware to handle IPv6 (most can't even handle 5Ghz WiFi), but that too will eventually change.

          So yes, we don't have much of an option but no, I'm not confident we have all the issues covered. Time to talk to nations who have been at it for a long time because the US didn't give them many IPv4 addresses like Japan, they should have picked up some issues in the process.

          1. Ragarath

            Re: Time for IPv8

            NAT is not meant to be a firewall. NAT is just a way of putting lots of addresses behind another.

            Your moat is the firewall. Configure that properly and you have no issues.

            1. Anonymous Coward
              Anonymous Coward

              Re: Time for IPv8

              I have to disagree. NAT serves as a basic firewall - either you know which port(s) will let through traffic (typically because you were just told which to use), or your traffic doesn't get through. Try to connect on a non-forwarded port, and the router won't allow a connection - not because it's detecting malicious traffic, but because it doesn't know what machine to send it to. Even if a machine on the other side does accept connections on that port, it still won't get through.

              1. CrazyOldCatMan Silver badge

                Re: Time for IPv8

                NAT serves as a basic firewall - either you know which port(s) will let through traffic (typically because you were just told which to use), or your traffic doesn't get through

                Which is why nmap was invented - especially if you don't have port-scanning protection enabled on your firewall. So NAT is essentially security by obscurity - with the tools needed to remove the obscurity easily available.

                In other words, no security at all.

              2. Nanashi

                Re: Time for IPv8

                You're wrong; NAT doesn't serve as a firewall at all. The problem with your argument is this part:

                but because it doesn't know what machine to send it to

                which is incorrect. Your router knows where to send each incoming packet, because each incoming packet has a "destination IP" field specifying where it should be sent.

              3. Ragarath

                Re: Time for IPv8

                Sorry, but firewalls can be stateful, or stateless. You don't need NAT for that. As I said, configure your firewall properly.

                Perhaps I should change that to choose the right firewall and configure it properly.

          2. abend0c4 Silver badge

            Re: Time for IPv8

            Unfortunately, one of the fundamental problems is that people seem to be clinging to demonstrable untruths.

            The most frequent myth is that somehow picking n address bits where 32 < n < 128 would somehow result in something more "compatible" with IPv4. That's simply untrue.

            Another myth is that Network Address Translation provides some sort of security. It doesn't. It's the stateful packet inspection in firewalls that provides the security, NAT is entirely separate and actively breaks things. The two have been conflated in many people's minds, unfortunately.

            Yet another is that IoT devices are too low-powered. There's no difference in the order of complexity between IPv4 and IPv6 so any performance differences are marginal. In any device supporting TLS, the crypto overhead will be considerably more relevant than the Layer 3 overhead.

            The forlorn history of IPv6 is mostly to do with the network operators not understanding the technology and the technologists not understanding network operations. That's the firewall we need to be most concerned about.

            1. Xalran

              Re: Time for IPv8

              the mix between firewalls and NAT is because most of the home triple play boxes/cable routers do the two things.... In the same box, and that's what 99% of the people see ever see when it comes of network equipment.

              Those that work with IP and security all days knows better, and when they have to implement NAT, they do it on a router before the firewall ( seen from inside, with the firewall being the way out ).

              1. Anonymous Coward
                Anonymous Coward

                Especially in the case of crappy firewall GUIs

                that insist on splitting the UI for setting up NAT and firewalling into separate pages, instead of displaying and prompting for both in the same place.

                Nothing beats being pedantic for no reason in a way that also makes it possible to both misconfigure your access rules and then not see that they are when you look at them next. Item six on my checklist when looking at my own or other peoples work.

            2. ChoHag Silver badge

              Re: Time for IPv8

              If a device inspects a packet and determines that the state of its connection is such that the packet's addresses are to be rewritten in transit, is that stateful packet inspection in the firewall or something entirely seperate in the router?

              Is it only stateful packet inspection if you use "rejected" or "accepted" in place of "rewritten"?

              1. abend0c4 Silver badge

                Re: Time for IPv8

                You're trying to conflate two things.

                The stateful packet inspection determines whether packets are rejected or accepted.

                Subsequently, the accepted packets may also be subject to rewriting to support NAT.

                It's not a ternary decision, it's a binary decision followed by an entirely different process.

                1. ChoHag Silver badge

                  Re: Time for IPv8

                  Please continue to explain how one sucks on an egg.

                  This is a single line from the configuration my *combined* *in a single box* *running a single kernel** *through the same in-kernel virtual machine* firewall:

                  match out on egress inet from { $lan:network $pub:network $ms:network } nat-to (egress)

                  Where is the division of responsibility you're referring to? What you say hasn't been true since we stopped using "gateway" to refer to a specific thing.

                  [*] There are two cores so this definition is being stretched slightly. Maybe one does the firewalling (sorry: Stateful Packet Inspection) and the other does the routing (no state and no inspection of packets?)?

                  1. Nanashi

                    Re: Time for IPv8

                    The line you've quoted only applies NAT to outbound connections. The lines that decide whether or not a connection is permitted (aka the actual firewall) are elsewhere in your configuration. The state tracking, which both of these separate functionalities depend on, is done elsewhere in the kernel.

            3. Anonymous Coward
              Anonymous Coward

              Re: Time for IPv8

              considering the people who read the register, this thread is quite scary....NAT IS NOT A SECURITY STANCE!!

              1. Anonymous Coward
                Anonymous Coward

                The old grey mare, she ain't what she used to be

                ain't what she used to be

                ain't what she used to be

                Due to the generous and lenient moderation policies, many of out more vociferous members were refugees from other sites and brought their diverse culture of posting on topics they know nothing about beyond their personal "it works on my home router" experience with them. The old Moderatrix probably would have tired of them, but the whole rag might have disappeared if they stuck to an old format for old-timers.

                To be fair, depending on the nuance of the command syntax it can look like this is all happening in a single step, and even pages of borderline wizardry under legacy tools like IPCHAINS is now just a half dozen lines in something like PF syntax.

                That said, there are key parts in the network and routing stack that handle all of this, all nicely written up in your distro/kernel documentation. If you have never seen the terms MANGLE INPUT and PREROUTING you probably haven't gotten deep enough. They really are and will be separate steps in the guts of the routing code no matter how the user level tools (GUI or CLI) handle them.

                1. Anonymous Coward
                  Anonymous Coward

                  Though maybe that should have been

                  The old Red Reg, she ain't what she used to be.

                  or

                  Grouchy greybeards gripe bout the good ol days

                  Grouchy greybeards gripe bout the good ol days

                  Sing it with me...

          3. John Sager

            Re: Time for IPv8

            Well, my firewall rules disallow general inbound V6 traffic to all my nodes. It's only a few lines in nftables.

      2. Roland6 Silver badge

        Re: Time for IPv8

        >” Frankly, almost all of the arguments about IPv6 boil down to”

        You omitted a big one: not supported by ISP.

        It is obvious here businesses such as Cloud Innovation and NRS have little interest in IPv6 because they can make (lots of) money from the scarcity of IPv4 addresses. I expect having established the business model for IPv4 they will simply transfer it to IPv6, as most people won’t understand..

        1. Doctor Syntax Silver badge

          Re: Time for IPv8

          And another: devices with baked in IPV4 stacks. Many are likely to be so insecure that getting rid of them would be justification in itself but there'd be uproar if they all suddenly died.

          1. Yes Me Silver badge

            Re: Time for IPv8

            That's why the Internet is dual stacked.

        2. Richard 12 Silver badge

          Re: Time for IPv8

          I covered that one:

          "My business is based on charging people for IPv4 addresses"

        3. Yes Me Silver badge
          Go

          Re: Time for IPv8

          "I expect having established the business model for IPv4 they will simply transfer it to IPv6, as most people won’t understand.."

          They can't do that, for various reasons. IPv6 is the best way to defeat these scumbags.

          We're 44.76% of the way there according to Google's latest data.

          1. Roland6 Silver badge

            Re: Time for IPv8

            > They can't do that, for various reasons.

            I would not be so sure, if they effectively control both the regional registrar and the resale of allocations to users, there is plenty of opportunity for profiteering…

      3. CrazyOldCatMan Silver badge

        Re: Time for IPv8

        almost all of the arguments about IPv6 boil down to either "my business is based on charging people for IPv4 addresses", or "I don't like colons"

        Or "it's a confusing mess of kludges, designed by people who had never run a real network in their lives"..

        1. Michael Wojcik Silver badge

          Re: Time for IPv8

          Zone identifiers.

          That abomination alone is a fine criticism of IPv6.

          We're stuck with IPv6 – IPv4 will become increasingly problematic, and no competitor to IPv6 will have a chance at broad adoption in the foreseeable future. But much of IPv6 is an ugly mess.

          1. Anonymous Coward
            Anonymous Coward

            Re: Time for IPv8

            IPv6 solved problems for a certain subset of the internet ecosystem, and belligerently ignored the needs and concerns of the people they wanted to use it. They mismanaged the standards process and promoted an ivory tower attitude where sorting out the linked issues with DNS, route advertisement and security were all someone else's problem to fix. They also chose to die on the NAT hill, which despite their whining at the time has failed to fall over and die for decades, and it never will.

            Instead of offering ISPs and their customers a pragmatic and comprehensive solution, they rolled out a hot mess that people immediately hated and left an entirely different set of people to start trying to fix it.

            They kept declaring world IPv6 days, while failing to ask or understand why the first one failed spectacularly.

            I disagree that we are stuck with IPv6 and it's assumptions, but parts of it will probably live on in any successors. The core routing table code is efficient, but it doesn't scale well when there are a large number of exceptional routes, it doesn't handle dynamic load balancing on multiple internet connections very well, or handle fail overs gracefully because of BGP not being updated other than to handle the new address space.

            But people who ignore any criticism of IPv6 will never mention the actual concerns with it, no matter how often they are repeated.

      4. This post has been deleted by its author

      5. Anonymous Coward
        Anonymous Coward

        Re: Time for IPv8

        Frankly, almost all of the arguments about IPv6 boil down to either "my business is based on charging people for IPv4 addresses", or "I don't like colons".

        That, and IPv6 is still barely taught even at University level. My nephew just got a Bsc (hons) in Computer Science (Network Engineering) and he can't even make a patch lead...he is applying for management jobs right now because the University has hammered into him that he is ready for a management position.

        I had to fill in for his lecturers on a lot of stuff because what they were teaching was guff...I spent a lot of long nights, 8 hours an night for about 2 weeks teaching him everything he needed to know and at the end of it, he told me I packed more into those two weeks than his lecturers had covered in 2 years.

        Education in our sector is fucked and the path to become a trainer (and of course the incentive) is crap. I'd love to be a trainer, but I don't think I could live off the money. That, and despite having over 20 years of experience, I don't think I'd even be considered because I hold no academic qualifications related to tech past an A-Level.

    2. Xalran

      Re: Time for IPv8

      That's what is done....

      http://www.tcpipguide.com/free/t_IPv6IPv4AddressEmbedding.htm

      And it doesn't solve the main issue : how do you route that address in IPv6 ?

      Knowing that you need a network prefix in the IPv6 addressing space ( which obviously cannot be there due to all the zeros ) to route the traffic towards that address.

      So this solution only works for IPv4 only devices that needs to be reachable in the local IPv6 addressing space. It's not a solution that works for Internet traffic at Tier 1 Carrier Level.

    3. Nanashi

      Re: Time for IPv8

      How would that be an easier upgrade than v6 already is?

      Making it only 64 bits also seems like the opposite of "more sane" to me. Migrating the L3 protocol on the Internet is extremely difficult and setting ourselves up for needing to do it again is not sane at all.

  3. Kevin McMurtrie Silver badge

    No winners

    AFRINIC, KRNIC, TWNIC, and the Chinese parts of APNIC have always been a mess. By the time fighting finishes, the value of those netblocks may never be more valuable than plentiful IPv6 addresses. They going to be in various "set and forget" blocklists all over the world because of their long history of misuse and invalid ownership records.

    1. CrazyOldCatMan Silver badge

      Re: No winners

      They going to be in various "set and forget" blocklists all over the world

      China [1], Russia and a few other places are already in my country IP blocklist - which reduces the attacks on my network by about 70%..

      [1] I allow traffic to but not from..

  4. Graham Cobb
    Holmes

    Great journalism

    What we need IT journalism for.

    Well done! Looking forward to the followups.

  5. Brewster's Angle Grinder Silver badge
    Pint

    I hope you risk assessed this piece. They sound like the kind of people who might put their objections into letter from lawyers. Good work, anyway.

    1. Doctor Syntax Silver badge

      Still less of a risk than those who put their objections into big blokes with blunt and not at all blunt instruments.

      1. Spanners
        Pirate

        @Doctor Syntax

        However, the best known user here of sending in the lads is no longer in parliament.

  6. Kurgan

    The issue with V6 is... NAT

    The issue with v6 is that if you use public address in your local network, and then you switch to a different ISP, then you have to renumber ALL of your network, which is a HUGE task. No problem for the smaller home user, no problem for the AS owner, big problem for small-medium business.

    Unless you can NAT (one to one, not many to one) your local network so that you keep its internal numbering fixed and then you can just reconfigure NAT rules to change ISP, or unless V6 is sold to customers like domains currently are (my /64 or /48 is MINE and I can route it through any ISP I like) then V6 will be a pain to manage for SMBs.

    The other issue with v6 is its complexity and its mixed autoconfig / discovery / announce functions, which are a security/management mess. Why not just stick to DHCP? I don't get it.

    1. Roland6 Silver badge

      Re: The issue with V6 is... NAT

      >” The other issue with v6 is its complexity and its mixed autoconfig / discovery / announce functions, which are a security/management mess”

      I’ve not had enough exposure to confirm, but it does seem many router/firewall vendors configure the IPv6 stack through the transposition of the IPv4 configuration and then give little visibility of the IPv6 traffic…

      I dislike how there are multiple ways to configure the IPv6 connection to a 4G mobile network, yet only one will work and the mobile operator provides no information as to which one you should be using. Suspect similar will apply to fixed lines - although expect everything to be straight-forward if you use the ISP provided router.

      1. Doctor Syntax Silver badge

        Re: The issue with V6 is... NAT

        "although expect everything to be straight-forward if you use the ISP provided router."

        You missed the joke icon.

    2. Nick Stallman

      Re: The issue with V6 is... NAT

      If you are big enough to require static internal ips in such quantity that this might be a genuine headache, you know you can just get your own IPv6 block and own it entirely regardless of what ISP you have

      I hear IPv6 blocks are quite plentiful and easy to get.

      (Yes I am a ip block owner and have put time in to ensuring everything is dual stack)

      1. stiine Silver badge

        Re: The issue with V6 is... NAT

        Really? I'm going to presume your ISP is in Blighty. If you can relocate your company to Italy without having to change prefixes, I'd really like to know how. And don't tell me 'by paying for backhaul to Blighty' because that's not an answer.

        1. Red~1

          Re: The issue with V6 is... NAT

          I believe (but could be wrong) that you would undelegate your personally "owned" ipv6 block from your blighty isp and then delegate it to your italian isp (providing that both ISPs are up for it - you might need to pick a more niche/technically inclined provider like Andrews & Arnold for example).

        2. Arthur the cat Silver badge

          Re: The issue with V6 is... NAT

          Provider independent address blocks as they're known are assigned by the regional NCCs (RIPE, APNIC, AFRINIC, etc), so you can move them around within the region. Presumably anyone large enough to need such a block is also going to have their own ASN(s) and use BGP routing, ie they don't have an ISP as mere mortals do, just connectivity agreements.

        3. Ian Mason

          Re: The issue with V6 is... NAT

          You clearly don't know how this works if you think what country you're in determines the routeability of an assigned IP prefix, be it a v4 prefix or a v6 prefix.

          If you've a block permanently assigned to you, then you just find a grown-up ISP and say "We need you to announce this over BGP". Better still get your own ASN (You'll have no problem with this is you're capable of getting a permanently assigned prefix) and advertise your prefix yourself to one or more upstream transit providers.

    3. Paul Crawford Silver badge

      Re: The issue with V6 is... NAT

      Can you get IPv6 -> IPv4 NAT so all of your internal addresses are from, say, 10.x.x.x block and they routed outside on whatever IPv6 addresses are allocated?

      Presuming here that very few folks considering security actually want incoming connections by default, only as set up in the router via port-forwarding or whatever means used for specific needs.

      1. Xalran

        Re: The issue with V6 is... NAT

        Yes it's possible.

        You have an internal network in IPv4 and your external facing interface is a single IPv6 address.

        It's actually the easiest case, as what Internet sees is an IPv6 address, and it's up to the router doing the 4to6 translation to handle which flows goes where on the IPv4 side.

        The PITA case is when you have an IPv6 network internally and only an IPv4 link towards the Internet....

        Now the above consider single stacks... At this time dual stack is commonly used so both IPv4 and IPv6 can be used... Dual stack adds in reachability ( as your system will be reachable through both IPv4 and IPv6 ), but it adds in complexity if you want your network to be secure ( you have to configure the firewalls and the routers for both stacks, each stack being configured separately )

        1. Arthur the cat Silver badge

          Re: The issue with V6 is... NAT

          you have to configure the firewalls and the routers for both stacks, each stack being configured separately

          I don't know what firewall/router combination you're using, but OPNsense lets you write rules for UDP & TCP that apply to both IPv4 and IPv6 simultaneously. Yes, the underlying software may have two rules, but you only need to think about one.

          1. Xalran

            Re: The issue with V6 is... NAT

            Juniper, Ericsson, Nokia, Stormshield, Cisco.... Puny companies making routers, switches and/or firewalls found in networks all over the world.

            1. Arthur the cat Silver badge

              Re: The issue with V6 is... NAT

              Ah, the "we're so big we don't have to give a shit about our customers' convenience" brigade,

          2. CrazyOldCatMan Silver badge

            Re: The issue with V6 is... NAT

            OPNsense

            I'm about to migrate to that (from Sophos UTM nee Astaro Linux) - UTM doesn't seem to be under active support any more and the home 50 IP address limit is starting to be irksome.

            I have OPNSense all ready to go, just need to bite the bullet and do it. OPNSense is running on one of the Lenovo mini-PC thingies whereas UTM is running on a very old HP Microserver with a Celeron processor..

        2. Nanashi

          Re: The issue with V6 is... NAT

          What you're describing here isn't really possible on the client side. How would the IPv4-only devices on the LAN specify which IPv6 address to send their packets to?

    4. Xalran

      Re: The issue with V6 is... NAT

      Ever heard of DHCPv6 ?

      https://en.wikipedia.org/wiki/DHCPv6

      1. Havin_it

        Re: The issue with V6 is... NAT

        Google came out very firmly against DHCPv6 in Android (and given the objections were of a universal philosophical nature, presumably everywhere else in their estate also). So that's probably a bit of a dead dodo.

    5. Arthur the cat Silver badge

      Re: The issue with V6 is... NAT

      The issue with v6 is that if you use public address in your local network, and then you switch to a different ISP, then you have to renumber ALL of your network, which is a HUGE task.

      Nope. That's exactly what NPTv6 is for. Give all your internal machines ULA (fd00::/10) addresses so they never need renumbering, use NPTv6 as you transition to outside to transform the network prefix to whatever your ISP has given you. Change ISP, change the network prefix mapping on your externally visible router(s), don't touch anything else.

      1. Arthur the cat Silver badge

        Re: The issue with V6 is... NAT

        Bah! Just spotted that should have been fd00::/8. Thinko.

    6. cdegroot

      Re: The issue with V6 is... NAT

      For SMBs, that’s plain wrong. Public addresses are handed out inside the prefix received from upstream. Change providers pretty much is seamless, just restart stuff and it’ll get a new address. Changing providers is also something that’s hardly ever done.

      Side note: I do hope that everybody here commenting on how hard/bad/… IPv6 is has gone through at least the trouble to do Hurricane Electric’s free IPv6 course.

  7. TeeCee Gold badge
    Facepalm

    There's a big clue in there.

    Which is that the prime agitator is Chinese and runs a Chinese company which, of course, means everything you do has to have the at least tacit approval of the Chinese government (unless you fancy disappearing for a while for re-education).

    So the correct question is; "What do the Chinese government have to gain from fucking up the internet, which all western economies are heavily dependant on?".

    The fact that they seem to be using Africa as their main lever would tie in with every other bit of global economic sabotage that they're up to their crooked little necks in at the moment.

    Same old China...

    1. doublelayer Silver badge

      Re: There's a big clue in there.

      It's possible, but they also have the attitude that "If we don't object to it, do whatever you want that affects other countries". It is possible that this is really just a profit-generating activity and China isn't doing anything about it because they aren't affected and get to collect some tax. Nothing requires this to be a thoroughly-considered plot even if there's a possibility that they could have one.

      1. Cuddles

        Re: There's a big clue in there.

        Yeah, but look at the last line of the article - "And as The Register will soon report, the NRS moved on to a new target: the Asia Pacific Network Information Centre". If they're going after APNIC, either the Chinese government is involved, or it soon will be.

  8. Howard Sway Silver badge

    the NRS's free market ideas

    1. Grab land.

    2. Charge ever increasing rent, forever.

    This story looks simply like a tale of one man's greed, let loose by his realisation that he could subvert and capture a regulatory process for personal gain. Again, another standard "free market" process, see business lobbying of politicians for "business friendly" laws that enable them to make a fortune without too much of that pesky innovation and competition malarkey.

  9. thx1111

    Simply turn-off IPv4

    These issues with IPv4 will be resolved quickly when the first major Internet backbone provider simply disables IPv4 routing. Too many ISPs continuing to support IPv4 is the only reason IPv4 is still around.

  10. This post has been deleted by its author

    1. Roland6 Silver badge
      Joke

      Because the world turned its back on OSI…

      1. abend0c4 Silver badge

        Despite the joke icon, that's an almost perfect summary.

        There's very little that IPv6 offers that wasn't possible with CLNP when the IAB proposed its adoption. The fundamental mistake was that there wasn't a reference implementation so the vendors who'd worked on the ISO specs appeared to be pressing their commercial advantage - which, if they were, didn't pan out as they might have hoped.

  11. Anonymous Coward
    Anonymous Coward

    Leasing IPv4 addresses

    This needs banning.

    If you have spare ones it means you don't need them and they should be returned to your RIR.

    They weren't sold in the first place so you shouldn't be able to sell the ones you were lucky enough to be given.

    1. abend0c4 Silver badge

      Re: Leasing IPv4 addresses

      The thing is, in the end they're just numbers.

      It will be interesting to see to what extent network operators can be legally obliged to respect their ownership and provide service.

    2. Roland6 Silver badge

      Re: Leasing IPv4 addresses

      One of the benefits of IPv6 is that it puts the entire address space on the same Ts&Cs - unlike IPv4, specifically all address blocks are leased and not owned.

  12. Yes Me Silver badge
    Mushroom

    Not optional

    NRS is a bunch of scumbags, or do I mean scambags? In any case they must simply be resisted by all means possible. That's all.

  13. Berny Stapleton

    Nice Article!

    Hey Simon!

    Long time no talk, awesome article, can't wait for the follow up!

  14. xeroks

    Power of the individual.

    The thing that intrigues me about this is that it all appears to be the work of one person (plus a couple of contractors) who managed to grab a big bunch of IP addresses, and is doing his best to monetise them.

    I doubt he's actually raking in the $14m-$21m revenues the figures suggest, but, presuming he has few if any employees, he's likely to be nicely well off.

  15. aurizon

    Here we have a Racket in Process = RIP. They file hundreds of trivial motions, via word processor, that amass into tens of thousands of dollars worth of lawyer's fees at their hourly rate, much like patent trolls = a new type of troll.

    Once mature, their racket will have an annual fee(the take) that will be determined by your business (the handle)

    and so this fellow will do little creative work, a computer and some scripts will create the largest cash cow any emperor ever controlled.

    How to deal with it? Take it from him by decree and also do not leave it in the hands of any tin pot would be emperors.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like