What stops someone from configuring their network with IP addresses they do not own?












20















Here's the scenario. I was picturing a university that bought a range of IP addresses. I think they'd still be inside a ISP (right?), but they'd have freedom to configure stuff the way they wanted.



What stops them from attributing their routers and hosts already in use IP addresses?



And what would happen if indeed someone do this?










share|improve this question




















  • 6





    Universities were the original ISPs. The Internet was a collaborative academic/government experiment. In fact, the public Internet is simply a bunch of ISPs peering with other ISPs of their own choosing. The government, looking for a way to keep communications going in the event of a disaster (e.g. nuclear war, among other things), funded the universities and the telco (at the time AT&T, not the one you know today, which was the only real telco) to devise a method to maintain communications when a path was destroyed, and it resulted in packet switching and the Internet.

    – Ron Maupin
    Jan 18 at 6:13






  • 1





    In the UK, for example, JISC oversees network allocations for universities.

    – OrangeDog
    Jan 18 at 11:33











  • Nothing. But of course this isn't a problem with IPv6.

    – Martin Schröder
    Jan 27 at 15:26
















20















Here's the scenario. I was picturing a university that bought a range of IP addresses. I think they'd still be inside a ISP (right?), but they'd have freedom to configure stuff the way they wanted.



What stops them from attributing their routers and hosts already in use IP addresses?



And what would happen if indeed someone do this?










share|improve this question




















  • 6





    Universities were the original ISPs. The Internet was a collaborative academic/government experiment. In fact, the public Internet is simply a bunch of ISPs peering with other ISPs of their own choosing. The government, looking for a way to keep communications going in the event of a disaster (e.g. nuclear war, among other things), funded the universities and the telco (at the time AT&T, not the one you know today, which was the only real telco) to devise a method to maintain communications when a path was destroyed, and it resulted in packet switching and the Internet.

    – Ron Maupin
    Jan 18 at 6:13






  • 1





    In the UK, for example, JISC oversees network allocations for universities.

    – OrangeDog
    Jan 18 at 11:33











  • Nothing. But of course this isn't a problem with IPv6.

    – Martin Schröder
    Jan 27 at 15:26














20












20








20


5






Here's the scenario. I was picturing a university that bought a range of IP addresses. I think they'd still be inside a ISP (right?), but they'd have freedom to configure stuff the way they wanted.



What stops them from attributing their routers and hosts already in use IP addresses?



And what would happen if indeed someone do this?










share|improve this question
















Here's the scenario. I was picturing a university that bought a range of IP addresses. I think they'd still be inside a ISP (right?), but they'd have freedom to configure stuff the way they wanted.



What stops them from attributing their routers and hosts already in use IP addresses?



And what would happen if indeed someone do this?







router ip network internet ip-address






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 18 at 0:12







Tiago Oliveira

















asked Jan 17 at 23:04









Tiago OliveiraTiago Oliveira

16427




16427








  • 6





    Universities were the original ISPs. The Internet was a collaborative academic/government experiment. In fact, the public Internet is simply a bunch of ISPs peering with other ISPs of their own choosing. The government, looking for a way to keep communications going in the event of a disaster (e.g. nuclear war, among other things), funded the universities and the telco (at the time AT&T, not the one you know today, which was the only real telco) to devise a method to maintain communications when a path was destroyed, and it resulted in packet switching and the Internet.

    – Ron Maupin
    Jan 18 at 6:13






  • 1





    In the UK, for example, JISC oversees network allocations for universities.

    – OrangeDog
    Jan 18 at 11:33











  • Nothing. But of course this isn't a problem with IPv6.

    – Martin Schröder
    Jan 27 at 15:26














  • 6





    Universities were the original ISPs. The Internet was a collaborative academic/government experiment. In fact, the public Internet is simply a bunch of ISPs peering with other ISPs of their own choosing. The government, looking for a way to keep communications going in the event of a disaster (e.g. nuclear war, among other things), funded the universities and the telco (at the time AT&T, not the one you know today, which was the only real telco) to devise a method to maintain communications when a path was destroyed, and it resulted in packet switching and the Internet.

    – Ron Maupin
    Jan 18 at 6:13






  • 1





    In the UK, for example, JISC oversees network allocations for universities.

    – OrangeDog
    Jan 18 at 11:33











  • Nothing. But of course this isn't a problem with IPv6.

    – Martin Schröder
    Jan 27 at 15:26








6




6





Universities were the original ISPs. The Internet was a collaborative academic/government experiment. In fact, the public Internet is simply a bunch of ISPs peering with other ISPs of their own choosing. The government, looking for a way to keep communications going in the event of a disaster (e.g. nuclear war, among other things), funded the universities and the telco (at the time AT&T, not the one you know today, which was the only real telco) to devise a method to maintain communications when a path was destroyed, and it resulted in packet switching and the Internet.

– Ron Maupin
Jan 18 at 6:13





Universities were the original ISPs. The Internet was a collaborative academic/government experiment. In fact, the public Internet is simply a bunch of ISPs peering with other ISPs of their own choosing. The government, looking for a way to keep communications going in the event of a disaster (e.g. nuclear war, among other things), funded the universities and the telco (at the time AT&T, not the one you know today, which was the only real telco) to devise a method to maintain communications when a path was destroyed, and it resulted in packet switching and the Internet.

– Ron Maupin
Jan 18 at 6:13




1




1





In the UK, for example, JISC oversees network allocations for universities.

– OrangeDog
Jan 18 at 11:33





In the UK, for example, JISC oversees network allocations for universities.

– OrangeDog
Jan 18 at 11:33













Nothing. But of course this isn't a problem with IPv6.

– Martin Schröder
Jan 27 at 15:26





Nothing. But of course this isn't a problem with IPv6.

– Martin Schröder
Jan 27 at 15:26










6 Answers
6






active

oldest

votes


















30














Most likely if they're a big university they are their own ISP, using BGP to connect their network to the internet via a number of upstream networks.



Nothing stops them from using IP addresses they should not be using, and it would work in their local network. However, it won't work on the Internet. Their upstream networks providing them connectivity should have filters in place which would only allow the university to advertise IP addresses assigned to them. If the direct upstreams wouldn't filter them, the upstreams' upstreams will. And if IP addresses, which are in use by another network, would be used by the university, that other network would become unreachable from the university network.



In addition, there are a number of projects (for example, RIPE RIS and BGPmon) which monitor routing tables and alert on any "illegal" IP advertisement (BGP hijacks and routing anomalies).






share|improve this answer





















  • 11





    Sadly even today should have still doesn't mean have

    – Josef
    Jan 18 at 13:05






  • 7





    @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

    – 202_accepted
    Jan 18 at 14:47






  • 2





    ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

    – Barmar
    Jan 18 at 17:27






  • 1





    I would add that they would probably get balckholed by their neighbors.

    – PEdroArthur
    Jan 18 at 19:23






  • 1





    If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

    – Loren Pechtel
    Jan 19 at 2:18



















11















What stops them from attributing their routers and hosts already in use IP addresses?




Nothing. Over the years, I have seen both organizations of all sizes, both public and private, do this including a world wide recognized "brand" company. In fact, I have seen this more often in business settings than university settings (largely due to the fact that more universities were involved in the Internet earlier and helped define the standards and best practices used today).




And what would happen if indeed someone do this?




Today, likely nothing other than the organization not being able to reach portions of the Internet that they overlap. In the past, this type of thing has caused serious issues, including "breaking the Internet" for some or many users (in one case, a single ISP accidentally propagated a default route to the Internet overloading their own network as much of the Internet traffic tried to route through them).



Past incidents like the ones you propose became learning opportunities and resulted in best practices that include protections from this type of misconfiguration. Most often today, providers implement BCP38/RFC2827 to filter traffic to connected organizations to only the IP address they should be advertising.



Some providers still also implement bogon filtering which when properly maintained helps to prevent traffic from IP space that no valid traffic should be coming from (i.e. private address ranges, unassigned IP space, etc). While the IPv4 bogon list is much smaller today that in the past (i.e. most IPv4 addresses are now assigned), the IPv6 bogon list can be still be quite useful, especially on large providers to limit the scope of IP squatting (i.e. using unassigned IP space).






share|improve this answer































    7














    Nothing will stop them using the addresses on their own machines.



    What happens if they try to advertise them to the Internet depends on how sloppy their providers are. If their providers are following best practices then there will be filters in place and the advertisements won't get beyond the hijacker's borders.



    OTOH if their providers and their providers providers are sloppy then a bogus announcement can go much further resulting in significant disruption to the legitimate owners of the IP space.



    Such happenings will almost certainly get noticed and there will likely be some heated discussions and some extra filtering added.






    share|improve this answer































      5














      Suppose I have two machines.
      I assign the address 1.2.3.4 to one and 1.2.3.5 to the other.
      I don't own these addresses.



      As long as I don't try to the Internet, these two machine can talk to each other without any problems.



      Now I connect to the Internet. The other answers talk about filters blocking things, but let us ignore that for a moment.



      My machine 1.2.3.4 tries to connect to some legitimate address, like 12.34.56.78. Assume that this address exists and is controlled by its proper owner.



      So, my machine sends a packet:



      From 1.2.3.4, To: 12.34.56.78, Content: Want to be friends? (Translated into human)



      The routers look at the To: part and correctly delivers it to 12.34.56.78. This machine suspects nothing and complies an answer



      From: 12.34.56.78, To: 1.2.3.4, Content: Sure, let's be friends!



      Now comes to problem. This answer will never be delivered to you. Instead it will be delivered to the real 1.2.3.4, who will become very confused.



      So, if you use a wrong address, you can talk to the Internet, but the Internet will never answer you.






      share|improve this answer



















      • 4





        "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

        – Peter Green
        Jan 18 at 13:49






      • 2





        Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

        – Teun Vink
        Jan 18 at 14:49











      • What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

        – Hagen von Eitzen
        Jan 19 at 22:47











      • @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

        – Ben Voigt
        Jan 20 at 6:00



















      2














      It would internally black out large swatches of the Internet



      Sure. Let's say they do the common thing of using private IP addresses internally to their network, such as 10.x.x.x... You know the drill, network address translation at the edge of their network, just like your home network.



      Except they decided 10.x.x.x is too restrictive for them, and they start assigning public IP addresses internally. It will work, at first. But then problems will start popping up.



      It's a matter of time before somebody uses 172.217.15.68 for a lab machine. It's one of the IP addresses DNS resolves for www.google.com. Now, sometimes, when someone inside the university tries to do a search on Google, their web browser goes to that lab machine instead. Because the internal routers would have no ability to conceive that there are two 172.217.15.68's, one internal and one external; they would simply route your packets to the internal one.



      IP blocks assigned internally cannot be routed externally



      But it's worse than that. They assigned a whole netblock, so all of 172.217.x.x/16 will route to that lab. You probably wouldn't clobber every Google IP, but a lot of searches would fail. For smaller outfits like Craigslist where all their addresses are in the same netblock, if the university assigned that netblock internally, the entire site would be blocked cold.



      This won't affect anyone outside the university's internal network. External providers will not accept the university's reassignment of Google's IP space. The only traffic routed to the university will be the public IP addresses that the university owns.



      Just use IPv6 instead



      If you sign up for Comcast, they give you a /64 of your very own. If you ask nicely, I've heard they'll just hand you a /48. But let's say you only get a /64, and then, do exactly the plot of RevOlution and create self-replicating nanites that eat electricity, in the same quantity as discussed on the show. Do you have enough IPv6 addresses for every nanite to have its own?



      Yes. And enough spares to do this on 2 million parallel earths.



      So if you're really worried about running out of IP addresses, that is the way to go.






      share|improve this answer

































        2














        As stated by many others, nothing prevents anyone from doing so, but in general, this won't have any effect outside of the organization, and will even cause issues internally.



        Now, if you're yourself an ISP, and start telling others that you are the one to use to route this IPs (using a routing protocol like BGP), then those IP will "partly" become yours, for a while. Partly, because when the issue is noticed, measures will be taken to stop it. "For a while", well, until measures are taken.



        Incidents with BGP have happened in the past, causing traffic to be routed to wrong places. Here's a link to a recent incident: https://hub.packtpub.com/mondays-google-outage-was-a-bgp-route-leak-traffic-redirected-through-nigeria-china-and-russia/
        You can search for "BGP route leak" to learn more.



        Internet runs a lot on trust. Things are changing slowly, but in many instances, ISPs just trust other ISPs.






        share|improve this answer























          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "496"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: false,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          noCode: true, onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56208%2fwhat-stops-someone-from-configuring-their-network-with-ip-addresses-they-do-not%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          6 Answers
          6






          active

          oldest

          votes








          6 Answers
          6






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes









          30














          Most likely if they're a big university they are their own ISP, using BGP to connect their network to the internet via a number of upstream networks.



          Nothing stops them from using IP addresses they should not be using, and it would work in their local network. However, it won't work on the Internet. Their upstream networks providing them connectivity should have filters in place which would only allow the university to advertise IP addresses assigned to them. If the direct upstreams wouldn't filter them, the upstreams' upstreams will. And if IP addresses, which are in use by another network, would be used by the university, that other network would become unreachable from the university network.



          In addition, there are a number of projects (for example, RIPE RIS and BGPmon) which monitor routing tables and alert on any "illegal" IP advertisement (BGP hijacks and routing anomalies).






          share|improve this answer





















          • 11





            Sadly even today should have still doesn't mean have

            – Josef
            Jan 18 at 13:05






          • 7





            @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

            – 202_accepted
            Jan 18 at 14:47






          • 2





            ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

            – Barmar
            Jan 18 at 17:27






          • 1





            I would add that they would probably get balckholed by their neighbors.

            – PEdroArthur
            Jan 18 at 19:23






          • 1





            If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

            – Loren Pechtel
            Jan 19 at 2:18
















          30














          Most likely if they're a big university they are their own ISP, using BGP to connect their network to the internet via a number of upstream networks.



          Nothing stops them from using IP addresses they should not be using, and it would work in their local network. However, it won't work on the Internet. Their upstream networks providing them connectivity should have filters in place which would only allow the university to advertise IP addresses assigned to them. If the direct upstreams wouldn't filter them, the upstreams' upstreams will. And if IP addresses, which are in use by another network, would be used by the university, that other network would become unreachable from the university network.



          In addition, there are a number of projects (for example, RIPE RIS and BGPmon) which monitor routing tables and alert on any "illegal" IP advertisement (BGP hijacks and routing anomalies).






          share|improve this answer





















          • 11





            Sadly even today should have still doesn't mean have

            – Josef
            Jan 18 at 13:05






          • 7





            @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

            – 202_accepted
            Jan 18 at 14:47






          • 2





            ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

            – Barmar
            Jan 18 at 17:27






          • 1





            I would add that they would probably get balckholed by their neighbors.

            – PEdroArthur
            Jan 18 at 19:23






          • 1





            If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

            – Loren Pechtel
            Jan 19 at 2:18














          30












          30








          30







          Most likely if they're a big university they are their own ISP, using BGP to connect their network to the internet via a number of upstream networks.



          Nothing stops them from using IP addresses they should not be using, and it would work in their local network. However, it won't work on the Internet. Their upstream networks providing them connectivity should have filters in place which would only allow the university to advertise IP addresses assigned to them. If the direct upstreams wouldn't filter them, the upstreams' upstreams will. And if IP addresses, which are in use by another network, would be used by the university, that other network would become unreachable from the university network.



          In addition, there are a number of projects (for example, RIPE RIS and BGPmon) which monitor routing tables and alert on any "illegal" IP advertisement (BGP hijacks and routing anomalies).






          share|improve this answer















          Most likely if they're a big university they are their own ISP, using BGP to connect their network to the internet via a number of upstream networks.



          Nothing stops them from using IP addresses they should not be using, and it would work in their local network. However, it won't work on the Internet. Their upstream networks providing them connectivity should have filters in place which would only allow the university to advertise IP addresses assigned to them. If the direct upstreams wouldn't filter them, the upstreams' upstreams will. And if IP addresses, which are in use by another network, would be used by the university, that other network would become unreachable from the university network.



          In addition, there are a number of projects (for example, RIPE RIS and BGPmon) which monitor routing tables and alert on any "illegal" IP advertisement (BGP hijacks and routing anomalies).







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jan 20 at 2:34









          Peter Mortensen

          1455




          1455










          answered Jan 17 at 23:12









          Teun VinkTeun Vink

          11.6k53053




          11.6k53053








          • 11





            Sadly even today should have still doesn't mean have

            – Josef
            Jan 18 at 13:05






          • 7





            @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

            – 202_accepted
            Jan 18 at 14:47






          • 2





            ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

            – Barmar
            Jan 18 at 17:27






          • 1





            I would add that they would probably get balckholed by their neighbors.

            – PEdroArthur
            Jan 18 at 19:23






          • 1





            If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

            – Loren Pechtel
            Jan 19 at 2:18














          • 11





            Sadly even today should have still doesn't mean have

            – Josef
            Jan 18 at 13:05






          • 7





            @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

            – 202_accepted
            Jan 18 at 14:47






          • 2





            ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

            – Barmar
            Jan 18 at 17:27






          • 1





            I would add that they would probably get balckholed by their neighbors.

            – PEdroArthur
            Jan 18 at 19:23






          • 1





            If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

            – Loren Pechtel
            Jan 19 at 2:18








          11




          11





          Sadly even today should have still doesn't mean have

          – Josef
          Jan 18 at 13:05





          Sadly even today should have still doesn't mean have

          – Josef
          Jan 18 at 13:05




          7




          7





          @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

          – 202_accepted
          Jan 18 at 14:47





          @Josef To be fair, BGP was built in a time of "implicit trust" -- every internet node owner knew every other internet node owner, so they knew who owned what and there were social consequences for hijacking. BGP was never really designed to be "secure", it was just designed to work.

          – 202_accepted
          Jan 18 at 14:47




          2




          2





          ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

          – Barmar
          Jan 18 at 17:27





          ISPs have generally gotten better at filtering BGP, because there have been some well-publicized major outages due to someone (intentionally or accidentally) advertising a bogus route.

          – Barmar
          Jan 18 at 17:27




          1




          1





          I would add that they would probably get balckholed by their neighbors.

          – PEdroArthur
          Jan 18 at 19:23





          I would add that they would probably get balckholed by their neighbors.

          – PEdroArthur
          Jan 18 at 19:23




          1




          1





          If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

          – Loren Pechtel
          Jan 19 at 2:18





          If they use somebody else's IP internally it will work for reaching that site but it will mean that anything hosted on the real owner of that IP will be unreachable.

          – Loren Pechtel
          Jan 19 at 2:18











          11















          What stops them from attributing their routers and hosts already in use IP addresses?




          Nothing. Over the years, I have seen both organizations of all sizes, both public and private, do this including a world wide recognized "brand" company. In fact, I have seen this more often in business settings than university settings (largely due to the fact that more universities were involved in the Internet earlier and helped define the standards and best practices used today).




          And what would happen if indeed someone do this?




          Today, likely nothing other than the organization not being able to reach portions of the Internet that they overlap. In the past, this type of thing has caused serious issues, including "breaking the Internet" for some or many users (in one case, a single ISP accidentally propagated a default route to the Internet overloading their own network as much of the Internet traffic tried to route through them).



          Past incidents like the ones you propose became learning opportunities and resulted in best practices that include protections from this type of misconfiguration. Most often today, providers implement BCP38/RFC2827 to filter traffic to connected organizations to only the IP address they should be advertising.



          Some providers still also implement bogon filtering which when properly maintained helps to prevent traffic from IP space that no valid traffic should be coming from (i.e. private address ranges, unassigned IP space, etc). While the IPv4 bogon list is much smaller today that in the past (i.e. most IPv4 addresses are now assigned), the IPv6 bogon list can be still be quite useful, especially on large providers to limit the scope of IP squatting (i.e. using unassigned IP space).






          share|improve this answer




























            11















            What stops them from attributing their routers and hosts already in use IP addresses?




            Nothing. Over the years, I have seen both organizations of all sizes, both public and private, do this including a world wide recognized "brand" company. In fact, I have seen this more often in business settings than university settings (largely due to the fact that more universities were involved in the Internet earlier and helped define the standards and best practices used today).




            And what would happen if indeed someone do this?




            Today, likely nothing other than the organization not being able to reach portions of the Internet that they overlap. In the past, this type of thing has caused serious issues, including "breaking the Internet" for some or many users (in one case, a single ISP accidentally propagated a default route to the Internet overloading their own network as much of the Internet traffic tried to route through them).



            Past incidents like the ones you propose became learning opportunities and resulted in best practices that include protections from this type of misconfiguration. Most often today, providers implement BCP38/RFC2827 to filter traffic to connected organizations to only the IP address they should be advertising.



            Some providers still also implement bogon filtering which when properly maintained helps to prevent traffic from IP space that no valid traffic should be coming from (i.e. private address ranges, unassigned IP space, etc). While the IPv4 bogon list is much smaller today that in the past (i.e. most IPv4 addresses are now assigned), the IPv6 bogon list can be still be quite useful, especially on large providers to limit the scope of IP squatting (i.e. using unassigned IP space).






            share|improve this answer


























              11












              11








              11








              What stops them from attributing their routers and hosts already in use IP addresses?




              Nothing. Over the years, I have seen both organizations of all sizes, both public and private, do this including a world wide recognized "brand" company. In fact, I have seen this more often in business settings than university settings (largely due to the fact that more universities were involved in the Internet earlier and helped define the standards and best practices used today).




              And what would happen if indeed someone do this?




              Today, likely nothing other than the organization not being able to reach portions of the Internet that they overlap. In the past, this type of thing has caused serious issues, including "breaking the Internet" for some or many users (in one case, a single ISP accidentally propagated a default route to the Internet overloading their own network as much of the Internet traffic tried to route through them).



              Past incidents like the ones you propose became learning opportunities and resulted in best practices that include protections from this type of misconfiguration. Most often today, providers implement BCP38/RFC2827 to filter traffic to connected organizations to only the IP address they should be advertising.



              Some providers still also implement bogon filtering which when properly maintained helps to prevent traffic from IP space that no valid traffic should be coming from (i.e. private address ranges, unassigned IP space, etc). While the IPv4 bogon list is much smaller today that in the past (i.e. most IPv4 addresses are now assigned), the IPv6 bogon list can be still be quite useful, especially on large providers to limit the scope of IP squatting (i.e. using unassigned IP space).






              share|improve this answer














              What stops them from attributing their routers and hosts already in use IP addresses?




              Nothing. Over the years, I have seen both organizations of all sizes, both public and private, do this including a world wide recognized "brand" company. In fact, I have seen this more often in business settings than university settings (largely due to the fact that more universities were involved in the Internet earlier and helped define the standards and best practices used today).




              And what would happen if indeed someone do this?




              Today, likely nothing other than the organization not being able to reach portions of the Internet that they overlap. In the past, this type of thing has caused serious issues, including "breaking the Internet" for some or many users (in one case, a single ISP accidentally propagated a default route to the Internet overloading their own network as much of the Internet traffic tried to route through them).



              Past incidents like the ones you propose became learning opportunities and resulted in best practices that include protections from this type of misconfiguration. Most often today, providers implement BCP38/RFC2827 to filter traffic to connected organizations to only the IP address they should be advertising.



              Some providers still also implement bogon filtering which when properly maintained helps to prevent traffic from IP space that no valid traffic should be coming from (i.e. private address ranges, unassigned IP space, etc). While the IPv4 bogon list is much smaller today that in the past (i.e. most IPv4 addresses are now assigned), the IPv6 bogon list can be still be quite useful, especially on large providers to limit the scope of IP squatting (i.e. using unassigned IP space).







              share|improve this answer












              share|improve this answer



              share|improve this answer










              answered Jan 18 at 15:01









              YLearnYLearn

              22k545103




              22k545103























                  7














                  Nothing will stop them using the addresses on their own machines.



                  What happens if they try to advertise them to the Internet depends on how sloppy their providers are. If their providers are following best practices then there will be filters in place and the advertisements won't get beyond the hijacker's borders.



                  OTOH if their providers and their providers providers are sloppy then a bogus announcement can go much further resulting in significant disruption to the legitimate owners of the IP space.



                  Such happenings will almost certainly get noticed and there will likely be some heated discussions and some extra filtering added.






                  share|improve this answer




























                    7














                    Nothing will stop them using the addresses on their own machines.



                    What happens if they try to advertise them to the Internet depends on how sloppy their providers are. If their providers are following best practices then there will be filters in place and the advertisements won't get beyond the hijacker's borders.



                    OTOH if their providers and their providers providers are sloppy then a bogus announcement can go much further resulting in significant disruption to the legitimate owners of the IP space.



                    Such happenings will almost certainly get noticed and there will likely be some heated discussions and some extra filtering added.






                    share|improve this answer


























                      7












                      7








                      7







                      Nothing will stop them using the addresses on their own machines.



                      What happens if they try to advertise them to the Internet depends on how sloppy their providers are. If their providers are following best practices then there will be filters in place and the advertisements won't get beyond the hijacker's borders.



                      OTOH if their providers and their providers providers are sloppy then a bogus announcement can go much further resulting in significant disruption to the legitimate owners of the IP space.



                      Such happenings will almost certainly get noticed and there will likely be some heated discussions and some extra filtering added.






                      share|improve this answer













                      Nothing will stop them using the addresses on their own machines.



                      What happens if they try to advertise them to the Internet depends on how sloppy their providers are. If their providers are following best practices then there will be filters in place and the advertisements won't get beyond the hijacker's borders.



                      OTOH if their providers and their providers providers are sloppy then a bogus announcement can go much further resulting in significant disruption to the legitimate owners of the IP space.



                      Such happenings will almost certainly get noticed and there will likely be some heated discussions and some extra filtering added.







                      share|improve this answer












                      share|improve this answer



                      share|improve this answer










                      answered Jan 18 at 2:35









                      Peter GreenPeter Green

                      7,64321226




                      7,64321226























                          5














                          Suppose I have two machines.
                          I assign the address 1.2.3.4 to one and 1.2.3.5 to the other.
                          I don't own these addresses.



                          As long as I don't try to the Internet, these two machine can talk to each other without any problems.



                          Now I connect to the Internet. The other answers talk about filters blocking things, but let us ignore that for a moment.



                          My machine 1.2.3.4 tries to connect to some legitimate address, like 12.34.56.78. Assume that this address exists and is controlled by its proper owner.



                          So, my machine sends a packet:



                          From 1.2.3.4, To: 12.34.56.78, Content: Want to be friends? (Translated into human)



                          The routers look at the To: part and correctly delivers it to 12.34.56.78. This machine suspects nothing and complies an answer



                          From: 12.34.56.78, To: 1.2.3.4, Content: Sure, let's be friends!



                          Now comes to problem. This answer will never be delivered to you. Instead it will be delivered to the real 1.2.3.4, who will become very confused.



                          So, if you use a wrong address, you can talk to the Internet, but the Internet will never answer you.






                          share|improve this answer



















                          • 4





                            "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

                            – Peter Green
                            Jan 18 at 13:49






                          • 2





                            Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

                            – Teun Vink
                            Jan 18 at 14:49











                          • What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

                            – Hagen von Eitzen
                            Jan 19 at 22:47











                          • @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

                            – Ben Voigt
                            Jan 20 at 6:00
















                          5














                          Suppose I have two machines.
                          I assign the address 1.2.3.4 to one and 1.2.3.5 to the other.
                          I don't own these addresses.



                          As long as I don't try to the Internet, these two machine can talk to each other without any problems.



                          Now I connect to the Internet. The other answers talk about filters blocking things, but let us ignore that for a moment.



                          My machine 1.2.3.4 tries to connect to some legitimate address, like 12.34.56.78. Assume that this address exists and is controlled by its proper owner.



                          So, my machine sends a packet:



                          From 1.2.3.4, To: 12.34.56.78, Content: Want to be friends? (Translated into human)



                          The routers look at the To: part and correctly delivers it to 12.34.56.78. This machine suspects nothing and complies an answer



                          From: 12.34.56.78, To: 1.2.3.4, Content: Sure, let's be friends!



                          Now comes to problem. This answer will never be delivered to you. Instead it will be delivered to the real 1.2.3.4, who will become very confused.



                          So, if you use a wrong address, you can talk to the Internet, but the Internet will never answer you.






                          share|improve this answer



















                          • 4





                            "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

                            – Peter Green
                            Jan 18 at 13:49






                          • 2





                            Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

                            – Teun Vink
                            Jan 18 at 14:49











                          • What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

                            – Hagen von Eitzen
                            Jan 19 at 22:47











                          • @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

                            – Ben Voigt
                            Jan 20 at 6:00














                          5












                          5








                          5







                          Suppose I have two machines.
                          I assign the address 1.2.3.4 to one and 1.2.3.5 to the other.
                          I don't own these addresses.



                          As long as I don't try to the Internet, these two machine can talk to each other without any problems.



                          Now I connect to the Internet. The other answers talk about filters blocking things, but let us ignore that for a moment.



                          My machine 1.2.3.4 tries to connect to some legitimate address, like 12.34.56.78. Assume that this address exists and is controlled by its proper owner.



                          So, my machine sends a packet:



                          From 1.2.3.4, To: 12.34.56.78, Content: Want to be friends? (Translated into human)



                          The routers look at the To: part and correctly delivers it to 12.34.56.78. This machine suspects nothing and complies an answer



                          From: 12.34.56.78, To: 1.2.3.4, Content: Sure, let's be friends!



                          Now comes to problem. This answer will never be delivered to you. Instead it will be delivered to the real 1.2.3.4, who will become very confused.



                          So, if you use a wrong address, you can talk to the Internet, but the Internet will never answer you.






                          share|improve this answer













                          Suppose I have two machines.
                          I assign the address 1.2.3.4 to one and 1.2.3.5 to the other.
                          I don't own these addresses.



                          As long as I don't try to the Internet, these two machine can talk to each other without any problems.



                          Now I connect to the Internet. The other answers talk about filters blocking things, but let us ignore that for a moment.



                          My machine 1.2.3.4 tries to connect to some legitimate address, like 12.34.56.78. Assume that this address exists and is controlled by its proper owner.



                          So, my machine sends a packet:



                          From 1.2.3.4, To: 12.34.56.78, Content: Want to be friends? (Translated into human)



                          The routers look at the To: part and correctly delivers it to 12.34.56.78. This machine suspects nothing and complies an answer



                          From: 12.34.56.78, To: 1.2.3.4, Content: Sure, let's be friends!



                          Now comes to problem. This answer will never be delivered to you. Instead it will be delivered to the real 1.2.3.4, who will become very confused.



                          So, if you use a wrong address, you can talk to the Internet, but the Internet will never answer you.







                          share|improve this answer












                          share|improve this answer



                          share|improve this answer










                          answered Jan 18 at 11:54









                          Stig HemmerStig Hemmer

                          1513




                          1513








                          • 4





                            "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

                            – Peter Green
                            Jan 18 at 13:49






                          • 2





                            Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

                            – Teun Vink
                            Jan 18 at 14:49











                          • What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

                            – Hagen von Eitzen
                            Jan 19 at 22:47











                          • @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

                            – Ben Voigt
                            Jan 20 at 6:00














                          • 4





                            "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

                            – Peter Green
                            Jan 18 at 13:49






                          • 2





                            Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

                            – Teun Vink
                            Jan 18 at 14:49











                          • What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

                            – Hagen von Eitzen
                            Jan 19 at 22:47











                          • @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

                            – Ben Voigt
                            Jan 20 at 6:00








                          4




                          4





                          "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

                          – Peter Green
                          Jan 18 at 13:49





                          "the Internet will never answer you" if you advertise the bogus addresses over BGP and noone blocks your announcements then large parts of the internet may very well answer you, at least until someone realises what is going on.

                          – Peter Green
                          Jan 18 at 13:49




                          2




                          2





                          Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

                          – Teun Vink
                          Jan 18 at 14:49





                          Any decent ISP will implement BCP38 so your attempt to "talk to the internet" will end in their anti-spoofing filter.

                          – Teun Vink
                          Jan 18 at 14:49













                          What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

                          – Hagen von Eitzen
                          Jan 19 at 22:47





                          What you dexcribe is not a non-working attempt to connect to the internet, but in fact a potential DOS attack on the real 1.2.3.4 (and perhaps also 12.34.56.78). That's why the filters mentioned by TeunVink are (hopefully) in place

                          – Hagen von Eitzen
                          Jan 19 at 22:47













                          @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

                          – Ben Voigt
                          Jan 20 at 6:00





                          @HagenvonEitzen: Those are entirely different filters. Teun is talking about blocking route advertisements by validating route exchange protocols such as BGP. To prevent source-spoofing DDoS, you need reverse-path filtering on packets that have nothing to do with route exchange.

                          – Ben Voigt
                          Jan 20 at 6:00











                          2














                          It would internally black out large swatches of the Internet



                          Sure. Let's say they do the common thing of using private IP addresses internally to their network, such as 10.x.x.x... You know the drill, network address translation at the edge of their network, just like your home network.



                          Except they decided 10.x.x.x is too restrictive for them, and they start assigning public IP addresses internally. It will work, at first. But then problems will start popping up.



                          It's a matter of time before somebody uses 172.217.15.68 for a lab machine. It's one of the IP addresses DNS resolves for www.google.com. Now, sometimes, when someone inside the university tries to do a search on Google, their web browser goes to that lab machine instead. Because the internal routers would have no ability to conceive that there are two 172.217.15.68's, one internal and one external; they would simply route your packets to the internal one.



                          IP blocks assigned internally cannot be routed externally



                          But it's worse than that. They assigned a whole netblock, so all of 172.217.x.x/16 will route to that lab. You probably wouldn't clobber every Google IP, but a lot of searches would fail. For smaller outfits like Craigslist where all their addresses are in the same netblock, if the university assigned that netblock internally, the entire site would be blocked cold.



                          This won't affect anyone outside the university's internal network. External providers will not accept the university's reassignment of Google's IP space. The only traffic routed to the university will be the public IP addresses that the university owns.



                          Just use IPv6 instead



                          If you sign up for Comcast, they give you a /64 of your very own. If you ask nicely, I've heard they'll just hand you a /48. But let's say you only get a /64, and then, do exactly the plot of RevOlution and create self-replicating nanites that eat electricity, in the same quantity as discussed on the show. Do you have enough IPv6 addresses for every nanite to have its own?



                          Yes. And enough spares to do this on 2 million parallel earths.



                          So if you're really worried about running out of IP addresses, that is the way to go.






                          share|improve this answer






























                            2














                            It would internally black out large swatches of the Internet



                            Sure. Let's say they do the common thing of using private IP addresses internally to their network, such as 10.x.x.x... You know the drill, network address translation at the edge of their network, just like your home network.



                            Except they decided 10.x.x.x is too restrictive for them, and they start assigning public IP addresses internally. It will work, at first. But then problems will start popping up.



                            It's a matter of time before somebody uses 172.217.15.68 for a lab machine. It's one of the IP addresses DNS resolves for www.google.com. Now, sometimes, when someone inside the university tries to do a search on Google, their web browser goes to that lab machine instead. Because the internal routers would have no ability to conceive that there are two 172.217.15.68's, one internal and one external; they would simply route your packets to the internal one.



                            IP blocks assigned internally cannot be routed externally



                            But it's worse than that. They assigned a whole netblock, so all of 172.217.x.x/16 will route to that lab. You probably wouldn't clobber every Google IP, but a lot of searches would fail. For smaller outfits like Craigslist where all their addresses are in the same netblock, if the university assigned that netblock internally, the entire site would be blocked cold.



                            This won't affect anyone outside the university's internal network. External providers will not accept the university's reassignment of Google's IP space. The only traffic routed to the university will be the public IP addresses that the university owns.



                            Just use IPv6 instead



                            If you sign up for Comcast, they give you a /64 of your very own. If you ask nicely, I've heard they'll just hand you a /48. But let's say you only get a /64, and then, do exactly the plot of RevOlution and create self-replicating nanites that eat electricity, in the same quantity as discussed on the show. Do you have enough IPv6 addresses for every nanite to have its own?



                            Yes. And enough spares to do this on 2 million parallel earths.



                            So if you're really worried about running out of IP addresses, that is the way to go.






                            share|improve this answer




























                              2












                              2








                              2







                              It would internally black out large swatches of the Internet



                              Sure. Let's say they do the common thing of using private IP addresses internally to their network, such as 10.x.x.x... You know the drill, network address translation at the edge of their network, just like your home network.



                              Except they decided 10.x.x.x is too restrictive for them, and they start assigning public IP addresses internally. It will work, at first. But then problems will start popping up.



                              It's a matter of time before somebody uses 172.217.15.68 for a lab machine. It's one of the IP addresses DNS resolves for www.google.com. Now, sometimes, when someone inside the university tries to do a search on Google, their web browser goes to that lab machine instead. Because the internal routers would have no ability to conceive that there are two 172.217.15.68's, one internal and one external; they would simply route your packets to the internal one.



                              IP blocks assigned internally cannot be routed externally



                              But it's worse than that. They assigned a whole netblock, so all of 172.217.x.x/16 will route to that lab. You probably wouldn't clobber every Google IP, but a lot of searches would fail. For smaller outfits like Craigslist where all their addresses are in the same netblock, if the university assigned that netblock internally, the entire site would be blocked cold.



                              This won't affect anyone outside the university's internal network. External providers will not accept the university's reassignment of Google's IP space. The only traffic routed to the university will be the public IP addresses that the university owns.



                              Just use IPv6 instead



                              If you sign up for Comcast, they give you a /64 of your very own. If you ask nicely, I've heard they'll just hand you a /48. But let's say you only get a /64, and then, do exactly the plot of RevOlution and create self-replicating nanites that eat electricity, in the same quantity as discussed on the show. Do you have enough IPv6 addresses for every nanite to have its own?



                              Yes. And enough spares to do this on 2 million parallel earths.



                              So if you're really worried about running out of IP addresses, that is the way to go.






                              share|improve this answer















                              It would internally black out large swatches of the Internet



                              Sure. Let's say they do the common thing of using private IP addresses internally to their network, such as 10.x.x.x... You know the drill, network address translation at the edge of their network, just like your home network.



                              Except they decided 10.x.x.x is too restrictive for them, and they start assigning public IP addresses internally. It will work, at first. But then problems will start popping up.



                              It's a matter of time before somebody uses 172.217.15.68 for a lab machine. It's one of the IP addresses DNS resolves for www.google.com. Now, sometimes, when someone inside the university tries to do a search on Google, their web browser goes to that lab machine instead. Because the internal routers would have no ability to conceive that there are two 172.217.15.68's, one internal and one external; they would simply route your packets to the internal one.



                              IP blocks assigned internally cannot be routed externally



                              But it's worse than that. They assigned a whole netblock, so all of 172.217.x.x/16 will route to that lab. You probably wouldn't clobber every Google IP, but a lot of searches would fail. For smaller outfits like Craigslist where all their addresses are in the same netblock, if the university assigned that netblock internally, the entire site would be blocked cold.



                              This won't affect anyone outside the university's internal network. External providers will not accept the university's reassignment of Google's IP space. The only traffic routed to the university will be the public IP addresses that the university owns.



                              Just use IPv6 instead



                              If you sign up for Comcast, they give you a /64 of your very own. If you ask nicely, I've heard they'll just hand you a /48. But let's say you only get a /64, and then, do exactly the plot of RevOlution and create self-replicating nanites that eat electricity, in the same quantity as discussed on the show. Do you have enough IPv6 addresses for every nanite to have its own?



                              Yes. And enough spares to do this on 2 million parallel earths.



                              So if you're really worried about running out of IP addresses, that is the way to go.







                              share|improve this answer














                              share|improve this answer



                              share|improve this answer








                              edited Jan 18 at 23:53

























                              answered Jan 18 at 23:37









                              HarperHarper

                              1212




                              1212























                                  2














                                  As stated by many others, nothing prevents anyone from doing so, but in general, this won't have any effect outside of the organization, and will even cause issues internally.



                                  Now, if you're yourself an ISP, and start telling others that you are the one to use to route this IPs (using a routing protocol like BGP), then those IP will "partly" become yours, for a while. Partly, because when the issue is noticed, measures will be taken to stop it. "For a while", well, until measures are taken.



                                  Incidents with BGP have happened in the past, causing traffic to be routed to wrong places. Here's a link to a recent incident: https://hub.packtpub.com/mondays-google-outage-was-a-bgp-route-leak-traffic-redirected-through-nigeria-china-and-russia/
                                  You can search for "BGP route leak" to learn more.



                                  Internet runs a lot on trust. Things are changing slowly, but in many instances, ISPs just trust other ISPs.






                                  share|improve this answer




























                                    2














                                    As stated by many others, nothing prevents anyone from doing so, but in general, this won't have any effect outside of the organization, and will even cause issues internally.



                                    Now, if you're yourself an ISP, and start telling others that you are the one to use to route this IPs (using a routing protocol like BGP), then those IP will "partly" become yours, for a while. Partly, because when the issue is noticed, measures will be taken to stop it. "For a while", well, until measures are taken.



                                    Incidents with BGP have happened in the past, causing traffic to be routed to wrong places. Here's a link to a recent incident: https://hub.packtpub.com/mondays-google-outage-was-a-bgp-route-leak-traffic-redirected-through-nigeria-china-and-russia/
                                    You can search for "BGP route leak" to learn more.



                                    Internet runs a lot on trust. Things are changing slowly, but in many instances, ISPs just trust other ISPs.






                                    share|improve this answer


























                                      2












                                      2








                                      2







                                      As stated by many others, nothing prevents anyone from doing so, but in general, this won't have any effect outside of the organization, and will even cause issues internally.



                                      Now, if you're yourself an ISP, and start telling others that you are the one to use to route this IPs (using a routing protocol like BGP), then those IP will "partly" become yours, for a while. Partly, because when the issue is noticed, measures will be taken to stop it. "For a while", well, until measures are taken.



                                      Incidents with BGP have happened in the past, causing traffic to be routed to wrong places. Here's a link to a recent incident: https://hub.packtpub.com/mondays-google-outage-was-a-bgp-route-leak-traffic-redirected-through-nigeria-china-and-russia/
                                      You can search for "BGP route leak" to learn more.



                                      Internet runs a lot on trust. Things are changing slowly, but in many instances, ISPs just trust other ISPs.






                                      share|improve this answer













                                      As stated by many others, nothing prevents anyone from doing so, but in general, this won't have any effect outside of the organization, and will even cause issues internally.



                                      Now, if you're yourself an ISP, and start telling others that you are the one to use to route this IPs (using a routing protocol like BGP), then those IP will "partly" become yours, for a while. Partly, because when the issue is noticed, measures will be taken to stop it. "For a while", well, until measures are taken.



                                      Incidents with BGP have happened in the past, causing traffic to be routed to wrong places. Here's a link to a recent incident: https://hub.packtpub.com/mondays-google-outage-was-a-bgp-route-leak-traffic-redirected-through-nigeria-china-and-russia/
                                      You can search for "BGP route leak" to learn more.



                                      Internet runs a lot on trust. Things are changing slowly, but in many instances, ISPs just trust other ISPs.







                                      share|improve this answer












                                      share|improve this answer



                                      share|improve this answer










                                      answered Jan 20 at 7:33









                                      user1532080user1532080

                                      1211




                                      1211






























                                          draft saved

                                          draft discarded




















































                                          Thanks for contributing an answer to Network Engineering Stack Exchange!


                                          • Please be sure to answer the question. Provide details and share your research!

                                          But avoid



                                          • Asking for help, clarification, or responding to other answers.

                                          • Making statements based on opinion; back them up with references or personal experience.


                                          To learn more, see our tips on writing great answers.




                                          draft saved


                                          draft discarded














                                          StackExchange.ready(
                                          function () {
                                          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fnetworkengineering.stackexchange.com%2fquestions%2f56208%2fwhat-stops-someone-from-configuring-their-network-with-ip-addresses-they-do-not%23new-answer', 'question_page');
                                          }
                                          );

                                          Post as a guest















                                          Required, but never shown





















































                                          Required, but never shown














                                          Required, but never shown












                                          Required, but never shown







                                          Required, but never shown

































                                          Required, but never shown














                                          Required, but never shown












                                          Required, but never shown







                                          Required, but never shown







                                          Popular posts from this blog

                                          Mario Kart Wii

                                          What does “Dominus providebit” mean?

                                          The Binding of Isaac: Rebirth/Afterbirth