IPv4 Turf War (opens in new tab)

(ipv4.games)

147 pointsmogery3y ago47 comments

47 comments

Hey I made this!! Happy to see it getting attention. Feel free to ask me anything!

Why are you doing a separate request for every /8? I feel like this would be the first thing that would kill the site, if it weren't for the fact you're on HTTP, the browser is talking HTTP/1.1, so it only does 6 concurrent requests per domain.

jart3y ago

If you want to monitor how well the server holds up to the hug of death, check out its http://ipv4.games/statusz page. For example, you could poll that and calculate (or chart) how many messages per second it's handling.

clayloam3y ago

I wanted to see if the server could handle being slammed with requests like that :) but yeah collapsing it into one request would be a lot better. I’ll probably do that soon

1 more reply

mike_d3y ago

This is really awesome. Finally a game I am good at.

clayloam3y ago

I am very curious how you managed to hold more than half the blocks for a bit!!

1 more reply

Rasbora3y ago

Coming for your crown >:D

hackmiester3y ago

I have been wasting so much time claiming up to 11 networks over the past week. All for you lot to steal all but 2 of them from me in as many hours. Give me a break. :)

BonoboIO3y ago

Give us some insight how you did it.

hackmiester3y ago

I am a network engineer. Mainly I have been triggering HTTP requests from routers I control.

In Cisco IOS you can configure the source IP address for HTTP requests using the 'ip http client source' configuration-mode command. Then, from exec mode, you can:

  #copy http://108.61.215.240/claim?name=hlfuller null:
  Loading http://108.61.215.240/claim?name=hlfuller
  321 bytes copied in 0.020 secs (16050 bytes/sec)

Rasbora3y ago

I had an almost identical idea to this website a while ago but never acted on it, props to the dev.

Here is how you win the IPv4 games, in order of most to least effective:

1) Have a large online following that is willing to visit your claim link or a page where you can embed an iframe / img / etc that points to your claim link.

2) Pay to use someone else's (consensual) botnet by paying a residential proxy service, this is the approach I just used and it cost me a few dollars for access to a massive amount of distributed IPv4 space.

3) Abuse cloud / serverless offerings as far as they will go, unlikely to win more than a few blocks this way.

4) Own IPv4 space.

Other less ethical approaches: possibly exploit the system by sending a XFF header the developer forgot to block (probably just checking socket address so unlikely to work here), spin up a Vultr VPS in the same DC and probe for a way to connect with a local address, hijack BGP space, run your own botnet, I'm reminded of an old exploit in WordPress XMLRPC...

From what I can see the current rankings are just me and mike fighting for the same proxy space (the vote goes to the most recent visit per IP), and everyone else falls into buckets 3 & 4.

mike_d3y ago

Basically I did a 1&2 combo. I run a small anti-bot service for a few friends sites and started redirecting a particularly aggressive scraper to the claim URL.

wyattwest3y ago

This is an amazing method, love the idea

BonoboIO3y ago

Made my day

progval3y ago

> possibly exploit the system by sending a XFF header the developer forgot to block (probably just checking socket address so unlikely to work here)

Sadly, it was considered, and XFF is ignored from non-private source addresses: https://github.com/jart/cosmopolitan/blob/155b378a3962e4d291...

With private addresses defined as: https://github.com/jart/cosmopolitan/blob/7ab15e0b236d085c82...

seligman993y ago

I took approach #3 for 5 blocks. Surprisingly, that's good enough to get on the leaderboard, at least till someone keeps a simple script running longer than me.

I do wonder what an IPv6 version of this would look like, but how it'd work, and how active it'd be.

hackmiester3y ago

I am option 4 but it's never going to get me very far up the leaderboard. So I just grabbed one of the funny numbers in one of the /8s and called it a day.

thunderbong3y ago

And it's running on a redbean [0] server!

[0]: https://redbean.dev

cmeacham983y ago

Cool idea, but please get an HTTPS cert - they're free!

clayloam3y ago

I was planning on getting that set up, but people discovered it faster than anticipated :) I’ll do it soon

londons_explore3y ago

Not using HTTPS opens up a bunch of new possibilities of how to cheat...

Can you send an http request spoofing the IP address it's from? I bet you could with enough attempts because you only have to successfully guess the TCP syn cookie once...

rowin3y ago

I managed to claim 64 out of 256 blocks using proxies from Bright Data[0] and PacketStream[1]. I claimed 49616 IP addresses within those 64 blocks. Unfortunately, the website doesn't tell you how many IP addresses someone claimed in total. Cool project!

[0] https://brightdata.com/ [1] https://packetstream.io/

clayloam3y ago

It's not publicly exposed yet but you can check here! http://ipv4.games/summary?subnet=0.0.0.0/0

Congrats on #1 spot :)

iancarroll3y ago

Had some fun with this. I used fireprox[0] to grab a ton of AWS IPs, and some proxy vendors for some other random ranges. Sadly my ASN has only /24s in disparate ranges so it wouldn’t make a dent for most of them.

[0] https://github.com/ustayready/fireprox

r3trohack3r3y ago

I feel like this is a good time to plug Bot Net as a Service vendors like https://brightdata.com/

wyattwest3y ago

Botnet as a Service is an excellent way to describe many residential proxy networks. We wrote[0] about this exact premise a few years ago.

[0] https://spur.us/2020/08/residential-proxies-the-legal-botnet...

tranxen3y ago

I have hard time understanding how mikedamm@twitter claimed so many /8.

distantsounds3y ago

operating the NTP pool might have something to do with it.

BonoboIO3y ago

This is really funny idea.

In this thread there is a comment wich talks about using AWS API Gateways for scraping. What are other great ways to get many different ips for scraping? Beside residential proxies.

bhaney3y ago

I would love to see what kind of mess this turns into when applied to IPv6

playingalong3y ago

So some of them are public cloud, e.g. 3/8. And you can ran serverless there. Other option is to use some open proxy servers.

What other options do people have?

chrismarlow93y ago

Looks like you can direct link to claim

http://ipv4.games/claim?name=whatever

I expect you could do an img tag or iframe, buy cheap ad traffic, and win. Tor is an option but last time I looked the exit node count is in the thousands. You could probably use any feed submitter or preview functions (Google docs insert URL, Facebook insert URL, etc).

zamadatix3y ago

Some more to add to the pile:

- Static IP blocks from their ISP (some still lease IPs for surprisingly cheap).

- Releasing/renewing their NAT boxe's DHCP release on carriers that don't pin assignments (usually these are in pools of /22 or 1024 addresses - though most would be in use at any given time and impossible to randomly get you should be able to get a couple dozen).

- Customers of ISPs that use CG-NAT (cheap wired) or NAT64 (some wireless providers), similar to the above just 1 translation layer deeper.

- IP space you control (that's how I have 23.0.0.0/8 for the moment)

- BGP hijacking IP space you want to control (though hopefully in the world of RPKI this is getting harder and harder to do)

playingalong3y ago

Crowdsourcing - i.e. phishing-like posting of the URL in some social media?

zamadatix3y ago

https://youtu.be/bT8CRi9k4bo

I like the test claim from localhost :).

Ayesh3y ago

Not for long though:

https://www.ietf.org/archive/id/draft-schoen-intarea-unicast...

zamadatix3y ago

The IPv4 Unicast Extensions Project has lofty goals and many of them, like this particular one, seem overly lofty.

Some of space they are after, like 240/4, was always just "reserved" and you won't find as much resistance against it as reserved things are intended for exactly this kind of proposal. They just need to convince folks it's reasonably likely to be the best use of the space, overriding any significant unauthorized usage or alternative proposals as being less valid a use case, and it could be reasonably done. Real world implementation of the change might be a different story but they could at least get consensus that it's the intended use going forward.

Other spaces like 127/8 were actually assigned for use in the wild not just reserved for future use and despite 127.0.0.1 being most common address the others in the assigned space were definitely actually in use as well past the /16 they wish to preserve. This is especially in more networking infra focused contexts which are the things that would need to change most universally for this proposal to work. It's unlikely such a breaking standards change would get any consensus i.e. IMO that proposal is likely to never leave draft status.

David Täht, who was one of the authors of that draft, even holds regrets on the 127/8 proposal as it has caused the project to receive a lot of negative focus https://github.com/schoen/unicast-extensions/issues/16 and they have since let that draft proposal expire which is why your link is to an archived copy.

PaoloBarbolini3y ago

This is harder than i thought

bigcheesegs3y ago

Very surprised 17net only has 1.

clayloam3y ago

I think Apple owns that whole block?

raggi3y ago

I considered testing out whether spoofing was blocked on Vultrs network, but too lazy.

zamadatix3y ago

Source spoofing wouldn't get you far enough into the connection to make the claim and BGP hijacking is prevented on Vultr (you have to file a ROA and update RPKI before they'll accept the advertisement).

PaoloBarbolini3y ago

Tonight I discovered I could create 128 m2.micros from my AWS account no questions asked. Very very worrying. Much happier with Hetzner with an initial limit of 25.

1 more reply

blahgeek3y ago

This got me wondering that, in practice, how hard would it be to spoof source IP in the internet? I assume it requires some controls on an Tier-1 ISP network (so that the the spoofed package would not be filtered by upstream)?

Though apparently it doesn’t help in this case because it’s HTTP/TCP which requires a handshake

1 more reply

j / k navigate · click thread line to collapse

47 comments

clayloam3y ago

Hey I made this!! Happy to see it getting attention. Feel free to ask me anything!

PaoloBarbolini3y ago

jart3y ago

clayloam3y ago

I wanted to see if the server could handle being slammed with requests like that :) but yeah collapsing it into one request would be a lot better. I’ll probably do that soon

1 more reply

mike_d3y ago

This is really awesome. Finally a game I am good at.

clayloam3y ago

I am very curious how you managed to hold more than half the blocks for a bit!!

1 more reply

Rasbora3y ago

Coming for your crown >:D

hackmiester3y ago

I have been wasting so much time claiming up to 11 networks over the past week. All for you lot to steal all but 2 of them from me in as many hours. Give me a break. :)

BonoboIO3y ago

Give us some insight how you did it.

hackmiester3y ago

I am a network engineer. Mainly I have been triggering HTTP requests from routers I control.

In Cisco IOS you can configure the source IP address for HTTP requests using the 'ip http client source' configuration-mode command. Then, from exec mode, you can:

  #copy http://108.61.215.240/claim?name=hlfuller null:
  Loading http://108.61.215.240/claim?name=hlfuller
  321 bytes copied in 0.020 secs (16050 bytes/sec)

Rasbora3y ago

I had an almost identical idea to this website a while ago but never acted on it, props to the dev.

Here is how you win the IPv4 games, in order of most to least effective:

1) Have a large online following that is willing to visit your claim link or a page where you can embed an iframe / img / etc that points to your claim link.

3) Abuse cloud / serverless offerings as far as they will go, unlikely to win more than a few blocks this way.

4) Own IPv4 space.

From what I can see the current rankings are just me and mike fighting for the same proxy space (the vote goes to the most recent visit per IP), and everyone else falls into buckets 3 & 4.

mike_d3y ago

Basically I did a 1&2 combo. I run a small anti-bot service for a few friends sites and started redirecting a particularly aggressive scraper to the claim URL.

wyattwest3y ago

This is an amazing method, love the idea

BonoboIO3y ago

Made my day

progval3y ago

> possibly exploit the system by sending a XFF header the developer forgot to block (probably just checking socket address so unlikely to work here)

Sadly, it was considered, and XFF is ignored from non-private source addresses: https://github.com/jart/cosmopolitan/blob/155b378a3962e4d291...

With private addresses defined as: https://github.com/jart/cosmopolitan/blob/7ab15e0b236d085c82...

seligman993y ago

I took approach #3 for 5 blocks. Surprisingly, that's good enough to get on the leaderboard, at least till someone keeps a simple script running longer than me.

I do wonder what an IPv6 version of this would look like, but how it'd work, and how active it'd be.

hackmiester3y ago

I am option 4 but it's never going to get me very far up the leaderboard. So I just grabbed one of the funny numbers in one of the /8s and called it a day.

thunderbong3y ago

And it's running on a redbean [0] server!

[0]: https://redbean.dev

cmeacham983y ago

Cool idea, but please get an HTTPS cert - they're free!

clayloam3y ago

I was planning on getting that set up, but people discovered it faster than anticipated :) I’ll do it soon

londons_explore3y ago

Not using HTTPS opens up a bunch of new possibilities of how to cheat...

Can you send an http request spoofing the IP address it's from? I bet you could with enough attempts because you only have to successfully guess the TCP syn cookie once...

rowin3y ago

[0] https://brightdata.com/ [1] https://packetstream.io/

clayloam3y ago

It's not publicly exposed yet but you can check here! http://ipv4.games/summary?subnet=0.0.0.0/0

Congrats on #1 spot :)

iancarroll3y ago

[0] https://github.com/ustayready/fireprox

r3trohack3r3y ago

I feel like this is a good time to plug Bot Net as a Service vendors like https://brightdata.com/

wyattwest3y ago

Botnet as a Service is an excellent way to describe many residential proxy networks. We wrote[0] about this exact premise a few years ago.

[0] https://spur.us/2020/08/residential-proxies-the-legal-botnet...

tranxen3y ago

I have hard time understanding how mikedamm@twitter claimed so many /8.

distantsounds3y ago

operating the NTP pool might have something to do with it.

BonoboIO3y ago

This is really funny idea.

In this thread there is a comment wich talks about using AWS API Gateways for scraping. What are other great ways to get many different ips for scraping? Beside residential proxies.

bhaney3y ago

I would love to see what kind of mess this turns into when applied to IPv6

playingalong3y ago

So some of them are public cloud, e.g. 3/8. And you can ran serverless there. Other option is to use some open proxy servers.

What other options do people have?

chrismarlow93y ago

Looks like you can direct link to claim

http://ipv4.games/claim?name=whatever

zamadatix3y ago

Some more to add to the pile:

- Static IP blocks from their ISP (some still lease IPs for surprisingly cheap).

- Customers of ISPs that use CG-NAT (cheap wired) or NAT64 (some wireless providers), similar to the above just 1 translation layer deeper.

- IP space you control (that's how I have 23.0.0.0/8 for the moment)

- BGP hijacking IP space you want to control (though hopefully in the world of RPKI this is getting harder and harder to do)

playingalong3y ago

Crowdsourcing - i.e. phishing-like posting of the URL in some social media?

zamadatix3y ago

https://youtu.be/bT8CRi9k4bo

I like the test claim from localhost :).

Ayesh3y ago

Not for long though:

https://www.ietf.org/archive/id/draft-schoen-intarea-unicast...

zamadatix3y ago

The IPv4 Unicast Extensions Project has lofty goals and many of them, like this particular one, seem overly lofty.

PaoloBarbolini3y ago

This is harder than i thought

bigcheesegs3y ago

Very surprised 17net only has 1.

clayloam3y ago

I think Apple owns that whole block?

raggi3y ago

I considered testing out whether spoofing was blocked on Vultrs network, but too lazy.

zamadatix3y ago

PaoloBarbolini3y ago

Tonight I discovered I could create 128 m2.micros from my AWS account no questions asked. Very very worrying. Much happier with Hetzner with an initial limit of 25.

1 more reply

blahgeek3y ago

Though apparently it doesn’t help in this case because it’s HTTP/TCP which requires a handshake

1 more reply

j / k navigate · click thread line to collapse