Researchers Probe Dark and Murky Net 128
umm qasr writes: "Security Focus has an interesting article on blocks of internet space that are hidden from most users, it is based on a survey by Arbor Networks. The most common 'invisible sites' being .mil, which seems is unintentional. The survey suggests others, which seem more sinister...using unused netblock addresses to send spam. It's a bit short on the details but interesting none the less."
Interesting (Score:2, Interesting)
Re:Interesting (Score:1)
Not sure about the idea of an 'obscure' IP block? IP addresses follow defined patterns - you can scan for whatever range you like. Certainly the recent Nimda stuff isn't based on hostnames - it's based on going to nearby IP ranges. If you wanted to scan the entire net you could. Might take a while though...
Cheers,
Ian
Re:Interesting (Score:5, Informative)
>there that no one will ever see. I always figured
>anything sensative for military use would be stored on
>a proprietary government network
Might already be that way and we just don't know it. Talk about "dark netspace," nobody holds more of it than the US military... A bunch of class A's - 6.*, 7.*, 11.*, 21.*, 22.* - not to mention the smaller, uglier blocks. I imagine they could be running some sort of TOP-SEC-NET (or maybe SEC-PORN-NET) on one of these, unbeknownst to the outside world.
Shaun
Re:Interesting (Score:1)
That's why I always laugh whenever I read about some some 'l33t d00dz' hacking into military computers and compromising all our secrets. They may get some semi-sensitive, For-Official-Use-Only type crap, but they're not going to get the true classified stuff.
Someone below mentions the SIPRNET. Yes, it exists for lower-classified stuff, but it has very few connections to the general internet, and those that exist are VERY tightly controlled. If you try to slip in through one of them, you will have the OSI, CID, FBI, and a bunch of other letters knocking on your door. (Yes, the government does have a bunch of very intelligent, capable computer security guys. No, they don't noise it around - better to let the 'l33t d00dz' _think_ they are getting away with it.)
Re:Interesting (Score:2)
See my post [slashdot.org] in this [slashdot.org] earlier
Re:Interesting (Score:2)
Re:Interesting (Score:2, Informative)
It's called SIPRNET, and is well protected.
Re:Interesting (Score:1)
I don't think much of it (if any) is really sensitive information.. it wouldn't be surprising if they were just boxes that J. Random Military Sysadmin installed for a specific purpose (say, a temporary mail server, or a server which holds software to perform an FTP install of (insert system here) and forgot about. It might be documented and lost, it might not be documented at all, but no one's going to touch it because they don't know what it does.
If they put it on some obscure ip block and give it no hostname, who will ever find it?
People netmapping or portscanning entire blocks of IP addresses just to see what's out there? People tracerouting but a funky router returns some weird IP with no reverse record? Who knows.. maybe someone who's setting up /etc/hosts and makes a typo or two.
Re:Interesting (Score:2)
When I worked for a defense contractor, we were exceptionally paranoid about this sort of thing.
Spammers as Romulans? (Score:2, Funny)
"Yes Captain Spamford."
"Prepare spam... Bulk Email!"
"Bulk Emailing sir!
"Excellent, return to Murk space."
.
.
.
"Sir! it's an anti spammer!"
"What's he want?"
"He wants to shove our testicles up our noses and beat us to death with toner cartridges. He said something about sucking your eyes out with a penis enlarger as well."
"again?"
dave
and the Internet came from the military net... (Score:1, Offtopic)
Re:and the Internet came from the military net... (Score:1)
Re:and the Internet came from the military net... (Score:2)
It wasn't a military network!!! (Score:2, Informative)
The confusion is based on the fact that Paul Baran at RAND had designed a network which would have used inexpensive links with multiple redundancies to ensure that communications would not be disrupted in a command and control structure for the Nuclear deterant. This idea was also being developed seperately in the UK and called Packet Switching by Donald Davis at the UK National Physics Lab on the first system to use this technology. It was later used as a basis for ARPAnet.
The important point is that when the ARPAnet was created the inventors had never heard of the RAND report and the Air Force had turned down RANDs plan to build a test syestem. It was civilian to the core. However when the military absorbed ARPA to form DARPA the created a nonclassified system called MilNet. This came later and is not the same as saying the Internet is built on a military system
Ok that was my 2c's worth. Any comments?
Re:It wasn't a military network!!! (Score:1)
Re:It wasn't a military network!!! (Score:3, Informative)
Um, ARPA was always in the DoD. The original offices were in the Pentagon. The shift to DARPA was just a name change to help refocus on defense projects, rather than civilian research.
Civilian research such as, for example, a vast interconnected computer network.
Dark address space? (Score:5, Funny)
-j
Re:Dark address space? (Score:1)
Re:Dark address space? (Score:1)
Re:Dark address space? (Score:3, Funny)
=)
Not much content in that article (Score:2)
It seems like the article could have had more explanaton and real information on what dark address space is.. I'm still not fully clear after reading. Is "dark address space" just unconnected networks or more subtle. I guess you really need to be a network person to understand fully.
Reminds me of the raging debate over dark matter in Astronomy, and how it accounts for the mass of the universe etc... The debates always involve crazy theories that pretty much contradict eachother until they finally high-enough resolution data..
Re:Not much content in that article (Score:3, Informative)
Re:Not much content in that article (Score:1)
The Internet is dead! Long live the Internet! (Score:1)
Really, is this a huge surprise? Quality of service for unregulated CableCo's is an issue many have to deal with. Plus, human error is a big factor in DNS setups. Then you've got physical problems on end-point sites that don't have redundant connections.
I'd say 5% isn't bad.
Regards
To go where no man has browsed before... (Score:1)
.info and other new TLDs in the dark, too? (Score:4, Interesting)
The problem is that many software, libraries, and hand-made filters validate domain names based on simple rules like "only 0-9, a-z, dots, and it should end by two characters or com/net/org/edu" .
For instance, I guess that many web forms are currently refusing mail addresses like "john@johncompany.info".
These new, non backward-compatible domain names will probably belong to the "dark and murky net" too.
Re:.info and other new TLDs in the dark, too? (Score:1, Troll)
Re:.info and other new TLDs in the dark, too? (Score:2)
That's where you get
There will always be plenty of idiots in the world who think they know all valid addresses. Unfortunately, most can't be bothered to do a little research, and then I or someone else will come along, break the forms, and decide to go elsewhere. And unfortunately, the new TLDs also tend to break what for aeons of "internet time" was an acceptable TLD validation.
Not to mention... (Score:2)
Guess what - other countries may have postal codes, but they don't always fall into a format of five contiguous numbers...
Just today, Yahoo told me that I had an impossible 'zip' code, so I did what I usually do in that case - enter "02134", which as many of you know. is pronounced "Oh!, two-one, three-FOUR!", especially if it follows "Box 3-5-0, Boston Mass", which I fill in whenever some braindead php monkey has never heard of my particular prefecture...
Re:Not to mention... (Score:3, Funny)
12345 (Score:2)
Re:12345 (Score:2)
Re:.info and other new TLDs in the dark, too? (Score:2)
What makes it even lamer is that the e-mail address entry is on the same page that you enter the shipping address so they should *know* that they won't be shipping abroad.
Just plain old stupid I guess.
Rich
Re:.info and other new TLDs in the dark, too? (Score:1)
only 0-9, a-z, dots, and it should end by two characters or com/net/org/edu
No, you cannot enforce this. How about non-English character domain name? Say, Chinese / Japanese domain name?
Re:.info and other new TLDs in the dark, too? (Score:4, Insightful)
> No, you cannot enforce this. How about non-English character domain name?
What part of "new conventions like non-ascii characters" don't you understand?
Re:.info and other new TLDs in the dark, too? (Score:2)
Re:.info and other new TLDs in the dark, too? (Score:1)
hey hey just because my email address is john@johnsoftware..... :)
A lot of truth to this parent. (Score:3, Insightful)
Re:A lot of truth to this parent. (Score:1)
Guess even the military's heard of /. (Score:2, Interesting)
Slashdot? Which Slashdot is that? (Score:1)
Perhaps this guy has accessed
Fire a tachyon pulse into the murk space (Score:1)
It [the article] was so vague, in fact, that there was little reason wasting the time to read it. Murk space, dark matter, anti-matter, anti-time. I'm going to go back to downloading more STTNG episodes!
Sigh... (Score:1)
The real article (Score:4, Informative)
Sorry 'bout the whoring..
Shortest paths? (Score:1)
But the longest path does exist? Do we blame the journalist, or the researchers who got paid for three years to conclude this amazingly useful fact?
Re:Shortest paths? (Score:1)
Re:Shortest paths? (Score:1)
Or could it be that I was merely poking fun at the tendency to use "no shortest path" to mean "a path does exist, but it isn't short enough for us to call it a shortest path, therefore the two nodes are not connected"?
Invisible web? (Score:1)
If this mean things that, well, are closed to robots, let them be the way they are. Work a bit more, go to the site itself, and do a search.
If it means things in DBs, how come you prove that you've extracted everything in the DB?
In any case, has anybody seen one of those "dark" addresses sometime?
Re:Invisible web? (Score:1)
Definition of Dark Address Space [slashdot.org]
Re:Invisible web? (Score:3, Funny)
If you could see one, it wouldn't be dark. And if you did see one, They would have to kill you.
I think this is just another .mil conspiracy - those sites and addresses aren't just parts of badly managed webspace - they are websites of black ops, dark projects, stealth planes and hidden agendas. An intranet for the Anti-Illuminati - the Shadows. :-)
Re:Invisible web? (Score:1)
Re:Invisible web? (Score:4, Informative)
Route filtering.
To reduce the size of the routing table in the memory of their core routers, some providers throw away announcements of small blocks (say
Some providers also filter blocks that are listed by the one of allocators (ARIN, RIPE, APNIC) as not being allocated or are reserved for special use. The article infers that this is what happens to lots of
Black holed routes.
Sometimes, either intentionally or accidently, providers announce routes to blocks that they actually can't reach directly. This is usually a misconfiguration or done on purpose to null route blocks containing a host performing a DOS or some other network misdemeanour. This is usually a transient state.
hth
Marty
Re:Invisible web? (Score:3, Interesting)
The report cites
As far as broadband goes, as well as large NSPs, consider how much address space is simply lost to breaking
Companies like Cisco and Unisphere sport routers capable of numbering interfaces in the THOUSANDS. Even making efficient use of IPs when numbering ATM topologies (common for DSL implementations), you're still losing one IP per interface, in addition to whatever small block is allotted to the customer on the other end. In most cases, every hop you see in a traceroute is one IP of a four ip subnet (exceptions would be LAN topology based peers or transits). For the purposes of security, or simplicity, providers may simply choose to not announce routes to IP space allocated for interface use. Inside their own networks, interior protocols like IGP, ISIS and OSPF can handle local delivery, but the world doesn't really need to know how to throw packets at a router's interfaces.
Cable modems are less guilty of this than most, since they tend to allocate two or four class C superblocks to a neighborhood and mask them accordingly.
Dumb question... mostly OT (Score:2)
Can you explain (or better, point me to a source explaining) what is meant in networking terminology when you say
This is something I have been curious about for a long time, and would like to learn more (whether it would be useful to me or not).
Thank you for any help you or others can provide...
Re:Dumb question... mostly OT (Score:1)
When you look at the subnet mask for a network, say 255.255.255.0 for a Class C, break it up into the appropriate bit segments:
255 255 255 0 converted to hex is FF FF FF 00. Each value of FF is 8 bits. 255.255.255.0 is a 24 bit mask, or
You can determine the size of a network block (or subnet) by subtracting the bitmask from the maximum possible value (FF FF FF FF). A
Re:Dumb question... mostly OT (Score:1)
Dumb question... mostly OT
There are no stupid questions; only stupid answers.
Re:Dumb question... mostly OT (Score:2)
Okay, the class A/B/C issue has been covered, so I'll tackle the /n thing
When you see an address A.B.C.D/n, the high (first) n bits of the address are network bits and the rest are the host bits. This is usually used to route traffic - compare the network bits and, if they match, do this. They can also be used to aggregate network blocks or to subdivide them (they are usually allocated in blocks of n*class C networks. when you subdivide them (getting shings like /28 or whatever), it's called subnetting, and when you aggregate them, it usually gets labelled as CIDR, as it no longer follows traditional netmask boundaries.
Within each network, there are two speciall addresses - setting the host bits to all 0 or all 1. If all of the host bits are 0, you have the network address. If they are all 1, you get the net broadcast address.
In a /30 network, there are 2 host bits, leaving 4 possible hosts. Since two of those are reserved, you have two usable hosts. This makes /30 really inefficient and also the smallest possible network.
Re:Invisible web? (Score:2)
Arbor analyzed ISP mail logs? (Score:4, Interesting)
Shaun
Re:Arbor analyzed ISP mail logs? (Score:2, Informative)
The ArborNetwork's crew is as white hat as they come.
"invisible" sites (Score:1)
Re:"invisible" sites (Score:1)
The cable users are a growing customer base, and everyone wants a piece. It's not surprising that one network would want to inconvenience users of a competing network.
Again? Yawn... (Score:4, Funny)
Because routers don't normally log such activity, murky address space could hide the full range of antisocial or illegal network behavior, says Labovitz.
Oh no, here we go again. Just because it's about the internet and contains a lot of words that are a little bit different to what "normal" people use daily - like "router", "hosts" and "routable address space" - it doesn't mean it's something dangerous. Not even new.
Can you imagine someone getting funds to look into the origins of "paper spam"? "Oh no, the spammers are using bogus return addresses!" "Bad guys can communicate pretty safe and unhindered by putting their messages in envelopes, stamping them and sendim them by mail!"
I can understand that the guys had to show something for 3 years worth of "research", but unless the securityfocus article is a very-very short, abridged version for the masses, they have no results.
Re:Again? Yawn... (Score:1)
I have to sugest that you should re-read the sentence you quote in its context- I don't understand how the sentence quoted is in any way related to your comment about it. Labovitz is saying that it is difficult to accurately charachterize exactly all the bad things that are going on out there, in part because the bad things are happening in places that shouldn't exist and are therefore off of many peoples radar.
Re:Again? Yawn... (Score:2)
On the other hand, why would I complain if someone pays to have free paper for lighting the wood-stove delivered to my home? 8-)
routing (Score:2, Interesting)
Over the last 6 months or so, it definitely seems like the 'Net is
Re:routing (Score:1)
Re:routing (Score:2, Funny)
/Smuffe
Re:routing (Score:1)
Re:routing (Score:2)
The Cause.. (Score:5, Interesting)
What they are really saying is that there are large chunks of the internet which can't talk to each other. This isn't because of firewalling or "hiding" behind a NAT box or the like, but is instead a result of the peering "politics" (which better describes what goes on than policies) between carriers.
Let me explain. If I am ISP A and I connect via peering to ISP B, I can't talk to ISP C's customers through B even if ISP B and C are connected. That is, unless I have an arrangement with ISP B to provide transit to ISP C. ISP C also has to agree to accept my routes even if ISP B provides transit to me.
Generally the big "Tier 1" ISP's peer with each other and generally don't exchange or buy transit from each other (except in some limited cases). Smaller ISP's generally buy transit from one or more Tier 1 ISP's. Some of the smaller Tier 1's both peer and buy transit.
It is not altogether unexpected that with hundreds of ISP's out there that certain ISP pairs just plain do not have connectivity between them. It would be almost impossible both economically, politically, and technically to insure that each ISP could talk to every other ISP out there.
Add on to that that there are some ISP's who set arbitrary limits on how many addresses you have to announce together in one chunk (prefix) before they will even listen to them. If you have a small ISP with insufficiently sized address blocks you may find that your connectivity to the internet suffers.
The other piece which WAS said fairly well is that most people don't notice the problem as 99% of the people out there don't use more than the most popular 1% of the internet. And THOSE sites are almost 100% connected (and if you ran an ISP which wasn't connected to the big sites, you would quickly find yourself without a customer base).
Note that I've taken some liberties with this description so there is some minor technical/political breakage in the description above. Or probably better put, this isn't meant as a technical reference piece on peering policies....
Re:The Cause.. (Score:1, Interesting)
The net isnt really a net at all, its more of an extended star topology (for all you networkers)... for those who havent got a clue what I mean is that you have the major servers in the US, and off them hangs other servers, and off them others, etc... Often, there just isnt a route to a server due to router downtime, malconfiguration, or intentional force editing of the routing tables...
so... my proposal is... scrap the name of the internet... i say we all call it
Re:The Cause.. (Score:1)
Sometimes you need to take smaller interconnecting roads, sometimes you just cant get there from here.
The latter is becoming more and more scarce in the real and digital worlds.
Routes withdrawn after spamming? (Score:4, Insightful)
Re:Routes withdrawn after spamming? (Score:2)
And how would you explain the netblock in common not being registered with ARIN/RIPE/APNIC/etc.? Ok that one's easier, but this is more than coincidence.
Re:Routes withdrawn after spamming? (Score:2)
OK, this probably doesnt account for all of this, but i guess it accounts for some.
Re:Routes withdrawn after spamming? (Score:2)
Um, they register with an isp. send a load of spam. get kicked off isp
Nah, BGP routes need only enter into things when you multi-home (get a net feed from multiple upstreams) or carry your own net block around and they never show up for the average dialup/DSL user. Further, if i haven't explicitly negotiated BGP service with my ISP, I probably won't be able to propagate my routes.
Re:Routes withdrawn after spamming? (Score:2)
Researchers probe dark and murky net... (Score:1, Redundant)
So spammers can grab anything they want? (Score:1, Interesting)
Let's say I'm an evil spammer (tm). I want to send out some spam that would be really hard to track down. So, I find a net block that's not being advertised by anyone, but isn't a part of a range that's "obviously" not allocated. Say, a piece of 64/8 or 65/8 that isn't being used yet.
OK, so I configure my spam pumping machine to be an address in that block, and start advertising it. Then I connect out, spew like nuts, and shut down. Once the routes disappear, you have *no idea* where I am or who my uplink is.
So, my request to those that know - is this possible? If so or if not, why?
If it is possible, just how much worse is it going to get when IPv6 starts getting widespread use and you can hide yourself anywhere?
Yes, I realize to do this I'd need a solid connection to lots of other well-routed ISPs. Assume that I do. Will it work? How can we stop it?
Re:So spammers can grab anything they want? (Score:2, Interesting)
As far as the IPv6 issue, a lot will depend purely on accounting: How is address space issued? Do you get an IP with your driver's license?
Accountability will be everything, at that point. IPv4, as it's designed, is based on trust. America, as it's designed, is based on civil disobediance. Stop laughing, I'm serious.
Re:So spammers can grab anything they want? (Score:5, Informative)
Route-filters help address this, but many people don't do aggressive route filtering. Route filters, at least in this context, allow you to describe which route announcements you will accept from who. You typically write route-filters to *only* listen to route announcements for the networks that the person you are peering with owns. If its a multihomed connection then this can be a pain. If its an ISP (especially a multihomed one with multihomed customers) it becomes even more of a pain and becomes a matter of trusting your peers to enforce the right policies at the edge of their network. Some people do things with BGP communities to make this easier, but many folks do not have the clue to do so.
As mentioned earlier in the article, aggressive route filtering can actually increase the discontinuties in the network, but failing to do the right filtering can create opportunities for antisocial/malicious behavior.
There were attempts, with some success to create truly useful route registries- the radb's. MCI and someone else (I'm pretty sure it was the route-arbiter project folks- in which Abha [from this report] played a significant role) maintained these. Some people used these to auto-create route filters, but I think that all got just to darn complicated. I could be totally wrong about this, but that's my recollection.
Not to rant (to late), but to my way of thinking this all is rooted in a basic issue with large multi-entity IP networks- a peer isn't just someone you exchange traffic with for free [or with settlements] it really is a *peer*. By exchanging routing information (especially if you do something like accept/honor MED's) you really do have to trust these people- that means you have to believe they are as competent or moreso than yourself- in other works, a peer- in the truest sense of the word. With extremely democratic large scale IP networks (like the Internet) the meaning and usefullness of the term peer becomes significantly diluted- and this means that the network as a whole is likely to not function at a fully optimized state (or even a merely completely working state) all/most of the time. That isn't a horrible thing, but it certainly does make you reevaluate certain assumptions many people make about IP networks.
Further, I believe that most if not almost all of the "scaling" problems in the Internet today are not as much technical capability problems as configuration/design/education problems. We now have a giant, dynamic network that usually works quite well- can it fail catastrophically? I believe it *can*, but the size, interconnectiveness and diversity tends to locally contain failure conditions- events that would have been extremely catastrophic just a couple of years ago.
I'll stop "lecturing" now, except to say that it is great to see folks like these, CAIDA, Packet Design, and assorted others starting to really try to formalize analysis methods for networks of this complexity- its a great step forward from the cult-of-the-few-geeks (The Internet Routing Cabal wasn't that long ago- not to say they weren't great people who made lots of personal sacrifices to keep things working)
As a footnote, Craig L. and Abha A. have done other related work (before they were with Arbor Networks). I know they presented some of their work on BGP reconvergence time at the Montreal NANOG. I suspect they've presented since then.
http://www.nanog.org/mtg-9910/converge.html
Five or ten web sites... (Score:2, Funny)
Oh...(SHOCKED!) so does it mean out there are other sites besides slashdot...
Cool... do you need any special software to browse them ? I use K-Meleon. There's a green icon on my desktop - I double click it and it takes me to slashdot.org, where I read the coolest stuff and then I click the tiny X button ontop when I finished.
Heard about a proggie, though: Internet Exploder that would supposedly take you places where you wanted to go that thay - I always thought it's some travel/tourism/ticket booking application or stuff like that....
Gone researching how to get to the others 4 or 9 web sites...
Sad side commentary (Score:3, Interesting)
DDOS network (Score:1)
Now one poster had suggested something about exchanging possibly "blacklisted" IPs. Perhaps we could build up a DB of such IPs and possibly compare these with those murkier IPs.
I'm almost certain that atleast some of the banned IPs would fall under the murkier regions. In fact, still worse is the fact that some of these come through wingates (as I found out), making it all the more troublesome
Scary though...
Yup, thats me (Score:1)
For weeks i've tried to get to somethingawful.com, i've pinged it, traceroute, i could never get anything. That is the only site that i know up which i can't reach.
I know what they're talking about... (Score:1, Funny)
I've had a ton of problems getting to certain places on the internet. Whole IP blocks are giving me trouble. Some include:
That's not even the strangest thing. I think I've discovered some sort of strange parallel universe gateway at 127.0.0.1! The computer there is exactly like mine!
Internet Black Holes that I have known (Score:2)
Actually, this was a pretty interesting project to many slashdot readers. Using an extremely early version of Linux (SLS 1.02 with kernel 0.99pl14e, I seem to recall), we had a laboratory full of 486s and 386s with two ethernet cards. One was a standard card that was connected to the company lan, and the other was a special programmable card that could be commanded to do stuff that ethernet cards aren't supposed to do, like short packets and bad ethernet headers and the like. This card was connected to one of the lans on one side or the other of the unit under test. There was an automated program running on each box under control of the master box, which ran a script in a custom scripting language that could tell one box to emit a packet, and another box on the other side to check if it got it, and more sophisticated stuff.
It was very cool, and a very early use of Linux in a commercial environment.
Brooklyn bridge (Score:1)
What is it made of... (Score:2)
Is the "dark address space" made up of strange websites? Or perhaps charmed ones?
murky net spaces eh? (Score:1)
> Arbor Networks' researchers went to the mail logs of a local ISP and compared several thousand unique mail sources with "murky" addresses spotted in their monitoring. They found that 30 of those addresses sprang into existence shortly before sending the email, and quickly vanished afterwards.
Murky alright, frickin' SPAMMERS using dialup accounts. Article emphasizes obvious, rides on ignorance of uncouth. UUCP is of same type, does
it mean that net was not connected in those days
either? How about that one: http://www.blug.linux.no/rfc1149/writeup.html
p.
One viable explanation for hidden nets (Score:1)
There are what I would call "confederations" of sites and networks which maintain connectivity through private networks, most likely research-community and government oriented. e.g. Abilene(Internet2), CA*Net, APAN, ESnet, etc. The members of these confederations may be different research labs, universities, etc which have need for complex routing policies based on endpoint and which private network to take. Unfortunately, the tools for implementing such policy are weak and often fall back on making decisions based on IP address. This in turn means that certain IP addresses are used to cause traffic to flow in a certain way and must be blocked to the public Internet.
Now with all of that said, one would naturally assume this could be accomplished with RFC 1918 (private) address space and shouldn't require using up valuable public address space. This is true if there was only one confederation, but many of these semi-private groups exist and many of the individual organizations participate in multiple confederations simultaneously. This means if RFC1918 address space were used for each confederation, someone would need to be responsible to make sure no conflicts existed in the variuous private address spaces. This would be problematic becuase 1) the confederations generally don't cooperate with each other (not in an antagonistic sense, more like ships-in-the-night) and 2) this would take take up someone's time which even in the research community is genereally not free (as in beer). Some confederations don't even know others exist. Furthermore, even if such a project were undertaken, all of the participants would need to agree on a common chunk of the RFC1918 space. This would be hard to do as many organizations probably have already used varying parts of this space for their own purposes. (again, none of which were coordinated.) Some people would not be happy about having to renumber.
So in order to maintain unique address space amongst this web of semi-private networks, the particpants simply use additional addresses out of the global Internet address space but only announce it amongst themselves. i.e. The global Internet registry is used to also coordinate use of addresses across these multiple, private interconnections of (usually) public institutions.
Now, I don't think this is the main cause of hidden address space. In fact it's probably so small compared to other causes that it is probably not necessary to address at this point. However, I wanted to offer it up as a legitimate reason some parts of the global Internet are not reachable from commodity ISPs.
-z
Re:private network? hidden network? who cares (Score:1)
What they talk about is not computers-not-connected-to-internet, and not about general networks. The article is about ADDRESS SPACE. What they are saying is that there are legitimate internet address ranges owned and used by people to connect their systems to the internet which seem to be inaccessable from major parts of the internet due to misconfigured or restrictive or just plain mean routers.