Thursday, January 21, 2010

1.1.1.1

A number of captive portal implementations, including products from Cisco and Nomadix, use 1.1.1.1 as a virtual IP address, HTTP requests to which are redirected to the access control server's logout page. A quick google search turns up numerous network service providers, mostly wireless ISPs, that use 1.1.1.1 to access their logout pages.

This trick has worked because the 1.1.1.1 IP address resided in an IP block that was reserved by the IANA, so there could be no server that actually used that IP address.

However, this month the IANA assigned the 1.0.0.0/8 IP block to the Asia-Pacific NIC. As its name implies, APNIC is responsible for the allocation of IP addresses in Asia and the Pacific, meaning that there may come a day when a company in China, Australia, or elsewhere is allocated a subnet containing the 1.1.1.1 IP address.

In short, the 1.1.1.1 IP address no longer resides in reserved IP space. Network access servers should stop using it.

No comments: