The shady world of IP leasing

3/6/2026 at 10:52:41 PM

I think all the points about IP reputation impact are well taken, but as someone who had to deal with the RIRs at an ISP before and who now works at a firm that buys blocks, I would 10x rather operate in today's environment than in the old RIR environment. It's transparent and predictable by comparison.

I never had much faith in reputation to begin with, and the residential block issue is muddied by the fact that large-scale residential proxies already make that an unreliable abuse check.

by tptacek

3/7/2026 at 7:31:46 AM

I bet if residential proxy ips were added to blocklists en masse that those ISPs would rather quickly clean up their network.

by hananova

3/7/2026 at 8:50:23 AM

No? The companies which are now losing sales because a bunch of their customers are blocked would simply stop using those lists.

by JasonADrury

3/7/2026 at 9:48:39 AM

There are "live" residential proxy IP lists you can purchase today from a variety of companies. Various companies defending use them as an additional data point when making a call to throw a captcha or block.

ISPs have been fairly silent on the topic (it is a hot topic for many of them due to the kimwolf botnet leveraging resiproxies to function and launching attacks). In many cases, being a resiproxy is a violation of the TOS - but they struggle with enforcement and how to do customer engagement given that most resiproxies are loaded without the end user knowing. So you have an educational problem - how does an end user figure out how to remove it.

Some ISPs could null the resiproxy c2 infra - and a few have played in that space.

Home router vendors could play their part and notify users exactly which device is connecting out and give them an option to isolate, etc.

by pigggg

3/7/2026 at 8:36:49 AM

If residential IPs were blocked, cutting off innocent users from services as IPs rotate, customers would bring lawsuits against ISPs and cell providers. Blocked IPs would have to be parked. Impacted users would rush to VPNs and other privacy tools, damaging the ad industry that is the backbone of most big tech. Everyone would rather deal with today's problems than that chaos.

by sandworm101

3/7/2026 at 5:09:37 PM

> customers would bring lawsuits against ISPs and cell providers

What would the case be against ISPs here?

by akerl_

3/8/2026 at 7:48:49 AM

Failure to provide the contracted service. If you pay for internet, but they aasign you an IP that is already blacklisted, you are not getting internet.

by sandworm101

3/8/2026 at 9:18:27 AM

I don’t see any way for that to work out.

Your ISP is not responsible for ensuring that the connection they give you works to access any particular sites (see, for example, all the sites that already implement geo-fencing to block or alter the experience based on country of origin).

by akerl_

3/8/2026 at 11:00:37 PM

And if the blacklist is on the upstream provider? So you literally cannot send packets beyond your residential ISP? Have fun surfing the comcast homepage.

by sandworm101

3/8/2026 at 11:08:07 PM

It’s not clear what you’re trying to say. Nobody’s arguing that 3rd parties blocking ASs, ISPs, regions, etc is fun for the people who get blocked.

But that doesn’t somehow create a civil case against your ISP for not acting in response to the 3rd party action.

by akerl_

3/8/2026 at 1:19:29 PM

So if I drive my Toyota to the corner store and they tell me to go away, I'm not welcome, I should sue Toyota for failing to get me to the store?

by gzread

3/7/2026 at 10:00:25 AM

I hate to break it to you but services have been routinely blocking residential IPs associated with being part of VPN endpoints for the better part of a decade now. Akamai will even sell you (granted they are just reselling another vendors product) a database to do this.

by Mindwipe

3/7/2026 at 2:15:22 PM

The number of residential IPs acting as endpoints is vanishingly small. It isn't an issue. The number of residential IPs that are part of botnets is something else. They are not blocked. Their bad traffic might be, but nobody cuts of an IP simply because a machine on it got a virus once upon a time. If they did, we would all have to negotiate for a new IP every time a machine was compromised.

by sandworm101

3/7/2026 at 4:01:20 AM

My biggest issue with IP brokers is how they'll avoid taking any responsibility for their customers action. A fair amount of bullet proof hosters (and we're talking malware distribution, botnet c2s, ransomware c2s, proxy/scanning) get their space from brokers. When you engage with the brokers they say go talk to the transit providers - and because the bullet proof guys can switch off to another transit provider easily they maintain connectivity/continue to operate. Super common in Europe where most of this goes on and they have a super plentiful transit market - but they are still rolling with the same set of IPs they get from these brokers (and one in particular).

by pigggg

3/7/2026 at 3:36:58 PM

I thought these days one can go directly to the RIR in case neither LIR nor the IP end-user acts on repeated/ongoing abuse? With the ongoing tension between central policy enforcement mechanisms vs. net/jurisdictional neutrality…

by 47282847

3/7/2026 at 1:27:57 AM

acidvegas is a pretty shady guy himself, running an IRC spam network pretty much in broad daylight. I don't know what to make of this connection, except he probably has a reason for posting this that's slightly more nefarious than sharing some interesting knowledge.

by gzread

3/7/2026 at 10:06:52 AM

> IRC spam network

Why is anybody still doing IRC spam in 2026? Is there still any profit in doing that? One would think that all the remaining IRC users are highly technical and unlikely to fall for it anyway.

by miki123211

3/7/2026 at 8:53:48 AM

You've also got the fugitive neo-Nazi weev, who now hides in the Russian-backed separatist region of Transnistria as an admin on his IRC.

Not to mention the ransomware guy who is again being sought by Interpol, also an op on acidvegas's IRC.

irc.supernets.org is truly one of the shadiest places on the internet. I wouldn't connect even over Tor.

by JasonADrury

3/7/2026 at 11:41:24 AM

Oh I've been there. If he doesn't like you he spams you with "you just joined a channel" protocol messages until your client crashes from being in too many channels - most clients don't survive that. I can't fault the ingenuity.

by gzread

3/7/2026 at 7:56:51 PM

This is absolutely unbelievable.

I cant believe weev has admin on supernets and I dont, wtf.

by _notdan_

3/7/2026 at 9:05:38 PM

I've read on Brian Krebs that you and Sergio Gor are both russian. I don't think you'll have difficulty getting ops

by JasonADrury

3/7/2026 at 2:13:40 AM

this guy most dangerous motherf* man, so edgy, what do you expect

by ackbar03

3/7/2026 at 3:37:29 AM

[flagged]

by acid_vegas

3/7/2026 at 2:49:10 AM

Banning IP leasing would concentrate power in the hands of those who have large IP blocks. Makes one wonder what the real motivation behind this post is.

by 9cb14c1ec0

3/7/2026 at 7:32:20 AM

> concentrate power in the hands of those who have large IP blocks

Who do you think is doing the leasing? People who have no IP space?

by dsl

3/7/2026 at 3:24:45 AM

Have you tried getting an ipblock from a RIR and failed? they seem widely available if you justify it and at a reasonable price. If not, you can always go to a host and buy at a smaller fraction...

by TZubiri

3/7/2026 at 8:18:24 AM

> Have you tried getting an ipblock from a RIR and failed? they seem widely available if you justify it and at a reasonable price

RIPE wont "sell" me an IP block, no matter how reasonable a price I offer. RIPE will gladly let me pay them LIR annual membership dues for 2 years before they consider allocating me a /24 (based on current waiting list times)

by oarsinsync

3/7/2026 at 2:52:39 AM

I mean…not curtailing leasing concentrates power with sketchy rent seekers and empowers the enterprises which use them (many of which range from “sketchy” to “evil and criminal”).

So I guess I’m having trouble envisioning a world without IP leasing that’s materially worse than the one we have.

by zbentley

3/6/2026 at 11:19:07 PM

I have my own system of IP reputation whereby if an IP address hits one of my systems with some probe or scan that I didn't ask for, then it's blocked for 12 months.

https://github.com/UninvitedActivity/UninvitedActivity

P.S. just to add a note here that I have been blocked out of my own systems occasionally from mobile / remote IPs due to my paranoia-level setup. But I treat that as learning / refinement, but also can accept that as the cost of security sometimes.

by BLKNSLVR

3/6/2026 at 11:35:25 PM

My first thought is that with CGNAT ever more present, this kind of approach seems like it'll have a lot of collateral damage.

by Latty

3/6/2026 at 11:43:23 PM

Yeah, my setup is purely for my own security reasons and interests, so there's very little downside to my scorched earth approach.

I do, however, think that if there was a more widespread scorched earth approach then the issues like those mentioned in the article would be much less common.

by BLKNSLVR

3/7/2026 at 12:16:17 AM

In such a world you can say goodbye to any kind of free Wi-Fi, anonymous proxy etc., since all it would take to burn an IP for a year is to run a port scan from it, so nobody would risk letting you use theirs.

Fortunately, real network admins are smarter than that.

by lxgr

3/7/2026 at 1:52:57 AM

Pretty much. I think there's also a responsibility on the part of the network owner to restrict obviously malicious traffic. Allow anonymous people to connect to your network and then perform port scans? I don't really want any traffic from your network then.

Yes, there are less scorched-earth ways of looking at this, but this works for me.

As always, any of this stuff is heavily context specific. Like you said: network admins need to be smart, need to adapt, need to know their own contexts.

by BLKNSLVR

3/7/2026 at 9:11:49 AM

This is how you get really annoying restrictions on public networks, because some harmless traffic will inevitably be miscategorized by an overeager firewall/DPI system.

I’m not saying that there should be zero consequences for allowing bad traffic from your network, but there’s a balance, and I would hate a world in which your policy were more common.

Arguably we are already partially living in that world, as some companies are already blanket-banning entire countries, VPNs etc., rather than coming up with more fine-grained strategies or improving their authentication systems to make brute force login attempts harder. It’s incredibly annoying.

by lxgr

3/7/2026 at 2:13:46 AM

Do you feel coffee shop WiFi should require you to scan your passport to connect, or that it shouldn't exist at all?

by gzread

3/7/2026 at 3:35:56 AM

Not OP, but the latter sounds pretty good actually, yeah. Never understood the free WiFi craze anyways. Just use cellular?

by perching_aix

3/7/2026 at 6:29:55 AM

Not all of us have cell plans with hotspots ($$$), hotspots often have data caps, cell is often slower or congested, and there are some areas without cell signal. It's also kind of silly from a wider perspective to shove everyone onto the cellular network when most businesses have perfectly decent fiber internet nowadays.

Sure, I'm usually on hotspot, but I personally appreciate when businesses have wifi. Either way, there are always going to be shared networks somewhere.

by ipdashc

3/7/2026 at 10:11:58 AM

What we should actually be doing is WiFi using SIM cards as authentication.

Have it count against your data cap (but make it much cheaper than cellular data). Pay part of that revenue to hotspot-owning businesses. If something bad happens, use the logs that telecoms are already required to keep.

It's very strange to me that we don't have something like this already.

by miki123211

3/8/2026 at 10:06:47 AM

How about we don't? We really don't need to tie even more things to SIM cards and phone numbers.

Criminals have more than enough ways to still get anonymous SIM cards (at least until every country on the planet makes KYC mandatory for prepaid SIMs), and legitimate users are greatly inconvenienced by this.

> Pay part of that revenue to hotspot-owning businesses.

To subsidize a network connection they probably already need for their business operations, e.g. their payment terminal or POS? Why should I? The marginal cost of an incremental byte on wired Internet connections is basically zero, these days. It's literally too cheap to meter, so why bother?

Besides the centralization and tracking concerns, not nearly every device has a SIM card. Why does my Laptop not deserve to access a coffee shop Wi-Fi, my Kindle to use an in-flight conenction, or my smartwatch to use the gym's network for podcasts?

It's very strange to me that people keep trying to willingly ruin the open Internet.

by lxgr

3/7/2026 at 4:45:31 AM

And you should require your passport to get one of those?

by gzread

3/7/2026 at 9:57:54 AM

ID card you mean ;)) Yes, and we already do.

by perching_aix

3/7/2026 at 12:36:53 PM

So that every time you post on social media that you don't like the government, the government can find who said that?

by gzread

3/7/2026 at 1:38:28 PM

You mean on the social media that people comment on with their real names and faces?

by perching_aix

3/7/2026 at 2:28:04 PM

I especially mean on social media that people don't comment on with their real names and faces.

by gzread

3/7/2026 at 2:51:33 PM

Yes, just like how they can with the rest of residential traffic that is not using prepaid SIM cards, but post-paid subscriptions.

by perching_aix

3/7/2026 at 11:10:19 AM

What an incredibly short-sighted, dystopian view.

I live in a country that has mandatory SIM registration, and it's stopping exactly zero organized criminals – these can just pay a tiny bit more and buy burner phones and use out-of-country SIM cards – while it's making life more complicated and expensive for the average citizen.

Expensive because KYC isn't cheap, and guess who pays for that in the end... And that is assuming that your form of ID is even accepted as a foreigner. In a different country, I literally just spent two days sending back and forth selfies holding my passport(!) to little success. And I guess the customer support reps could now just use the same photos to impersonate me elsewhere, since passport photos provide absolutely zero domain binding and are just about the dumbest thing still seeing widespread adoption.

I don't often use registration-free public Wi-Fis, but I love that they exist, and I would hate if they'd be taken away too. I also just transited at an airport that requires passport scans for Wi-Fi usage, and it feels so backwards.

Thanks for being honest about this, though. I was always wondering who all these people were that are seriously in favor of all this dystopian stuff. Would love to hear why you think that it's a net positive for society.

by lxgr

3/7/2026 at 2:14:24 PM

> What an incredibly short-sighted, dystopian view.

You do recognize that the person I kept replying to was not asking these questions in earnest, right? They were all carefully directed questions, specifically designed to confirm their world view. I played into it, because I think they're pitiful and hilarious. Serves them right. Their latest question about government criticisms completes the caricature perfectly. All they're missing is referencing or quoting Orwell.

> I live in a country that has mandatory SIM registration, and it's stopping exactly zero organized criminals – these can just pay a tiny bit more and buy burner phones and use out-of-country SIM cards – while it's making life more complicated and expensive for the average citizen.

Pretty much the same here to my understanding. There's no credible evidence I'm aware of that'd suggest the criminal use of phone networks decreased significantly thanks to these. It might have improved on the exhaustion rate of the numbering pool, but I don't think we were particularly close to exhausting it anyways. Most benefit I can think of is a chance at traceability, but how well realized vs abused that is, no idea. Just like with IP leasing described in the article above, enlisting the help SIM mules has a long standing tradition, after all.

Any addressing system that relies on non-cryptographic identifiers will be prone to all kinds of mass misuse. There's no amount of lawmaking, honest or not, that could be implemented to counteract these. It's just like email.

> Thanks for being honest about this, though.

Except I really wasn't, and I find it both remarkably funny but also extremely concerning how on board you guys are with it. Propaganda and culture sure are powerful.

The current ways of identity verification are broken, and are prone to enable surveillance: this is something I fully recognize. What I refuse to recognize however is that the concept of identity verification would be wrong wholesale. There was another thread on here a few days ago that I did comment on, but the bottom line is, in my understanding there's no mathematical reason that things would have to be this way. Its shortcomings, including its enablement of mass surveillance, are an implementation issue, not something fundamental to the idea per se.

Being able to trust that a stranger you're talking to is

- an actual specific person

- is actually a stranger

are bottom of the barrel human expectations that communications technology have completely shattered. Technologically guaranteeing these, to the extent the analog hole problem allows for it, does not require dystopian practices. I'm confident that the lack of these guarantees is the root of many societal problems we see at large today. For better or for worse, a lot of people live a lot of their lives on the internet these days, but the internet is no hospitable place for them, among else for these exact reasons.

Accountability is a good thing. I refuse to let it be monkey paw-d by people who mean unwell into being recognized as a tool for evil, and I think you should too. Trust being abused by a centralized system does not mean trust is wrong. It means there are abusers at the wheel. The solution is not mistrust, or even systems that require less trust necessarily, although both can be useful. The solution is reworking the system to get more trustworthy people into the leading positions, and to make it so that those who have demonstrated to be not deserving are thrown out more readily. It is most unfortunate that this listing is ordered exactly by difficulty, from easiest to hardest. Trust is easily broken, and human systems are impossibly hard to get right. I don't think this justifies giving up though.

by perching_aix

3/7/2026 at 2:29:29 PM

If you believe accountability is so important, why do you post here with a pseudonym and blank profile?

by gzread

3/7/2026 at 2:31:57 PM

My profile is not blank. You can page through all my comments, posts, and favorites to your liking.

Did you actually bother to understand what I said by the way? Are you able to formulate a post that isn't just a bare minimum asinine rhetorical question?

by perching_aix

3/7/2026 at 2:37:04 PM

Other users who care about accountability publish their full name, email address, and sometimes phone number in their profile stat page. You don't.

If accountability is so important, why don't you share your identity here?

by gzread

3/7/2026 at 2:47:36 PM

Because unlike you, I understand what I wrote.

Lots of text, I know. Relevant passage:

> The current ways of identity verification are broken, and are prone to enable surveillance: this is something I fully recognize. What I refuse to recognize however is that the concept of identity verification would be wrong wholesale. There was another thread on here a few days ago that I did comment on, but the bottom line is, in my understanding there's no mathematical reason that things would have to be this way. Its shortcomings, including its enablement of mass surveillance, are an implementation issue, not something fundamental to the idea per se.

The referenced thread: https://news.ycombinator.com/item?id=47201158

Put into more exact terms, your way of wanting to verify my identity is the same one you criticize governments and businesses for doing. It is not one I think is a good idea either, despite how you're trying to present this. I just retain the opportunity for there being other, better ways, whereas you don't.

Mind you, there's no reason to think that those who do publish such information do it because they're here to champion accountability. Note the type of forum this was originally supposed to be. It's in part a place for self-advertising. Many contact details you find on bios are visibly and explicitly HN specific.

by perching_aix

3/7/2026 at 9:50:24 AM

Haha, nice, I run something similar.. But more manualy managed and I put those bans pernametly. Currneltly, there are 1360 blocks in drop list and growing. I never really remove them, because even those leased blocks move from one spam/abuse operator to another, so no big loss.

And indeed, if people would fight w/ spam/abuse better and more aggresivly, the problem would be much smaller. I dont care anymore, In my opinion Internet is done. Time to start building overlay networks with services for good guys...

by Borg3

3/7/2026 at 2:44:06 AM

If you actually wanted your site or service to be accessible you’d run in to issues immediately since once IP would have cycled between hundreds of homes in a year.

IP based bans have long been obsolete.

by Gigachad

3/7/2026 at 2:54:16 AM

No, no they haven't. A bad behaving network still has to answer to 2-3 bad IPs, and if it doesn't.. it's obsolete.

https://news.ycombinator.com/item?id=47246044

by gnabgib

3/6/2026 at 11:43:36 PM

For people that implement it there's less than three people who use it, or agencies supporting it

by abofh

3/7/2026 at 2:14:22 AM

CGNAT? That's definitely not true. There are whole towns that have to share one IP address. They're mostly in the third world.

by gzread

3/7/2026 at 1:23:13 AM

> can accept that as the cost of security sometimes

And corporate IT wonders why employees are always circumventing "security policies"...

by ronsor

3/7/2026 at 1:47:27 AM

Additional explanation: this is primarily a personal setup.

There would be a lot of refinement and contingencies to implement something like this for corporate / business.

Having said that, I still exist on the ruthless side of blocking equation. I'd generally prefer some kind of small allow list than a gigantic block list, but this is how it's (d)evolved.

by BLKNSLVR

3/7/2026 at 1:52:50 AM

How is this better than blocking after a certain quantity in a range of time instead?

Single queries should never be harmful to something openly accessible. DOS is the only real risk, and blocking after a certain level of traffic solves that problem much better with less possibility of a false positive, and no risk to your infrastructure, either.

by cortesoft

3/6/2026 at 11:41:19 PM

I perma-ban any /16 that hits fail2ban 100+ times. That cuts down dramatically on the attacks from the usual suspects.

by kevin_thibedeau

3/6/2026 at 11:45:52 PM

I haven't manually reviewed my lists for a while, but I did similar checks for X IP addresses detected from within a /24 block to determine whether I should just block the whole /24.

Manual reviewing like this also helped me find a bunch of organisations that just probe the entire IPv4 range on a regular basis, trying to map it for 'security' purposes. Fuck them, blocked!

P.S. I wholeheartedly support your choice of blocking for your reasons.

by BLKNSLVR

3/7/2026 at 12:23:31 AM

> bunch of organisations that just probe the entire IPv4 range on a regular basis

Yep, #1 source of junk traffic, in my experience. I set those prefixes go right into nullroute on every server I set up:

https://raw.githubusercontent.com/UninvitedActivity/Uninvite...

#2 are IP ranges of Azure, DO, OVH, vultr, etc... A bit harder to block those outright.

by kees99

3/7/2026 at 7:24:51 AM

In my servers I dont have IPv4 at all, just IPv6 only.

On the plus side, it does not waste CPU cycles used to block unwanted IPv4 traffic.

by miyuru

3/7/2026 at 11:37:55 AM

That helps a bit, true.

But not that much, unfortunately. Those same "cYbeRseCUrITy" orgs also ingest SSL transparency logs, resolve A and AAAA for all the names in the cert, then turn around and start scanning those addresses.

In my experience, it only takes a few hours from getting an SSL certificate to junk traffic to start rolling in, even for IPv6-only servers.

Small percentage of that could be attributed directly, based on "BitSightBot", "CMS-Checker", "Netcraft Web Server Survey", "Cortex-Xpans" and similar keywords in user-agent and referer headers. And purely based on timing, there's a lot more of that stuff where scanners try and blend in.

by kees99

3/7/2026 at 7:19:50 AM

> trying to map it for 'security' purposes.

Yes. Fucking censys and internet-measurement and the predatory "opt-out" of scans. What about opting-in to scan my website? Fuck you, i'm blocking you forever

by efilife

3/7/2026 at 12:18:58 AM

Sounds like a great idea until you ever try to connect to your own servers from a network with spammy neighbors.

by lxgr

3/7/2026 at 1:03:41 AM

Back in the day - port knocking was a perfect fit for this eventuality.

Nowadays, wireguard would probably be a better choice.

(both of above of course assume one is to do a sensible thing and add "perma-bans" a bit lower in firewall rules, below "established" and "port-knock")

by kees99

3/7/2026 at 11:20:33 PM

Anything important requires wireguard, you can use that on any personal device. For situations like plex from the hotel TV on vacation, I have a workflow that lets me quickly whitelist a client with my firewall specially for access to plex.

by xnyan

3/8/2026 at 9:57:31 AM

Not everything "requires" Wireguard. Wireguard is great, and I use it myself for many things, but it's totally fine to expose some services to the public Internet.

by lxgr

3/7/2026 at 1:02:15 AM

Good network admins have contingencies for contingencies for contingencies.

by BLKNSLVR

3/6/2026 at 11:26:37 PM

Nice, thanks for the link. Good to be ruthless about those things when you can.

by observationist

3/7/2026 at 12:23:29 AM

How often do you ask for probes or scans?

by paulddraper

3/7/2026 at 9:32:23 AM

Do you have two middle initials, both starting with d?

by BLKNSLVR

3/7/2026 at 11:37:27 PM

Like most people, I have one middle initial.

by paulddraper

3/8/2026 at 12:37:48 AM

Apologies, bad joke. I thought the context was good enough.

by BLKNSLVR

3/7/2026 at 3:50:09 AM

Renting /24s by the hour is like a motel room rented by the hour. You know some shit is going on in there.

by pigggg

3/7/2026 at 10:19:50 PM

> We're talking about paying to get IPs delisted from spam blacklists, choosing arbitrary geolocations with no validation, buying "unattributable" white-labeled address space, and renting residential IPs that make traffic look like it's coming from someone's house.

Sounds pretty good from a privacy point of view, and a natural response to big tech and governments trying to fingerprint and track everyone.

by drnick1

3/6/2026 at 11:06:56 PM

Hard to take much of this too seriously, since there are total misrepresentations like this:

> Their automated reputation management system actively maintains the "cleanliness" of leased IPs, ensuring they don't end up on blacklists — which is a polished way of saying they launder IP reputation as a service.

No, as someone who leases some unused blocks via IPXO the entire point of the reputation management system is to centralize abuse reports for them to respond to so they get categorized, tracked, and handled. If more than a few come in the lease gets canceled as that’s against the AUP. I’ve had folks lease a /24 and try some dirt with it, only for IPXO to pull the route within hours. Far faster than I could have responded.

As an ip holder I don’t want my resources being abused and added to blocklists so this is important to me. I do indeed plan on taking them off the market for my own use as my IPv4 usage needs increase over time. Until then, leasing them was a way to be able to justify the money spent acquiring some blocks before I got entirely frozen out forever by the hyperscalers and giant companies of the world eating practically every large block they could get their hands on.

It’s future proofing my digital sovereignty. IPv4 scarcity is used by the AWS of the world to reduce competition and choice.

Geolocation is such a stupid game as it is. I’m in strong support for anything that makes it even more obviously worthless. It’s been gamed by those with the skills and access since it first existed. The internet would be a better place without it.

The Whois database stuff is actually a decent point, and I’m working on some ways to automate RIR registration this weekend as chance has it.

From time to time I do indeed check where my blocks get advertised and utilized. One /22 right now is being used by a broadband ISP in Europe - and via nmap, traceroute, and BGP looking glass it appears to be legitimate, or at least quite well faked. The other blocks are colo and dedicated server providers competing with AWS/GCP/etc. Who knows what those customers are doing with them - probably a mix of good and bad like everything on the Internet. Functioning as-intended imo. If I'm helping reduce the need for CGNAT and helping a small company stand up to the giant tech conglomerates eating the world I'm calling it a job well done.

by phil21

3/7/2026 at 12:06:59 AM

Sounds like making IPv6 more commonly used is part of the solution.

Reduce the importance of IPv4 and the stranglehold of big conglomerates is forcibly relaxed (in this context at least).

I don't like that I've ignored IPv6 for so long that now it feels overwhelming to have to try to grasp. That may be true for a lot of networking folks for whom IPv4 is written in their DNA, given the incredibly slow uptake of IPv6.

by BLKNSLVR

3/7/2026 at 8:50:57 AM

> now it feels overwhelming to have to try to grasp

Here's a dirty secret: It's just like IPv4, except with longer addresses and slightly different autoconfig. :-) (Well, you don't have the legacy of classful addressing and non-contiguous netmasks and stuff, but I don't really think most people care much about that in the IPv4 world either.) Getting up to speed is, thankfully, simple.

by Sesse__

3/6/2026 at 11:22:11 PM

I agree with 100% also as an IP space owner.

by _zoltan_

3/7/2026 at 3:25:04 AM

You say this, about AWS using IPv4 scarcity for lock-in, but IPv4 prices have been falling for years.

If you want to buy space and auction it off to lessors, more power to you. I don't think there needs to be a moral dimension to it one way or the other. The RIR system was also not good.

by tptacek

3/7/2026 at 7:04:11 PM

Are these problems we want to fix?

A direct example of this is the situation of Spain and soccer.

by malklera

3/7/2026 at 3:23:04 AM

It's like selling shell companies, or buying passports.

This extends to IP proxies and yes VPNs. The issue with the latter is that they psyop some genuine users into using the tech for dumb reasons like less gaming latency so that they have plausible deniability

by TZubiri

3/7/2026 at 9:53:08 AM

sourcing crises, industry is currently split into two camps: The 'Dark' Supply Chain: SDKs hidden in flashlight apps, cracked IoT devices (Kimwolf), and malware. The user has no idea they are a proxy. This is unsustainable and, frankly, unethical. The 'Ethical' Supply Chain: Bandwidth sharing apps (like Honeygain, Pawns, etc.) where the user knowingly installs the software in exchange for payment. The problem is that Camp #1 is cheaper to run, so it floods the market with 'cheap residential IPs.' Camp #2 requires paying the end-user, which raises the floor price. Until buyers stop chasing the absolute lowest price per GB, the incentive for 'malware proxies' remains. The solution isn't just router-level blocking (which creates false positives for legitimate P2P), but transparency in sourcing. If a provider can't tell you how they acquired the IP, it's likely stolen.

by xunairah

3/7/2026 at 3:39:08 AM

> The "exhaustion" isn't a technical crisis. It's a landlord problem.

> These aren't niche services. They are the backbone of how major VPN and proxy providers operate.

> This isn't datacenter IP space being labeled as residential — it's actual ISP networks being leveraged as proxy pipes

The "this isn't X, it's Y" construction is a bright red tell for AI slop. Posting AI slop is just bad manners.

by sjtgraham

3/7/2026 at 7:25:16 AM

Also, the "why it matters" and bullet lists that directly follow it. But I think this post was hand written to some extent then fed to AI for "polishing it up"

by efilife

3/7/2026 at 10:47:30 AM

This is an AI generated article.

by ting0

3/7/2026 at 12:19:18 AM

I'm sure that it's real nice to have the lack of IPs be a problem that only tangentially affect one's daily experience but try speaking to someone who lives in a jurisdiction that is de facto independent but because of a frozen conflict or some sort of political dispute that predates their birth can neither be assigned a TLD nor be a member of an RIR. There's a giant first mover advantage and the system devised to dish out IPv4 subnets is essentially a cartel. The secondary markets is the rational economic response in the face of a market that is monopolistic, poorly designed, and acts as an absolute gatekeeper to something that's fundamental to life in modern times.

The fact is that just because states and police really wish that 1 IP = 1 person but in reality that's hardly true. Residential and non-residential IPs are not really different. The resource is misallocated and what else does anyone expect? If investigations into actual criminal activity is solely based on IP addresses then it has always been one that is done incompetently. Sorry that the heuristic most convenient to the state isn't actually that great for what the state appropriated it to do. Whose fault is that? IP Geolocation is a massive backdoor whose purported efficacy has been used for geofencing warrants that basically make a mockery out of probable cause. It is also used for no good reason to help authoritarian nations and in the name of jingoism ends up inconveniencing people at the very least. My father spends 3-5 months out of the year in China and while there, he can't access his mortgage company and can't call them, can't renew his vehicle registration, can't check his gmail, and can't even purchase, but can nevertheless run, Turbotax. He's American, and there are hundreds of thousands of Americans overseas that find themselves in this awkward spot because of overreliance on one bad heuristic. So I have to pay his mortgage until he returns, every year for months, and also essentially while imitating him take care of a bunch of quotidian things that he can certainly do himself but since it's hard to teach a 65 year old man how to hop the GFW reliably, I have to go through this rigamarole. Imagine if I didn't have some cash set aside, or that I haven't paid for my own dwelling already. It certainly doesn't stop state actors from attacking when they want, but it sure makes it easy to pretend like you did something meaningful while in reality all you've done is inconvenienced your own customers. The system is broken, lamenting that fact isn't a good look.

The marketplace, in fact, is hardly a mess. It has competition, it has decentralized regulatory features, do you prefer all such deals go through say LET's massive thread on it instead? https://lowendtalk.com/discussion/160162/aio-ip-related-ipv4...

by jimz

3/7/2026 at 4:09:04 AM

The geoip blocking is so horrible. I cant do anything when in China… even other Asian countries are blocked by my services at home.

by thenthenthen

3/6/2026 at 10:40:01 PM

Good. GeoIP should be dead, and "IP reputation" should be meaningless garbage.

by ACCount37

3/6/2026 at 11:30:52 PM

IP Reputation is only as meaningful as the duration of ownership. If it's the same owner for years, then reputation is meaningful, and that should count; if it changes hands every 6 hours being assigned to VPS clients or whatnot, then make the reputation stick to the /24 owner, and so on, with varying degrees of scope and duration, so that the responsible party - the shady companies renting their IPs to bad people - actually have their reputations stick. Then block the /24 or larger subnets, or aggressively block all ranges owned by the company, isolating them and their clients, good and bad.

That sort of pressure can work. But then you risk brigading and activist fueled social media mobs and that's definitely no way to run the internet.

by observationist

3/7/2026 at 1:33:48 AM

What's the purpose of blocking them, anyway? Is it to make you feel good? To clean up logs? To reduce spam? With the residential proxy industry - which, I note, is directly boosted by such blocking practices and funnels money into organized crime - IPs don't mean a whole lot to those who can pay.

by gzread

3/6/2026 at 11:57:45 PM

100% agree with your point regarding long term ownership allowing for meaningful reputation.

I don't necessarily think that's 'no way to run the internet' or even 'no way to run anything', in that people can choose to whom they listen in regards to blocking, protesting, boycotting.

As long as none of the different groups of opinions are forced on anyone else, then pick and choose those you apply and those you ignore.

With my lists of blocking, I classify them, personally, into different tiers such as Basic, Recommended, Aggressive, and Paranoid when I apply the rules to other people's (family) setups - I'm the only one that uses Paranoid.

by BLKNSLVR

3/7/2026 at 12:24:30 AM

How do you protect against DDoS?

by paulddraper

3/7/2026 at 2:15:24 AM

Temporary blocks if and when you are actually being DDoSed, presumably?

by gzread

3/7/2026 at 3:42:59 AM

Large DDoS botnets will have hundreds of thousands of return-path-capable IP addresses. Your temporary blocks will have to be very sensitive (i.e. trigger on a relatively small number of requests within the time window) for an application-level DDoS to be usefully mitigated.

by johncolanduoni

3/7/2026 at 11:39:15 AM

So how does your other plan solve that?

by gzread

3/7/2026 at 4:23:55 PM

Once an IP in a botnet attacks someone, it ends up on a blocklist and can’t attack anyone else who uses that blocklist. This is a big part of Cloudflare’s DDoS model: if you attack one CF property (with non-volumetric DDoS) you will not be able to attack any others with the same bot for an extended period. This makes attacks to CF properties limited in scope and way more costly, because you have to essentially “burn” IP addresses after sending relatively little traffic.

by johncolanduoni

3/8/2026 at 1:23:01 PM

How long does it take for a whole major ISP, say Verizon, to get on your blocklist?

by gzread

3/9/2026 at 2:11:16 PM

Considering nobody blocks the entirety of Verizon, apparently a long time. You can act like this is some insane plan, but it’s happening all the time and while it can lead to annoyance for end users the internet chugs on. Which it wouldn’t if there was no way to mitigate DDoS other than rate limits.

by johncolanduoni

3/6/2026 at 10:05:55 PM

[dead]

by CloakHQ

3/7/2026 at 10:00:13 AM

> When you can pay to delist an IP from every major spam blacklist, those blacklists stop being useful.

Ohhh.... is that why I'm broke? /s

by nubinetwork

3/6/2026 at 11:22:50 PM

If only those services required age verification..

by mrbluecoat