this post was submitted on 10 Apr 2024
5 points (85.7% liked)

Privacy

4211 readers
37 users here now

A community for Lemmy users interested in privacy

Rules:

  1. Be civil
  2. No spam posting
  3. Keep posts on-topic
  4. No trolling

founded 1 year ago
MODERATORS
iopq@lemmy.world
5
How can I verify the ownership of an IP-address? - 26.26.26.x (lemmy.world)
submitted 7 months ago* (last edited 7 months ago) by LunchEnjoyer@lemmy.world to c/privacy@lemmy.world
3 comments fedilink hide all child comments
 

Recently discovered the following two addresses in my DNS-filter, 26.26.26.1 and 26.26.26.2. How can I confirm that these belong to? These are both public-ip addresses but seems to be owned by the US Military?

If I look at https://www.abuseipdb.com/check/26.26.26.2, it says it belongs to:

  • ISP: DoD Network Information Center
  • Type: Military
  • Country: US.

What does this mean? As far as I've researched, its got something to do with Socks protocol? This Github repo I found seems to be using it too, but why is it used? If anyone knows, id very much appreciate your help.

https://github.com/PeterCxy/SocksDroid/blob/master/app/src/main/groovy/net/typeblog/socks/SocksVpnService.groovy

top 3 comments
sorted by: hot top controversial new old
[–] h3ndrik@feddit.de 3 points 7 months ago* (last edited 7 months ago) (1 children)

You probably found that old reddit post talking about shadowsocks?? I think that's unlikely unless you keep that very old app version around. (But there could be other software you're playing around with?)

These are large address spaces reserved in the early days of the internet. I have no idea if the DoD even uses that one actively. Maybe somebody repurposed that network? Maybe you operate an authoritative DNS server? Or you just got scanned by some random crawler looking for compromised systems or vulnerable IoT devices...

I found this additional info: https://blog.erratasec.com/2013/12/dod-address-space-its-not-conspiracy.html

[–] LunchEnjoyer@lemmy.world 2 points 7 months ago

Indeed, found that blog too after I posted. Blog explains it pretty well

[–] Syn_Attck@lemmy.today 3 points 7 months ago* (last edited 7 months ago)

I'm a bit confused because it does show the block is assigned to the US military but it has a high fraud score so I wonder if it's leased or somehow being used by a bad actor. Also as you've already seen, some VPNs use it as a local IP like 192.168.1.1 for the VPN interface itself.