20150108

Why are Some Cellphones Assigned to UK Ministry of Defense IP Address Range? (satire)

This post is only useful to computer nerds who know how to read email headers. If this post is over your head or causes you to believe conspiracy theories about corporations being in bed with the military of a friendly Western nation, then this post is not for you.

If you wish to skip my view on the topic, then here's the short version without my lengthy sarcasm: Ministry of Defense IP Address on My Phone

However, should you proceed to read what I've written, be warned that I have placed smilies to assure you where I am kidding.

YMMV

Originally I was going to title this post "Arbitrary Use of IP Addresses to Form CIDR Blocks May Be Common to Certain Wireless Carriers", but soon realized using more than seven words in a title would only bore people to death. :p

Even if my discovery confirmed only to me that Big Brother is sniffing our email packets on certain cellular mobile providers, then this isn't news at all. This has been known since the closer ties between Australia, Canada, New Zealand, the UK and the US were ratified with the intelligence agreement between these nations in the UKUSA Community, which has been known since 1973.;)

Also AUSCANNZUKUS is the Command, Control, Communication and Computers (C4) organization for united defense of these five nations (Five Eyes). 0_o

While espionage has two aspects to it, commercial and national security, the inadvertant use of one aspect of computer networking might expose a part of the private network of one corporation to the Internet if safeguards are not in place. :p

So let's take a closer look at what actually happened.

Today I was looking at an old email sent from one of my smartphones registered with a certain Canadian wireless mobility provider (CWMP) in gmail and found out how to access the email headers. What caught my eye was when I checked the IP addresses assigned to one of my smartphone by the CWMP's servers.

According to what I've been able to determine, that CWMP's servers assign two IP addresses to your smartphone.

One address identifies your phone to the world. It is in the range of 74.198.0.0 - 74.198.255.255 and is owned by the CWMP; the other address identifies you to the CWMP's server and is thus the internal IP address. It is in the range of 25.0.0.0 - 25.255.255.255 and was not owned by the CWMP.

Before I get to who owns the IP address range 25.0.0.0 - 25.255.255.255, it's internally used by the CWMP and will be different when your smartphone connects to the data servers for 2G/3G/4G. Usually, private networks consist of the following three ranges 10.0.0.0 - 10.255.255.255 to serve 16 million addresses; 172.16.0.0 - 172.31.255.255 to serve one million addresses; and 192.168.0.0. - 192.168.255.255 to server 64 thousand addresses. These numbers of addresses are a rough estimate, for the terms describing numbers consisting of "thousand" and "million" may be exchanged with the following numeric equivalents for accuracy, 1024 and 1048576.

If their servers are properly set up, then it will not broadcast to the actual owners of the IP address range 25.0.0.0 - 25.255.255.255 since it uses CIDR addressing and the NAT servers between the devices and the Internet give their public addresses, of which the 74.198.0.0 - 74.198.255.255 range is a subset.

For the actual owner of that address range is DINSA, Ministry of Defense, UK and is the "Computers" part of the C4 architecture, assigning IP addresses within that IP address range.

I'm sure the conspiracy theorists could draw implausible conclusions about this CWMP using UK defence network infrastructure at this point, but I feel that is an oversight the CWMP made in anticipation of having over 16 million customers sometime after 2014. ;)

However, as I have stated earlier, only this CWMP's servers assign each phone an internal IP address in the range 25.64.0.0 - 25.127.255.255 to handle over 4 million subscribers, provided the address mask is 255.192.0.0. However, this was true between June 2012 and August 8, 2012 according to email retained between those dates, and is representative of only one device out of a potential 4 million devices .

This means the CWMP has run out of private addresses in the range of 10.0.0.0 - 10.255.255.255 for over 16 million customers. Though, IPv6 provides unique local addresses to solve this problem.

Note also that the private internet IP address in the 25.64.0.0 - 25.127.255.255 range are dynamically assigned, i.e. the mobile servers assign a new number to a registered device everytime data is turned on. A data circuit between my IP address and that of a destination (plus.google.com at the IP address range 173.194.33.32/28) lasts as long as the device is within range of that cell tower. Then the data circuit is passed over to a second cell tower within range of my device. The same IP address for my device is used until I turn data off on my phone. When I again use data, a new IP address is assigned to my device.

FWIW the Bell network uses the private IP address range of 10.0.0.0 - 10.255.255.255 and most smartphones registered to them use a unique local address for each device.

Most likely, the CWMP's technicians have found the IPv6 learning curve so steep that they still rely on IPv4 addressing, for now. This is because of our use of the decimal system; not everyone can think in hexadecimal. ;)

This makes the smartphone a great tool to aid in IPv4-to-IPv6 translation. ;p

Update:

IMO the revelation by Edward Snowden tends to validate my analysis of the mentioned cellphone addresses. It may be due to DNS cache poisoning. Most likely, it is a result of a poor programming of a DNS server. If it turned out that the IP adresses in question arose out of DNS cache poisoning, then these IP addresses probably got "reassigned" sometime between now and almost forteen months ago. YMMV

Update 20150108:

DNS cache poisoning also led to IP address ranges originally assigned to Surrey Public Library to be also a part of a hotel in Whistler, probably proving that someone in the IT department adminstering that hotel's ip address range is the culprit.


Update history:
20140225.1921
20121108.2130
20121108.2331

Reference:

ECHR Fast-tracks Court Case on PRISM and TEMPORA (and VERYANGRYBIRDS?)
https://freedom-to-tinker.com/blog/axel/echr-fast-tracks-court-case-on-prism-and-tempora-and-very-angry-birds/

3 comments:

Radha Santadharma said...

Here's another anomaly:


Telus owns the PSI network since 2000.

$ host 154.11.2.185
185.2.11.154.in-addr.arpa domain name pointer leaf1.vancouver.psi.ca.

According to a whois of psi.ca, Telus contracts out internet security services to an American company in Idaho.

In short, this means Telus customers pay an American company rather than a Canadian one to ensure their network is secure, due to NAFTA.

IMO it's also because an American internet security company can underbid a Canadian one.

But further inquiry reveals this:

The ip addressrange 154.11.0.0 - 154.11.255.255 is actually registred to:

TEAM-AFRINIC

My guess is, Telus 'rents' the address range from Afrinic, specifically Team Afrinic based in the Mauritius.

Then again, it also means Team Afrinic might be aiding one of the Five Eyes, possibly Australia since Mauritius is closer than Canada is.

Also the network addresses in the 154.0.0.0 netblock are filtered e.g. Telus can use them without data leaking to Mauritius due to the use of a netmask of 255.255.0.0 to cover the 65.535 addresses from 154.11.0.0 to 154.11.255.255.

Likewise, the UK MOD address could be shared with the internal ones for the provider in Canada (Rogers?) because only 65,535 are used.

Stephen Kawamoto said...

I'm following up on the previous comment regarding the line that begins with "In short":

A whois of psi.ca notes two numbers with area codes 780 (Calgary, Alberta) and 647 (Ontario). Thus I retract my claim about the supposed company in Idaho and also retract my claim about Telus customers paying an American company.

Additionally, Mauritius is closer to Australia than Canada is.

Stephen Kawamoto said...

Proof of the ownership by Mauritius of Tents addresses:http://cqcounter.com/whois/ip/154.11.0.0.html