nanog mailing list archives

Re: IPv4 Games

From: Jon Lewis via NANOG <nanog () lists nanog org>
Date: Sat, 16 Aug 2025 12:04:20 -0400


https://isc.sans.edu/diary/31136

You say this person is a developer, and it appears all it takes to claim an IP is to hit a link to a 1x1 pixel image 
from that IP. 
Is it possible this person has embedded their URL in software that’s used on many sites (i.e. a CMS or popular plugin 
for a CMS) or possibly has compromised some high traffic website(s) and quietly embedded their URL without disturbing 
anything else that would make the compromise apparent to the site owners?  It’s been a while since I’ve had firsthand 
experience with this, but I know the latter used to happen with some frequency (website is hacked and the owners are 
oblivious), and I assume it still does. 

Sent from my iPhone

On Aug 16, 2025, at 5:36 AM, Justine Tunney via NANOG <nanog () lists nanog org> wrote:

The server gets the IP address from the accept4() system call. It ignores
HTTP headers (e.g. x-forwarded-for) when determining the IP.

It's possible to claim IPs by embedding <img
src="//ipv4.games/claim?name=jart"> on a web page. My web server will
notice the Accept header wants an image and will serve a 1x1 transparent
gif rather than an html response. That's how I play the game:
https://justine.lol/

The whales normally don't do this. They usually have something like a Go or
Python script which sends bare minimal HTTP requests.

On Sat, Aug 16, 2025 at 2:21 AM Saku Ytti <saku () ytti fi> wrote:

Couldn't they just ensure that some popular pages that people visit
have a link to the claim?

You're not telling much how the ipv4.games works or what the requests
are like which makes it quite hard to speculate.


In the headers, do you see various user agents being used, and various
formatting and permutations of options?

On Sat, 16 Aug 2025 at 09:15, Justine Tunney via NANOG
<nanog () lists nanog org> wrote:

I operate an online service at https://ipv4.games/ that invites people

to

send http requests to my web server from a lot of different IP addresses.
In order to claim an IP, you need to successfully make a tcp three-way
handshake with a VM on Google's network.

Somehow a player in Europe named femboy.cat has successfully managed to
claim 20 million IPs, which is 9% of all IPv4 hosts according to Censys.

Does anyone have any idea how they're doing it?

Would anyone here be willing to be their North American rival?
_______________________________________________
NANOG mailing list

https://lists.nanog.org/archives/list/nanog () lists nanog org/message/MMCCEQKA4UPGGWFWEBWLYKHTYCAOQIZS/



--
 ++ytti

_______________________________________________
NANOG mailing list
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/PN6RSJUQ2QM6ZHGAZWSVCCEOFTK3UW7N/

_______________________________________________
NANOG mailing list 
https://lists.nanog.org/archives/list/nanog () lists nanog org/message/O5KFWOO7LQMKNWUVZQOUUSZPR22AIHRY/

Current thread:

IPv4 Games Justine Tunney via NANOG (Aug 15)
- Re: IPv4 Games Marco Moock via NANOG (Aug 15)
  - Re: IPv4 Games Justine Tunney via NANOG (Aug 16)
- Re: IPv4 Games Dan Mahoney via NANOG (Aug 16)
- Re: IPv4 Games Saku Ytti via NANOG (Aug 16)
  - Re: IPv4 Games Justine Tunney via NANOG (Aug 16)
    - Re: IPv4 Games Jon Lewis via NANOG (Aug 16)
    - Re: IPv4 Games joe hess via NANOG (Aug 16)
    - Re: IPv4 Games Alex via NANOG (Aug 16)
- Re: IPv4 Games Tarko Tikan via NANOG (Aug 16)
  - Re: IPv4 Games Justine Tunney via NANOG (Aug 16)
    - Re: IPv4 Games Tarko Tikan via NANOG (Aug 16)
    - Re: IPv4 Games Giorgio Bonfiglio via NANOG (Aug 16)
    - Re: IPv4 Games Dan Mahoney via NANOG (Aug 16)
    - Re: IPv4 Games Dan Mahoney via NANOG (Aug 16)
    - Re: IPv4 Games joe--- via NANOG (Aug 16)
    - Re: IPv4 Games Justine Tunney via NANOG (Aug 16)

(Thread continues...)