I felt like i was taking crazy pills
Posted by Thegoodstormtrooper@reddit | talesfromtechsupport | View on Reddit | 62 comments
I work tech support for X-ray devices.
I was helping a small, independent office troubleshoot connection issues with one of their machines. Nothing seemed unusual at first — until I remoted into one of their workstations and ran ipconfig.
Here’s what I saw:
- IP Address: 199.148.50.207
- Subnet Mask: 255.255.255.0
- Default Gateway: 199.148.50.1
I paused. Wait — that’s not a private IP range. I double-checked just to be sure:
Nope. Definitely a public IP.
This is a single-location office. There’s no reason they should be using public IPs internally — especially not across every workstation.
Things got weirder: outbound traffic was NATed. So they were using NAT internally while assigning public IPs to local devices.
I get even more curious and look up the whois on this and it is owned by the USDA.
I basically went through a rabbit hole of questioning myself a few times.
Never seen anything like this before. Not sure how or why they set it up this way.
The network itself is working fine so far.
The xray connection issues was due to a bad ethernet cable.
But the call made me feel like i was taking crazy pills.
funkmotor69@reddit
About 25ish years ago I started a job running the network, doing desktop support - basically the entire IT department - for a small agency. First off, they were running a 3Com router that was at least 5 to 10 years old at that point. I immediately started planning an upgrade, and went into the 3Com to look at their current config.
Y'all.
Every. Single. Device. On their network had a public IP address. Workstations, servers, printers...if it had an IP address it was public.
I swear I aged 10 years that day.
Anyway, I got them a new firewall/router and put them behind NAT. And I swore that if I ever met the guy who did their old setup in a dark alley some night, only one of use would leave alive.
odaiwai@reddit
I used to do consulting work for a company that had an app to give a 'proper' IP address. I noticed they were using
192.10.x.yand asked about it."Oh, we have double private networking here, we take it very seriously!"
"Whut?"
"Well, 10.a.b.c is a private non routable network, and so is 192.x.y.z, so we put them together..."
(It's Amazon now, it was something else before.)
Strazdas1@reddit
there are many who believe entire 192.x.x.x net is private. A lot of "tutorials" will tell you it is.
NorthAntarcticSysadm@reddit
Have seen this too many times. They have the public IPv4, so they are using them so they don't lose them.
Thegoodstormtrooper@reddit (OP)
I thought of that too until the WHOis said USDA.
Loko8765@reddit
So they didn’t own the public IPs… it works as long as they don’t need to communicate with that real public IP range. It’s fugly, of course.
Thegoodstormtrooper@reddit (OP)
Yeah their network is working fine.
They likely would never need to do bussiness with the usda or connect to those IPs so they might never run into issues but my question still is why is it setup this way makes no sennse.
Its almost like who ever setup the network just put in a address they thought was cool
Loko8765@reddit
Usually the people who put in cool addresses took 1.1.1.0 or 8.8.8.0. Probably the person who put it thought it was correct for some obscure reason.
Sofa_King_We_Todd@reddit
I know 8.8.8.8 and 8.8.4.4 are Google's public DNS, I've had to manually configure that in to check to see if the issue I'm dealing with is a DNS issue
Strazdas1@reddit
OpenDNS used to have 222.222.222.222 for a DNS server, but i think thats dead. at least its not one they show publicly now.
Elevated_Misanthropy@reddit
I once worked at an org that had their legacy servers on the public IPs for the University of Kentucky at Bowling Green. The root cause was a Novell textbook that used those IPs in its examples on how to deploy IPv4 adjacent to IPX/SPX.
By the time Internet access came about, all of the Novel infrastructure was long gone, but those IPs were on critical infrastructure servers, so it was easier to NAT things and let those servers age in place.
nondescriptzombie@reddit
There's a similar bug thanks to CodeExchange. Someone wrote an example that got used in 1000's of IoT devices, and now that same example has been sucked up by algorithmic chat bots and regurgitated again and again....
rhavenn@reddit
It works and as long as the do NAT on the outside AND never actually need to talk to those IPs on the public side it’s totally “fine” from a pure networking / routing perspective. More or less the person who set it up didn’t know what they were doing / was a newb.
I did it for awhile when I was getting my feet wet in the 90s doing SMB work and didn’t know any better.
Fun_Ocelot@reddit
I worked for a company that used 11.x.x.x for their IPs.
We had a really bad long path to the internet that as a majority of the network traffic was aimed at the IBM hosted CICS databases
I looked it up one day after I started learning about networking and was like *WHAT!*
FigglyNewton@reddit
Yeah as long as they don't do business with USDA they'll be fine. I work "adjacent" to IT and I've never heard of using public IPs. Is this like a common thing? Or is it a hang-over from 20 years ago or something?
Kell_Naranek@reddit
I've encountered it sadly many times at my current employer :( I swear the network team uses the bad drugs.
The worst part was discovering one of the largest MSPs in my country *DOES THIS* and uses a university's IP range, a university that is in my employer's field with many of their studies, and none of our production systems hosted at that MSP can reach that university, because they have added a second interface to all VMs to their "internal" network, that is using that university's public IP range.
steeldraco@reddit
Try more like... 35 years ago, maybe? 40? TCP/IPv4 is from like the early 1980s and I think even in the early versions had a distinction between private and public IPs.
I've seen it once before; when I started a job a few jobs ago they were all on 1.1.x.x subnets with static IPs for just about everything. Dumbest thing I've ever seen, and clearly set up by someone who didn't know how modern networking worked. I was too green to argue with them much at the time, but I did fix it when we went from GroupWise to AD. Those subnets were owned by the military so as far as I know it never impacted anything, but it was a damn weird choice.
nico282@reddit
Lol, someone thinked "I have 254 numbers, better start from 1 and then I'll go upwards so everything is in order"...
Z4-Driver@reddit
I don't know when those reserved private ip-ranges where created, maybe it was around the time the internet became wider available?
Anyway, the idea is that if you have a local network, you can use those private ip-ranges such as 192.168.x.y without having to register anything, as those ip-ranges don't get routed in the internet.
jlp_utah@reddit
These are defined by RFC1918, which was published in February 1996. You can read the text of the RFC here: https://www.rfc-editor.org/rfc/rfc1918. You may also want to look at the two RFCs obsoleted by 1918, which recognized the problem and proposed solutions as early as March 1994.
OinkyConfidence@reddit
Yeah; this happens a lot more than people know!
NorthAntarcticSysadm@reddit
Yeah, now that I reread that with a sober mind it really is weird. What was the thought process to use public IPs on a private network with NAT to the public Internet...
LongWalk86@reddit
Have not heard of many arrangements where you "use it or loss it" with IP's. You either own the space, or you lease it from someone and are paying them per address or block. If you really had to show them 'in use' you could do that by simply putting the IP's on virtual interfaces on a firewall and setting them to reply to pings and block all other traffic.
NorthAntarcticSysadm@reddit
Had a client that happened to. They had a /8, though only used /27. There was a clawback from ARIN going on at the time which required to show utilization. That /8 got chopped up and then handed out. They were compensated at a "fair rate".
rhavenn@reddit
Sure, but that’s 16.7million IPs of which they were using 32. I think that’s fair. I’ve never heard it be a problem for /24 or smaller and if you’re really using it then no one bothers you.
We own 2 /16s and a handful of /24s and it’s never been an issue. They are still heavily used both publicly and internally.
NorthAntarcticSysadm@reddit
Have only heard of large blocks being pulled back, have seen /24 go practically unused and nothing from ARIN.
Double-Exam-2689@reddit
Is it not a security risk to post their IP, subnet & gateway out in the open like that, and specifying that it is a public IP?
ms4720@reddit
They are using it behind a nat, the USDA was the owner and things will route to them on the internet
Reasonable-Rub2243@reddit
My LAN is similar. It's because I owned a class-C net from the olden days, then sold it, but never bothered to renumber.
WinginVegas@reddit
Many years ago I ran into a similar issue with a County who shall remain nameless.
What we needed was just a public IP endpoint to send traffic to which would then be routed internally to the server we installed at one department.
Their IT Director, in his infinite wisdom, decreed that the routine would not work (you know, address forwarding internally). So he held up the project for 7 months, bought an entire class B address range and then changed every device in t county to a new IP in that range.
We did offer to just set it up and see and if it failed, would work it out but he refused to spend 2 hours reconfiguring his firewall and router.
LexyNoise@reddit
I worked for a university, and every single machine, even general Windows machines on staff desks, had a public IP address with a manual assignment - no DHCP.
Of course they were firewalled, but it was still weird that my one and only IP address was 130.209.164.x
derKestrel@reddit
Glasgow University? I think I saw that one before.
redhairarcher@reddit
Seems common for universities. I worked for one that owns a similar neigbouring /16 chunk of public IP addresses and uses them for al internal IP addressing. Even their EduRoam 'public' wifi used a big part of these IP's.
LongWalk86@reddit
Yup, worked for MSU for a while and they had a /13, /14, and handful of /24's. UofM i think had a /12. But considering there ASN was 231, they got those subnets back when addresses seemed endless.
Thegoodstormtrooper@reddit (OP)
Thats was my first thought but i dug deeper and was more astounded,
DolanUser@reddit
When I was studying on a large public university at the end of 1990s and in parallel working in one of the institutes the whole uni was using public IP for pretty much every PC including our personal private computers in the student dormitories!! Only I think when I was leaving around 2003 they were switching to 10.x.y.z at least in the students' networks.
Yeah... g'ol times "there is enough IPs for everyone" ;)
But still there was no strange NAT/Masquarading etc straight out directly into the Internetz ahoi.
SteveDallas10@reddit
That’s how it was done in the early 1990s. NAT hadn’t been invented yet, and firewalls were a thing of the future.
mhkohne@reddit
Could be it was setup by someone who has just enough knowledge to make it work, not enough to make it right, OR it could be someone working too late, doesn't have all the private ranges memorized, and used the wrong range (probably with lots of copy/paste (when I did this, it was because I fat-fingerd the wrong value, then copy pasted it everywhere (so I didn't type it wrong, you see!)
AlexisFR@reddit
Laughsnin Daimler using 53.x.x.x everywhere in their internal networks!
bern1005@reddit
I once worked for a multinational that had more than 30 valid class B address ranges that had been acquired very early in the days of tcpip networking We only used "internal" IP addresses for nat of third parties (usually joint ventures) who were connected directly to us.
dog2k@reddit
sound like a vendor configured device. i've seen hardware being given public ip's so the vendor can remote to it. but THIS is NOT how it should be done (obviously).
cbftw@reddit
They aren't going to be able to connect to it if it's not publicly exposed and if they don't own the IP
Sneezegoo@reddit
I'm not an expert, but OP's story mentions outbound traffic. They would probably have access to the router and the ability to setup port forward rules right? I don't see why they would set static IPs if they didn't manage the network themselves.
cbftw@reddit
If the traffic is outbound from the device, it will get NATed at their edge. There's no need for public IPs inside their network. If for some reason the device was on their edge, it could accept incoming traffic, but they'd have to use an IP they owned or else their ISP would drop outgoing traffic from the device and incoming would go to the actual IP owner and not them
LongWalk86@reddit
How would that even work unless the IP was owned by the client and given to the vendor to configure? If the vendor assigned one of there IP's to a customers devices they would not be able to get to it as soon as it left there network.
pidarklab-yrinth@reddit
I saw a “smart IT guy” assigning crazy IPs through a router. He said it was to avoid hackers. 🤦♂️
Rubik842@reddit
A certain very large American based international oil company was wasting public IPs on their office phones while I was there. Couldn't believe it.
fresh-dork@reddit
one relatively well known company i worked used 25.x/8 - that's MOD, but to quote a coworker, "they don't have public ips, so who cares?"
_Ethel_Beavers@reddit
I did an assessment for a client that had 4 internal VLANs: vlan 1 - 1.1.1.0/24 Vlan 2 - 2.2.2.0/24 Vlan 4 - 4.4.4.0/24 Vlan 99 - 99.0.0.0/16
It was all NATted at some junk router, so not actually public IPs, but still.
RealUlli@reddit
Had that happen. Asked them about it. Got back, "we're a subsidiary of IBM. We got those assigned from their NOC."
That was back in 2007, when IBM still had their Class A.
redmercuryvendor@reddit
Any IP is a private IP if it's behind NAT.
You of course run the risk of weird behaviour if you start assigning internal devices the same IP as some public-facing service, but other than that you can use whatever you want (and if you really wanted you could probably write some funky routing rules to make that kinda work in some cases).
Go wild! Live dangerously! Use /0 as your mask and maybe assign 8.8.8.8 to your toaster! Nobody outside your network will know, anybody inside will be very confused (and probably blame the DNS).
paradizelost@reddit
I've seen similar many times where someone just picks a random ip and thinks they can use it. some times its ok sometimes its not, depends on what they pick and what they're conflicting with.
But as a heads up, as IPV6 gets more popular (probably in a decade or 2 lol ) pretty much everything is public ips with firewalls rather than NAT.
geolchris@reddit
There may or may not be a small business out there with an IP scheme of 176.12.0.xxx because I was young and dumb and maybe a little dyslexic...
Z4-Driver@reddit
Maybe, they started their network back at a time when it was purely a local network without any connection to the internet? As long as it's only local, it doesn't matter, what ip-range you take.
abqcheeks@reddit
As long as they never need to communicate with the legitimate owners of that ip range
Putrid_Promotion_841@reddit
We still have quite a number of clients (we are an MSP) with public addresses in their local network. Behind a firewall.
All clients that we have inherited. Very occasionally they can't access a specific website and you find out that it's address is in the range assigned to local PC's".
At one point we were probably responsible for the shortage of IPV4 addresses... Our accounts lady who used to put the order for a new line into the ISP used to fill in the ISP's form (fax days FYI) with the "number of computers" with the actual number of computers of the client.
ISP didn't seem to question that we kept ordering connections with 30, 50, 80 odd IP addresses. I presume they charged for them.
Support never questioned it and just enjoyed the plethora of available addresses they had to play with for a client. I only joined the dots up when she asked me in passing how many computers X client had. I saw the form over her shoulder and worked it out.
Shortly after we began migrating to another ISP and was able to return half the worlds IP addresses!
LongWalk86@reddit
Eh, that is nothing compared to the absolute hordes of IP's a lot of public Universities are holding on too. They will just throw an entire /16 at a public wifi project rather than spend the money on a little more firewall to handle the NAT and security rules.
AngryCod@reddit
I saw this at small businesses all. the. time. in my MSP days. Local network was set up by the owner's nephew or whatever and they barely had any idea what they were doing and used the "pulled it out of my ass" method of IP addressing.
Thegoodstormtrooper@reddit (OP)
This was my first thought. I asked out of curiosity and they said they have a 3rd party IT company.
That being said that IT company said they checked their network and said our machine was the cause of connection issues. In the end it was a bad ethernet cable so.
djdaedalus42@reddit
Well done not touching it. If you touch it you own it.
Thegoodstormtrooper@reddit (OP)
Nope i never touch things like this.
Ahindre@reddit
I've come across it too, working at an MSP. Like someone else said, it'll work until they need to access something that's on that IP range publicly (which may be unlikely), but someone really should re-IP their internal network.
How does it happen? Whoever initially set them up knew enough to be dangerous.