Ask HN: What's the deal with overlapping NYC IPs?

17 points | by curiousnycips 34 days ago

10 comments

  • YaBa 34 days ago
    • godzillabrennus 34 days ago

      Either that or all these users are taking advantage of LinkNYC: https://en.wikipedia.org/wiki/LinkNYC

      • Zach_the_Lizard 34 days ago

        And all kinds of other public WiFi hotspots as well, e.g. coffee shops, WiFi in parks, etc.

      • corty 34 days ago

        Yes, this has been going on for years in the IP-address third world, i.e. everywhere but the US.

        Now can we finally have IPv6 please, now that even americans begin to hate the blighty NAT? ;)

        • saurik 33 days ago

          NAT in this context is preventing the ability for whomever this is to separate and track users. That is a good thing.

          • brianwawok 33 days ago

            Good for people trolling. Bad for users trying to run a message board.

          • ed25519FUUU 34 days ago

            How is ipv6 useful to the end users in this regard?

            • corty 34 days ago

              You can skip the NAT traversal in all protocols, so especially VoIP, video conferences and games will be less expensive, more reliable and simpler. And incoming connections will be possible, meaning all that smarthome stuff could get simpler, more reliable and more protective of users' privacy.

              Of course contacting a webserver will mostly be the same. Maybe some loadbalancers will be less confused, but I doubt an enduser will notice.

              • kobalsky 33 days ago

                > more protective of users' privacy

                are ISPs going to use https://en.wikipedia.org/wiki/Mobile_IP though? because with a roaming ipv6 address you will have a device identifier that you may not be able to change even when roaming. advertisers couldn't have wished for something better.

                • saurik 33 days ago

                  Or just get people to correctly implement and deploy PCP in their products, which also solves this problem without the privacy downsides.

                  • Spooky23 33 days ago

                    Lol.

                    Network operators will always find away to make you miserable.

            • zamadatix 34 days ago

              When people say pulbic IPs are "unique" they mean in the set of public IPs the same IP won't be handed out to two different entities not that each end user gets an IP that identifies them uniquely. There are only 2^32=~4.3 billion IPv4 addresses (a very good chunk of which aren't even publicly routed on the internet) so even if you wanted to it'd be impossible to assign IPs in such a way given the number of users on the internet.

              IPv6 doesn't allow you to make this assumption 100% of the time either even though it has 2^128. A /64 is not permanently assigned by an ISP - especially true for mobile services - nor is every end network guaranteed to be a /64, it was just a best practice recommendation. There could be thousands of /127s in a /64 instead. Same can be said of NAT66, it's discouraged but I'm sure some ISP somewhere will do it.

              Duplicate IPs for accounts can be one flag to help you look for other signs but it should be by no means proof of anything on its own nor a sign anything funky is going on with a region's internet.

              • wmf 34 days ago

                You can look up the IPs in WHOIS to find what ISP they belong to. It sounds like a NAT pool where tons of customers are being NATed to a small number (~128) of public IPs.

                • zxcvbn4038 33 days ago

                  NYC has a ton of street level internet kiosks and open wifi endpoints around, it’s common to have housing above store levels, and it’s common to freeload on them if you are lucky enough to be near one. That might be what your seeing, and as others have mentioned anyone using a cell phone is probably coming through a NAT gateway unless you support IPv6 on your edge.

                  Personally I’ve not been able to connect wirelessly to any of the street kiosks since about the second week of their existence. I still see the SSIDs advertised but I can’t negotiate a connection. I don’t know if that is because they are congested, broken, or that feature is switched off. I only have one near me but you can find them every block in some parts of Manhattan.

                  • Nextgrid 33 days ago

                    I wonder if they ban MAC addresses that spend too much time on the same kiosk for exactly this reason, to prevent people (who don't know how to work around it) from using it as their primary internet connection.

                    The purpose behind these is obviously advertising and I'm assuming that the most valuable data they are after is physical movement data and that it is valuable enough to subsidize the costs of running the system. However, if you don't provide them this data (by only using the service from a single fixed location) then they have nothing to gain from serving you.

                  • phyzome 33 days ago

                    1) They could be using café wireless from different cafés that are backhauled to the same data center (or LinkNYC as another commenter mentions.)

                    2) They could be using residential IPs, which are frequently reassigned. When my router restarts, I usually get a new IP address from the ISP's pool. This is more common for some ISPs and locations than for others; at my last place, we had the same IP address for 5 years.

                    3) Carrier-grade NAT, also mentioned here.

                    • Spooky23 33 days ago

                      Are they using LTE? We ran into a weird edge case issue a few years ago with Verizon wireless. They NAT and inspect everything, including rate limiting traffic the fit an abuse pattern. Weirdness happened more if the user was transmitting many packets when trAnsitioning between towers.

                      • mcint 34 days ago

                        It could be related to the volunteer/non-profit mesh network ISP nycmesh.net, another ISP NAT'ing connections.

                        It might have an unusual apparent topology, with mostly to entirely wireless backbone links based on line-of-sight. Although I think users you talked to would identify this possibility, e.g. your moderator.

                        • ohyeshedid 33 days ago

                          It could be several things, but it's most likely either CGNAT, or you're using a CDN and these are their ranges.

                          The first step should've been looking up the hostnames to see what you're dealing with.

                          • curiousnycips 31 days ago

                            > The first step should've been looking up the hostnames to see what you're dealing with.

                            Great point.

                            After looking up 29 of the IP addresses, it seems 28 of them (including all the overlapping IP addresses) are T-Mobile.

                            Among the 29 I checked, there is 1 IP address with a different hostname (Verizon). This address is unique and not shared with any other users.

                            Presumably all these forum members based in New York City are all also T-Mobile customers there, it seems?

                            > It could be several things, but it's most likely either CGNAT, or you're using a CDN and these are their ranges.

                            We do, but it's configured to pass the user's origin IP to our site, rather than the CDN's IPs.

                            • ev1 31 days ago

                              Geo IP for Verizon Wireless and T-Mobile are close to worthless; they effectively allocate from a nationwide pool.

                              If not more, hundreds of thousands of users share a single IP on T-Mobile, if you are talking about IPv4. They stopped handing out IPv4 a while ago. It's all v6 + CGNAT.

                              If it's web traffic and not arbitrary TCP TLS traffic, likely even more users share it as they cache web and run it through shared proxies.

                          • cfstras 34 days ago

                            CG-NAT, more specifically DS-Lite, is being used by lots of ISPs in Europe. In Germany, it has been the default for new consumer contracts for ~6 years now.

                          • belltaco 34 days ago

                            Can you tell us over what time frames do the IPs match in your stats?

                            • curiousnycips 31 days ago

                              For this user, the first IP address we have on record (mid-November 2019) matches this user plus two other users.

                              The latest matching IP address for this user was yesterday (July 6th, matching this user and one other).