In article <20180402150821.ga24...@cmadams.net> you write: >Once upon a time, Matt Hoppes <mattli...@rivervalleyinternet.net> said: >> Seeing as how 1.1.1.1 isn’t suppose to be routed > >[citation needed]
Look at the WHOIS info -- 1.1.1.0/24 is assigned to APNIC Research, and it says remarks: ++++++++++++++++++ remarks: + Address blocks listed with this contact remarks: + are withheld from general use and are remarks: + only routed briefly for passive testing. remarks: + remarks: + If you are receiving unwanted traffic remarks: + it is almost certainly spoofed source remarks: + or hijacked address usage. There's a comment at the top saying: descr: APNIC and Cloudflare DNS Resolver project descr: Routed globally by AS13335/Cloudflare descr: Research prefix for APNIC Labs So it's routed deliberately but it sure looks like an experiment. There's way too much equipment that treats 1.1.1.1 as magic for it to work reliably. Captive portals tend to use that address for the host you contact to log out. R's, John
