How to check for a valid public IP address?

Question

Consider a list of IP addresses as provided by the X-Forwarded-For HTTP header:

10.0.0.142 , 192.168.0.10 , 212.43.234.12 , 54.23.66.43

I would like to know which is the first publicly-accessible address in that list. I can look over them easily enough, but how can I tell which are publicly-accessible? It seems to me (my untrained eye) that 10.0.0.142 is a workstation, 192.168.0.10 is an internal proxy, and 212.43.234.12 is a publicly-accessible address being forwarded through the proxy at 54.23.66.43. Is there any way to calculate this in code?

My first intuition is that addresses that start with 10. or 192. are not publicly accessible, but http://simplesniff.com reveals my home IP address to be 192.117.111.61. Is there a formula for determining which addresses are public and which are reserved private? Note that even trying to ping the server in question might not help as some servers won't respond to ping, and also there might be an address on my local network which also matched the internal address.

Answer 1

Besides the original RFC 1918 space (which is now updated to RFC6890), there are several other blocks such as 192.0.2.0 that are not announced publicly. Furthermore, it's possible that someone has valid IPv4 space that just isn't announced in the public internet.

The simplest thing to do is telnet route-views.oregon-ix.net, login as rviews and look for yourself... for instance, this is some "192" space that's announced by AS7018 (AT&T)...

route-views>sh ip route 192.199.1.0
Routing entry for 192.199.1.0/24
  Known via "bgp 6447", distance 20, metric 0
  Tag 7018, type external
  Last update from 12.0.1.63 3w1d ago
  Routing Descriptor Blocks:
  * 12.0.1.63, from 12.0.1.63, 3w1d ago
      Route metric is 0, traffic share count is 1
      AS Hops 2
      Route tag 7018
route-views>

On the other hand, you'll see that 192.0.2.0/24 (ref RFC6890) is nowhere to be found...

route-views>sh ip route 192.0.2.0 255.255.255.0
% Subnet not in table
route-views>

Nor is 169.254.0.0/16 (or longer)...

route-views>sh ip route 169.254.0.0 255.255.0.0 longer
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is 128.223.51.1 to network 0.0.0.0
route-views>

Answer 2

RFC 1918 defines private IP address ranges. Have a look here.

From that document:

3. Private Address Space

   The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets:

   10.0.0.0 - 10.255.255.255 (10/8 prefix)

   172.16.0.0 - 172.31.255.255 (172.16/12 prefix)

   192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

Answer 3

Team Cymru provides a bogon reference for both IPv4 and IPv6 that you can use to filter out unassigned/reserved/private IP addresses - it's offered both as a simple list for well-known prefixes and also in a much larger list that includes space that is as-yet unassigned by RIRs.

They also run a BGP bogon server that you can request a free peering to - invaluable if you're unable to run a default-free zone to the internet.

Answer 4

There are a number of ranges that are reserved for various use cases. IANA has the authoritative and comprehensive list. It includes RFC1918, RFC6761 as well as more recent reservations like the 100.64/10 CGN block. If you find any addresses in there they are likely somehow used in a private network and should be discarded in favour of the others in search of the first public address.