Recently discovered the following two addresses in my DNS-filter, 26.26.26.1
and 26.26.26.2
. How can I confirm that these belong to? These are both public-ip addresses but seems to be owned by the US Military?
If I look at https://www.abuseipdb.com/check/26.26.26.2, it says it belongs to:
- ISP: DoD Network Information Center
- Type: Military
- Country: US.
What does this mean? As far as I’ve researched, its got something to do with Socks protocol? This Github repo I found seems to be using it too, but why is it used? If anyone knows, id very much appreciate your help.
I’m a bit confused because it does show the block is assigned to the US military but it has a high fraud score so I wonder if it’s leased or somehow being used by a bad actor. Also as you’ve already seen, some VPNs use it as a local IP like 192.168.1.1 for the VPN interface itself.
You probably found that old reddit post talking about shadowsocks?? I think that’s unlikely unless you keep that very old app version around. (But there could be other software you’re playing around with?)
These are large address spaces reserved in the early days of the internet. I have no idea if the DoD even uses that one actively. Maybe somebody repurposed that network? Maybe you operate an authoritative DNS server? Or you just got scanned by some random crawler looking for compromised systems or vulnerable IoT devices…
I found this additional info: https://blog.erratasec.com/2013/12/dod-address-space-its-not-conspiracy.html
Indeed, found that blog too after I posted. Blog explains it pretty well