IdeaWell

Project ideas from Hacker News discussions.

IP Addresses Through 2025

Original Article

Hacker News Discussion

📝 Discussion Summary (Click to expand)

1. Geopolitical and State-Linked Control of IP Resources

A central theme is the suspicion that nation-states, particularly China, are strategically acquiring IP blocks in Africa and other regions, often for large-scale automated (bot) operations. There is debate over the degree of government versus private involvement, with a strong consensus that the line is blurry in China.

  • tokyobreakfast: "China and India have been quietly buying up gobs of African IP blocks - most of which are used for botting operations... The real story here is China and India have been quietly buying up gobs of African IP blocks - most of which are used for botting operations. I see it in my server logs."
  • tokyobreakfast: "In the case of China, I believe it's government or CCP-controlled entities, and the end-game is something more nefarious. For India, IMO it's private industry. They're just trying to make a buck."
  • landl0rd: "China does not have a meaningful distinction between private industry and the state. She also maintains a level of surveillance and control, particularly in the IT world, that makes this hard with some level of government sanction."

2. The Collapse of IPv4 Prices and the Role of Cloud Providers

Many users were surprised by the sharp decline in the price of IPv4 addresses, which is attributed to market saturation, the effectiveness of technologies like Carrier-Grade NAT (CGNAT), and strategic shifts by major cloud providers like AWS from aggressive stockpiling to cost-passing, which reduced demand.

  • petercooper: "I was particularly intrigued by the ongoing tumbling of the price of IPs. After peaking in 2022, 'these days the low price of $9 per address is back to the same price that was seen in 2014.''"
  • Fiveplus: "The collapse in IPv4 transfer prices is what caught my eye here, dropping from a ~$55 peak in 2021 to a mean of $22 in early 2026... This validates my hypothesis that the run-up in 2020–2022 was an artificial scarcity bubble driven largely by hyperscalers. AWS was right up there stockpiling before they shifted their pricing model... Once AWS introduced the hourly charge for public IPv4 addresses... their acquisition pressure vanished."
  • JulianHart: "The CGNAT point is underrated. Carriers have zero incentive to move away from it - thousands of users per public IP, no transition cost... Makes sense the IPv4 price drop once mobile networks proved you can serve massive user bases with relatively few public addresses."

3. The Stalled Transition to IPv6 and Misconceptions About Security

A prominent theme is the frustration with the slow adoption of IPv6, driven by a debate over its necessity and security. Many users express a preference for IPv4 due to the perceived security benefits of NAT (Network Address Translation), which others argue is a misunderstanding and that stateful firewalls in IPv6 are equally effective.

  • dlcarrier: "I'm glad that IPv4 still seems to have a bit of life left in it... the NAT-by-default of IPv4 effectively means that I get the benefit of a default-deny security strategy that makes it impossible to accidentally directly connect anything to the internet."
  • johnmaguire: "IPv4 is not NAT-by-default... But that doesn't go away with IPv6 - the NAT does, the router doesn't, and the firewall shouldn't either... NAT is not the firewall."
  • bigstrat2003: "IPv6 is clearly better (no collisions between address space and thus no NAT requirement), and it's perfectly accessible to anyone who actually tries... The problem with the v6 transition is that people have very inaccurate views on one or both of those points (usually they falsely believe NAT provides security benefits, or they falsely believe IPv6 is a difficult thing to implement)."
  • autoexec: "IPv6 has failed at being better, being accessible, or both. Rather than punish people for failing to adopt something that isn't better or easy to get, either improve IPv6 so that it's actually attractive or admit defeat and start work on the next version that people will genuinely want."

🚀 Project Ideas

[CGNAT-Aware IP Reputation API]

Summary

  • [A service that provides real-time IP reputation scoring that understands CGNAT pools, not just individual IP addresses.]
  • [Core value: Enables platforms to filter malicious traffic from mobile carriers without blocking thousands of legitimate users sharing a single IP.]

Details

Key Value
Target Audience [Security engineers, platform moderators, email service providers, and fraud prevention teams at consumer-facing tech companies.]
Core Feature [API that ingests carrier CGNAT data and provides reputation scores for entire pools, distinguishing between a single attacker and an entire mobile network.]
Tech Stack [Rust (high performance), BGP stream data, MaxMind GeoIP, carrier network mapping, Redis (for real-time score caching)]
Difficulty [Medium]
Monetization [Revenue-ready: API calls per month + enterprise contracts for high-volume platforms (social networks, email providers, cloud services).]

Notes

  • [Addresses the pain point mentioned by JulianHart and wcfields: "Traditional detection assumed 1 IP = 1 user. CGNAT breaks that entirely - platforms can't aggressively filter mobile carrier IPs without blocking legitimate customers by the thousands."]
  • [High practical utility for combating spam, botting, and AI scraping mentioned in the original article that hides behind carrier IPs.]

[IPv6-First Security Configuration Wizard]

Summary

  • [A guided web tool that translates IPv4-centric network security mental models (NAT-as-firewall) into proper IPv6 firewall rules and ULA address schemes.]
  • [Core value: Solves the security paralysis preventing home users and small businesses from adopting IPv6 due to fear of exposing devices directly to the internet.]

Details

Key Value
Target Audience [Home lab enthusiasts, small business IT admins, and IoT manufacturers concerned about IPv6 security.]
Core Feature [Interactive configuration generator that outputs firewall rules (iptables/ufw) and network configs based on user input about their devices and desired access.]
Tech Stack [Python (FastAPI), React frontend, WireGuard tunnel integration, OpenWRT config generation]
Difficulty [Low]
Monetization [Hobby]

Notes

  • [Directly responds to dlcarrier's frustration: "I know that IPv6 can be made secure, but I don't have the background or research time to learn how to do so... I wouldn't be surprised if I never get around to working on it in my lifetime, as long as I can play around with electronics projects."]
  • [Demystifies the "NAT is not a firewall" debate mentioned by johnmaguire and cyberax by providing clear, actionable steps.]

[Legacy IPv4 Asset Reclamation Marketplace]

Summary

  • [A specialized platform that legally and technically assists in reclaiming and consolidating abandoned/legacy IPv4 blocks from defunct organizations to transfer to the open market.]
  • [Core value: Increases IPv4 supply efficiently by unlocking dormant address space, reducing the "grey market" price volatility and hoarding mentioned by hnuser123456 and rmoriz.]

Details

Key Value
Target Audience [LIRs, IP brokers, legal firms specializing in telecommunications, and network engineers managing legacy allocations.]
Core Feature [Automated WHOIS/RIR database crawler with legal workflow tools to track ownership and initiate transfer procedures for abandoned blocks.]
Tech Stack [Python (for scraping/analysis), PostgreSQL (for ownership records), Django (backend), Blockchain (optional for transparent transfer ledger)]
Difficulty [High]
Monetization [Revenue-ready: Commission fee on successfully reclaimed and sold IP blocks.]

Notes

  • [Addresses the market inefficiency described by hnuser123456: "Still people out there trying to re-route old abandoned ranges. There are still a lot of legacy ranges that belong to defunct organizations and never got properly sold."]
  • [Tackles the "hoarding" issue identified by rmoriz: "The shortage is caused by hoarding and RiR's not doing their job."]

[IPv6-Only Startup Viability Scorecard]

Summary

  • [A business intelligence tool that analyzes a startup's target market and technology stack to determine if launching as "IPv6-only" (with NAT64/DNS64) is viable, and calculates the potential cost savings on IPv4 infrastructure.]
  • [Core value: Lowers the barrier for new internet services to launch without IPv4, accelerating adoption and reducing reliance on the expensive IPv4 market mentioned by Fiveplus.]

Details

Key Value
Target Audience [Founders, CTOs, and product managers of early-stage startups building networked applications.]
Core Feature [Input your target user geography, device types, and required external dependencies; output a risk assessment and projected AWS/Cloud costs for IPv4 vs. IPv6-only architecture.]
Tech Stack [Node.js, Data visualization libraries (D3.js), Regional IPv6 adoption datasets (APNIC, RIPE), Cloud pricing APIs]
Difficulty [Medium]
Monetization [Revenue-ready: Freemium model (basic scorecard) + paid reports with detailed cost breakdowns and architectural recommendations.]

Notes

  • [Responds to autoexec's argument that IPv6 fails because it offers no benefit: "IPv6 has failed at being better, being accessible, or both."]
  • [Practical utility for patmorgan23's observation: "IPv6 is good candidate for new networks. This includes writing docs and eventually the education so IPv6 is the default."]

Read Later