I'm not making them up! It's what I see on the Chrome "status bar" (or whatever it's called now) and in the html.

1.2.3.8, 1.2.3.13, etc. I'm in a coffee shop at the moment, but when I get back I'll try and get a list of the IPs that are used. (The last digit is always quite small though.)

I wasn't entirely clear in my description of a "bogon" since the definition is a bit hazy. Some define it as unallocated address, and others define it as an address you shouldn't see in use. For example, if you get a packet supposedly from 192.168.1.1 (in private address space) on your public interface (i.e. has a public IP address), then some consider it a bogon.

Address space that hasn't been allocated by any of the RIR's (Regional Internet Registries like APNIC, RIPE, ...) are sometimes used without permission, and usually for nefarious purposes. These are also considered bogons since you should never see those addresses in use.

When you see a bogon, something is definitely wrong. It could be your service provider is misusing address space that hasn't been allocated to it, or it could be something far worse (malware, compromised network routers, ...).

The "Debogon Projects" and "Bogon Monitoring" are run by the various RIR's to find those who are squatting on misued address space, and also to get firewall sysadmins to no longer block the unused ranges. Usually, following the allocation lists of the RIR's is sufficient, but some folks don't update their firewall rules as often as they should.

http://www.ris.ripe.net/debogon/

http://www.ripe.net/ripe/docs/ripe-351

I see 1.2.3.4 all the time. It is clearly Sprint (in the U.S., mobile connection) doing it.

The urls have the same 'bmi' stuff mentioned above, apparently they are using a similar implementation.

I did a bit of searching and it seems a few different mobile carriers are doing this with the 1.2.3.0/24 range, but the important thing is they should not be doing it at all. It would break the Internet if everyone just used whatever address they felt like using.

Well if they are doing a mixed private/public net then it wouldn't be like the addresses are routable outside of their network. I've seen a number of clients which were essentially 'natted' behind the ISPs infrastructure. At its core the ISP gets all packets landing at their router and if they want to advertise an 'inside' route to 1.2.3.4 (or 10.0.0.1) that is something they could do successfully.

Yep, you're right; a net with mixed public/private addresses can certainly work well when done correctly. Unfortunately, it can also seem to work for some period of time when done incorrectly. The trouble is, most people don't grasp the ramifications of doing it wrong. I'm sure you understand the ramifications at least as well as I do, and probably a whole lot better, but for the sake of everyone else in the room...

When a network/ISP misuses unallocated address space by routing the traffic to something internal, this prevents the inside of the network/ISP from reaching those addresses normally. Unallocated address space can be allocated by the RIR's at any time, so misuse of unallocated address space results in parts of the Internet unreachable.

If some huge networks/ISP's (Comcast, Verizon, Sprint, ...) decided to misuse the address block allocated to you for some internal purpose, you'd be rightfully upset since it would prevent all users of those ISP's from reaching your service/servers. Now let's assume you're a new company and just got a new allocation of addresses from the RIR only to find out the users of major ISP's can't reach your service because the ISP's have already misused your address block for something internal on their networks. Yep, you'd be livid, and livid with good reason.

If you put a lot of work into your misuse of unallocated address space, all that effort could turn out to be wasted a few hours later when the block you misused gets allocated. To reach the newly allocated block, you'd need to redo all that work over again, correctly.

Yeah, I'd prefer they weren't doing content aware stuff (if they cared it would probably be optional, so I'm not surprised that they are doing it poorly).

I was mostly trying to confirm that it was the carriers and not malware or whatever.

Thanks for the links!

This is T-Mobile mangling stuff. They do some other things which are annoying, but not Internet breaking. It's a sub-optimal Internet experience, but pretty handy for what I want to do.