Would somebody from T-Mobile care to comment?
On the 4th of last month our NetGear LB1120 LTE modem on T-Mobile was assigned an IP address of 18.104.22.168. That's in a netblock assigned to the United States military. Unsurprisingly: It didn't work. By the time I got T-Mobile on the line a modem cold start fixed the problem.
Wrote it off as an anomaly.
Then it happened again on the 24th, only this time it was 22.214.171.124. That one's in a netblock assigned to the UK Ministry of Defence. Said "To heck with this" and threw both netblocks into my router's BOGON list (see: "What's a bogon" at http://packetlife.net/blog/2009/jan/21/whats-bogon/), restarted the modem, got a normal T-Mobile IP address again.
Then it happened again yesterday morning (Sep. 1): 126.96.36.199. That one's in another U.S. military netblock. Tossed that network into the BOGON list and restarted the modem, but, as on the 24th, the modem wouldn't give it up right away. Eventually it did, only to return to one of the two previously BOGON-listed netblocks, then, eventually a netblock owned by the IETF (10.0.0.0/8, which was already on my network BOGON list, as it's a well-known illegitimate netblock).
Thinking perhaps T-Mobile had a bad actor on its network I spent nearly an hour on the phone with T-Mobile tech support. After being escalated twice I hit a brick wall with the CSR saying (paraphrased) "I have no way of telling what's going on. I'll push it up to our bug bounty people, but there's no guarantee they'll follow-up on it."
I messed with this for a goodly portion of the day, during part of which I was half convinced my modem had been compromised.
Eventually I discovered these IP addresses actually appeared to work, despite the fact they should not, and that they are NAT'ed back into legitimate T-Mobile IP space.
I suspect I know what's going on: It looks like T-Mobile's network engineers are using what they believe to be unused IP netblocks assigned to others to create "private" network space, then NAT'ing those back into T-Mobile's own network space.
Is this what's going on, T-Mobile?
Btw: Unlike the other three illegitimate netblocks I've seen, so far, 188.8.131.52/8 has an Autonomous System Number (AS668), so it could either be in-use or be put to use by the United States Military at any time.