Misuse and abuse of IPv4 addresses

Larus Team 2020-12-03 05:39:06 ipv4 ipv4transfer

According to Vasileios Giotsas, lecturer at Lancaster University, University College London research and teaching assistant Petros Gigis, and Ioana Livadariu, a postdoctoral fellow at the Simula Metropolitan Center for Digital Engineering in Norway, malicious behaviours are exploiting the secondary market for IPv4 addresses. In a recent paper entitled ‘A first look at the usage and misuse of the IPv4 Transfer Market’, the researchers clarify how IP address depletion has resulted in regional Internet registries developing transfer markets for increasingly difficult-to-find IPv4 addresses.

"Due to the lack of widely adopted IP prefix proprietary authentication mechanisms, inconsistent contractual requirements between legacy and allocated address space, and policy inconsistencies between the Regional Internet Registers (RIRs), the IPv4 market has been poorly regulated,” the researchers wrote. "As a consequence, IPv4 transfers are now the target of waste and abuse by fraudsters who are trying to override legal IP ownership processes." Those who misuse the process are using "clean" IP addresses from which to host botnets or fake pages.

The writers clarify that they have been able to access data on the transfer of addresses from the Internet registries, map the range of addresses against known Autonomous System Numbers (AS numbers), compare all this with border gateway protocol operation, and finally create an image of what happens to IPv4 addresses after they are purchased and sold.

From the paper’s findings, researchers found out there are more than 65% of the IP transfers, the origin of the ASes and the dates of the transaction are not correspondent with the transfer reports, while 6% of the Route Origin Authorizations (ROAs) have been stalled for period of time after the transfer. Besides, the authors claim the best poor resources management practices stimulate the fraud activities such as hijacking attacks or lead to connectivity issue due to increasing deployment of RPKI-based or IRR-based filtering mechanisms based on their findings.

It is getting worse: "Asses participating in the transfer market have consistently higher malicious conduct relative to the rest of the ASes, even if we take into account factors such as business models and network duration," the three authors said, adding "Our studies are likely to be a lower bound of malicious activity from within the transferred IP addresses, as a number of transactions may occur without having occurred.

‘We believe that these insights can inform the debates and development of RIR policies regarding the regulation of IPv4 markets, and help operators and brokers conduct better-informed due diligence to avoid misuse of the transferred address space or unintentionally support malicious actors. Moreover, our results can provide valuable input to blacklist providers, security professionals and researchers who can improve their cyber-threat monitoring and detection approaches, and tackle evasion techniques that exploit IPv4 transfers,’ the researches wrote.

Source:The Register

Hot Reading

What is a Dedicated Server?

infrastructure service 2020-10-12 02:00:33

A dedicated server will actually gives you maximum output for all your applications because it enables your owner to have direct access to it and its resources.

Benefits of Using Dedicated Server Hosting

serverhosting dedicatedserver dedicatedserverhosting 2020-10-16 08:22:49

Some corporations are facing with a wide range of choices for hosting their website, web application, or mail server.

Why you need an IP address?

IPv4 2022-07-28 08:39:57

An IP address is a critical piece of your online presence. It's how your device is identified and connected to the internet.

IPv4 lease price 2023

leaseipv4 2022-02-24 06:48:12

It's important to recognize that IPv4 lease prices vary across the market. Here, we delve deeper into the details.

Related Reading

How does VPS hosting work

VPS 2023-12-07 09:35:57

Virtual Private Server (VPS) hosting has emerged as a versatile and efficient solution for businesses and individuals seeking greater control, flexibility, and performance for their websites in the ever-changing web hosting landscape.

How secure is a VPS

VPS 2023-11-30 14:11:56

Exploring the security features of a VPS is critical to understanding its dependability in protecting your data and operations.

What is the use of VPS

VPS 2023-11-23 04:45:51

A virtual private server (VPS) is a virtualized server that is produced by splitting a real server into many isolated virtual environments.

What is APNIC

APNIC 2023-11-16 13:06:10

The Asia-Pacific Network Information Centre (APNIC) is a critical pillar in the realm of Internet infrastructure, serving as the Asia-Pacific region's regional Internet address registry (RIR).

IP Address Blacklisting

IP address 2023-11-09 13:37:27

IP address blacklisting, or IP banning, is a way to manage access to websites and content on the internet. It involves preventing requests from certain IP addresses. This usually happens to IP addresses that have a history of spamming or illegal activities.

A Guide to Buy IPv4 Subnets Safely

Buy IPv4 Subnets IPv4 2023-11-03 06:50:39

Unlock the Secrets of Safely Buying IPv4 Subnets: Explore Our Comprehensive Guide to Secure Transactions and Maximize the Value of Your Internet Resources. Larus Network's Expert Insights Await.