Computer NetworksNETWORKS

A first look in the misuse and abuse of the IPv4 Transfer Market – PAM 2020

The depletion of the unallocated IPv4 addresses and the slow pace of IPv6 deployment have given rise to the IPv4 transfer market, the trading of allocated IPv4 prefixes between organizations. Despite the policies established by RIRs to regulate the IPv4 transfer market, IPv4 transfers pose an opportunity for malicious networks, such as spammers and bulletproof ASes, to bypass reputational penalties by obtaining “clean” IPv4 address space or by offloading blacklisted addresses. Additionally, IP transfers create a window of uncertainty about the legitimate ownership of prefixes, which leads to inconsistencies in WHOIS records and routing advertisements. In this paper we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild, by synthesizing an array of longitudinal IP blacklists, honeypot data, and AS reputation lists. Our findings yield evidence that transferred IPv4 address blocks are used by malicious networks to address botnets and fraudulent sites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicates efforts to evade filtering mechanisms.

source

ipv4

Alice AUSTIN

Alice AUSTIN is studying Cisco Systems Engineering. He has passion with both hardware and software and writes articles and reviews for many IT websites.

One thought on “A first look in the misuse and abuse of the IPv4 Transfer Market – PAM 2020

  • On the graph at 19.58 where does the 40% come from ? I read this graph as showing 65% of transferred routed prefixes having at least one blacklist record.

Comments are closed.