nach oben

Erschienen in:

2020 | OriginalPaper | Buchkapitel

A First Look at the Misuse and Abuse of the IPv4 Transfer Market

verfasst von : Vasileios Giotsas, Ioana Livadariu, Petros Gigis

Erschienen in: Passive and Active Measurement

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

The depletion of the unallocated IPv4 addresses and the slow pace of IPv6 deployment have given rise to the IPv4 transfer market, the trading of allocated IPv4 prefixes between organizations. Despite the policies established by RIRs to regulate the IPv4 transfer market, IPv4 transfers pose an opportunity for malicious networks, such as spammers and bulletproof ASes, to bypass reputational penalties by obtaining “clean” IPv4 address space or by offloading blacklisted addresses. Additionally, IP transfers create a window of uncertainty about the legitimate ownership of prefixes, which leads to inconsistencies in WHOIS records and routing advertisements. In this paper we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild, by synthesizing an array of longitudinal IP blacklists, honeypot data, and AS reputation lists. Our findings yield evidence that transferred IPv4 address blocks are used by malicious networks to address botnets and fraudulent sites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicate efforts to evade filtering mechanisms.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel To Filter or Not to Filter: Measuring the Benefits of Registering in the RPKI Today

Nächstes Kapitel Don’t Forget to Lock the Front Door! Inferring the Deployment of Source Address Validation of Inbound Traffic

RIPE Stat also provides access to Spamhaus DROP snapshots which we do not use because it covers only directly allocated address space.

IPv4 Market Group. https://ipv4marketgroup.com/broker-services/buy

PeeringDB. https://www.peeringdb.com

AFRINIC: IPv4 Resources transfer within the AFRINIC Region. http://bit.ly/2sFjUZu

Alieyan, K., ALmomani, A., Manasrah, A., Kadhum, M.M.: A survey of botnet detection based on DNS. Neural Comput. Appl. 28(7), 1541–1558 (2017)CrossRef

Anderson, T., Hutty, M.: Post depletion adjustment of procedures to match policy objectives, and clean-up of obsolete policy text. RIPE policy proposal, November 2013

APNIC: APNIC transfer, merger, acquisition, and takeover policy (2010). https://www.apnic.net/policy/transfer-policy_obsolete

APNIC blog, Huberman, D.: Seven steps to successful IPv4 transfers (2017)

APNIC blog, Huston, G.: IPv4 Address Exhaustion in APNIC (2015). https://blog.apnic.net/2015/08/07/ipv4-address-exhaustion-in-apnic

ARIN: ARIN Number Resource Policy Manual (Version 2010.1) (2009). https://www.arin.net/policy/nrpm.html

10.

ARIN: ARIN Number Resource Policy Manual (Version 2012.3) (2012). https://www.arin.net/policy/nrpm.html

11.

BadPackets: Cyber-Threat Intelligence: Botnet C2 Detections (2019). https://badpackets.net/botnet-c2-detections

12.

BinaryEdge: HoneyPots/Sensors (2019). https://www.binaryedge.io/data.html

13.

Böttger, T., Cuadrado, F., Uhlig, S.: Looking for hypergiants in peeringDB. ACM SIGCOMM Comput. Commun. Rev. 48(3), 13–19 (2018)CrossRef

14.

CAIDA: Inferred AS to Organization Mapping Dataset. http://www.caida.org/data/as_organizations.xml

15.

Cho, S., Fontugne, R., Cho, K., Dainotti, A., Gill, P.: BGP hijacking classification. In: 2019 TMA, pp. 25–32. IEEE (2019)

16.

Dainotti, A., et al.: Estimating internet address space usage through passive measurements. SIGCOMM Comput. Commun. Rev. 44(1), 42–49 (2013)CrossRef

17.

Edelman, B.: Running out of numbers: scarcity of IP addresses and what to do about it. In: Das, S., Ostrovsky, M., Pennock, D., Szymanksi, B. (eds.) AMMA 2009. LNICST, vol. 14, pp. 95–106. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03821-1_16CrossRef

18.

Heidemann, J., Pradkin, Y., Govindan, R., Papadopoulos, C., Bartlett, G., Bannister, J.: Census and survey of the visible internet. In: Proceedings of the ACM Internet Measurement Conference, pp. 169–182. ACM, October 2008

19.

Huberman, D.: Smarter purchasing of IPv4 addresses in the market. NANOG 68, October 2016. http://bit.ly/36H7LkJ

20.

Huston, G.: How Big is that Network? October 2014. http://bit.ly/367t6DD

21.

Huston, G.: IPv4 Address Report, October 2019. https://ipv4.potaroo.net

22.

Huston, G.: IPv6/IPv4 Comparative Statistics, October 2019. http://bit.ly/36G7sGN

23.

Livadariu, I., Elmokashfi, A., Dhamdhere, A.: On IPv4 transfer markets: analyzing reported transfers and inferring transfers in the wild. Comput. Commun. 111, 105–119 (2017)CrossRef

24.

Internet Archive: Wayback Machine (2001). https://archive.org/web

25.

IPv4 Brokers: IPv4 blacklist removal service. https://ipv4brokers.net/ipv4-sales

26.

IPv4 Market Group: IPv4 blacklist removal service. http://bit.ly/37dfDM3

27.

Konte, M., Perdisci, R., Feamster, N.: ASwatch: an as reputation system to expose bulletproof hosting ASes. ACM SIGCOMM CCR 45(4), 625–638 (2015)

28.

Kührer, M., Rossow, C., Holz, T.: Paint it black: evaluating the effectiveness of malware blacklists. In: Stavrou, A., Bos, H., Portokalidis, G. (eds.) RAID 2014. LNCS, vol. 8688, pp. 1–21. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11379-1_1CrossRef

29.

LACNIC: One-way interregional transfers to LACNIC (2017). http://bit.ly/369F5kd

30.

Lehr, W., Vest, T., Lear, E.: Running on empty: the challenge of managing internet addresses. In: TPRC (2008)

31.

Luckie, M., Huffaker, B., Dhamdhere, A., Giotsas, V., et al.: AS relationships, customer cones, and validation. In: Proceedings of the 2013 ACM IMC (2013)

32.

Torres, M.: Purchasing IPv4 space - due diligence homework. NANOG mailing list, March 2018. http://bit.ly/36L5Trg

33.

McMillen, D.: The inside story on botnets. IBM X-Force Research, September 2016

34.

Mueller, M., Kuerbis, B.: Buying numbers: an empirical analysis of the IPv4 number market. In: Proceedings of iConference (2013)

35.

Mueller, M., Kuerbis, B., Asghari, H.: Dimensioning the elephant: an empirical analysis of the IPv4 number market. In: GigaNet: Global Internet Governance Academic Network, Annual Symposium (2012)

36.

Myers, E.W.: An O(ND) difference algorithm and its variations. Algorithmica 1(1–4), 251–266 (1986)MathSciNetCrossRef

37.

NANOG 68, Potter, A.: How to Navigate Getting IPv4 Space in a Post-Run-Out World (2017)

38.

Nobile, L.: Who is accuracy. ARIN 39, April 2017

39.

Ramachandran, A., Feamster, N.: Understanding the network-level behavior of spammers. In: ACM SIGCOMM CCR, vol. 36, pp. 291–302. ACM (2006)

40.

Ramachandran, A., Feamster, N., Vempala, S.: Filtering spam with behavioral blacklisting. In: Proceedings of the 14th ACM conference CCS. ACM (2007)

41.

RAPID7: Project Sonar TCP Scans. RAPID7 Open Data (2019). https://opendata.rapid7.com/sonar.tcp

42.

RAPID7: Project Sonar UDP Scans. RAPID7 Open Data (2019). https://opendata.rapid7.com/sonar.udp

43.

Reddit Networking: What are your experiences with the IPv4 secondary market? March 2018. https://tinyurl.com/yyumhax5

44.

Richter, P., Allman, M., Bush, R., Paxson, V.: A primer on IPv4 scarcity. SIGCOMM Comput. Commun. Rev. 45(2), 21–31 (2015). http://bit.ly/3b2878QCrossRef

45.

Richter, P., Smaragdakis, G., Plonka, D., Berger, A.: Beyond counting: new perspectives on the active IPv4 address space. In: Proceedings of the 2016 ACM IMC (2016)

46.

RIPE: Routing Information Service (RIS). http://www.ripe.net/ris

47.

RIPE Labs, Wilhem, R.: Developments in IPv4 Transfers (2016). https://labs.ripe.net/Members/wilhelm/developments-in-ipv4-transfers

48.

RIPE Labs, Wilhem, R.: Impact of IPv4 Transfers on Routing Table Fragmentation (2016). http://bit.ly/30NCBHj

49.

RIPE Labs, Wilhem, R.: Trends in RIPE NCC Service Region IPv4 Transfers (2017). https://labs.ripe.net/Members/wilhelm/trends-in-ipv4-transfers

50.

RIPE Labs, Wilhem, R.: A Shrinking Pie? The IPv4 Transfer Market in 2017 (2018). http://bit.ly/2topCQ1

51.

RIPE NCC: Intra-RIR Transfer Policy Proposal (2012). https://www.ripe.net/participate/policies/proposals/2012-03

52.

RIPE NCC: Inter-RIR Transfers (2015). http://bit.ly/2v8kShV

53.

RIPE NCC: RIPE Stat Data API: Blacklists (2019). http://bit.ly/2SafbId

54.

RIPE NCC Address Policy Working Group: ASNs of organizations in reported IPv4 transfers. https://bit.ly/2v8Krzp

55.

Shue, C.A., Kalafut, A.J., Gupta, M.: Abnormally malicious autonomous systems and their internet connectivity. IEEE/ACM TON 20(1), 220–230 (2012)CrossRef

56.

Sinha, S., Bailey, M., Jahanian, F.: Shades of grey: on the effectiveness of reputation-based “blacklists”. In: 3rd International Conference on Malicious and Unwanted Software (MALWARE), pp. 57–64. IEEE (2008)

57.

Spamhaus: Don’t Route Or Peer List (DROP). https://www.spamhaus.org/drop

58.

Streambank, H.: IPv4 Auctions. https://auctions.ipv4.global

59.

WatchGuard Technologies: Internet Security Report: Q2 2019, September 2019

60.

Testart, C., Richter, P., King, A., Dainotti, A., Clark, D.: Profiling BGP serial hijackers: capturing persistent misbehavior in the global routing table. In: Proceedings of the Internet Measurement Conference, pp. 420–434. ACM (2019)

61.

UCEPROTECT: Network Project. http://www.uceprotect.net/en

62.

University of Oregon: The Route Views Project. http://www.routeviews.org

63.

VirusTotal: Online Virus Malware and URL scanner. https://www.virustotal.com

64.

Zhao, B.Z.H., Ikram, M., Asghar, H.J., Kaafar, M.A., Chaabane, A., Thilakarathna, K.: A decade of mal-activity reporting: a retrospective analysis of internet malicious activity blacklists. In: ASIACCS, pp. 193–205. ACM (2019)

65.

Zhauniarovich, Y., Khalil, I., Yu, T., Dacier, M.: A survey on malicious domains detection through DNS data analysis. ACM Comput. Surv. 51(4), 67 (2018)CrossRef

Titel: A First Look at the Misuse and Abuse of the IPv4 Transfer Market
verfasst von: Vasileios Giotsas
Ioana Livadariu
Petros Gigis
Verlag: Springer International Publishing
Buch: Passive and Active Measurement
Print ISBN: 978-3-030-44080-0

Electronic ISBN: 978-3-030-44081-7

Copyright-Jahr: 2020
DOI: https://doi.org/10.1007/978-3-030-44081-7_6

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"