Malicious
players are misusing the secondary marketplace for Internet Protocol version 4
addresses, as per Lancaster University’s Vasileios Giotsas, Norway SimulaMet’s Ioana
Livadariu, and University College London’s Petros Gigis. In an online paper, they
explained how the depletion of IPv4 addresses saw RIRs establishing transfer marketplaces for
the addresses that were becoming more and more difficult to find.
Anyhow, they
said that the IPv4 marketplace has been badly regulated due to the following
factors.
- We lack widely adopted mechanisms of authenticating the ownership
of IP prefixes
- Inconsistent contract-related requirements between allocated and
legacy address space
- Policy incongruities among RIRs
Consequently,
malefactors who attempt to get around legal IP address ownership processes have
started targeting IPv4 address transfers for misuse and fraud.
Those
who misuse the process perform things such as utilizing ‘clean’ Internet
Protocol addresses through which they could host fraudulent websites or
botnets.
The
authors said that it is possible to do the following before making an idea
about what occurs to Internet Protocol version 4 addresses after those are
purchased and sold.
- Access address transfer-related data from RIRs
- Map the ranges of IP addresses against known AS (autonomous
system) numbers
- Establish a connection between all that and border gateway
protocol (BGP) activity
The
paper has come up with not-so-pretty conclusions. The authors discovered that
for over 65% of the address transfers, there seem to be transaction dates and
origin ASes inconsistent with their transfer reports. On the other hand, 6% of
ROAs got stale following the transfer in the IP market for several months.
The
results show poor resource management activities that can enable malicious
activities, like hijacking attacks, plus even cause connectivity problems
because of the filtering mechanisms based on IRR or RPKI.
ASes in
the market show malicious behavior that is consistently higher than the other ASes,
even after considering factors like network span and business models, said the authors.
They added that their findings are possibly a lower malicious activity bound
from inside transferred addresses because numerous transactions may happen
without the RIRs being notified of it.
The
authors expect that their work would aid registries and other parties in doing
better. They feel that those insights can have the
following effects.
·
Inform the conversations and creation
of policies about IPv4 market regulation
·
Aid brokers and operators in
conducting due diligence in a better-informed way to avoid the transferred IP address
space’s misuse or unintentionally supporting malicious players.