Malicious players are misusing the secondary marketplace for Internet Protocol version 4 addresses, as per Lancaster University’s Vasileios Giotsas, Norway SimulaMet’s Ioana Livadariu, and University College London’s Petros Gigis. In an online paper, they explained how the depletion of IPv4 addresses saw RIRs establishing transfer marketplaces for the addresses that were becoming more and more difficult to find.
Anyhow, they said that the IPv4 marketplace has been badly regulated due to the following factors.
- We lack widely adopted mechanisms of authenticating the ownership of IP prefixes
- Inconsistent contract-related requirements between allocated and legacy address space
- Policy incongruities among RIRs
Consequently, malefactors who attempt to get around legal IP address ownership processes have started targeting IPv4 address transfers for misuse and fraud.
Those who misuse the process perform things such as utilizing ‘clean’ Internet Protocol addresses through which they could host fraudulent websites or botnets.
The authors said that it is possible to do the following before making an idea about what occurs to Internet Protocol version 4 addresses after those are purchased and sold.
- Access address transfer-related data from RIRs
- Map the ranges of IP addresses against known AS (autonomous system) numbers
- Establish a connection between all that and border gateway protocol (BGP) activity
The paper has come up with not-so-pretty conclusions. The authors discovered that for over 65% of the address transfers, there seem to be transaction dates and origin ASes inconsistent with their transfer reports. On the other hand, 6% of ROAs got stale following the transfer in the IP market for several months.
The results show poor resource management activities that can enable malicious activities, like hijacking attacks, plus even cause connectivity problems because of the filtering mechanisms based on IRR or RPKI.
ASes in the market show malicious behavior that is consistently higher than the other ASes, even after considering factors like network span and business models, said the authors. They added that their findings are possibly a lower malicious activity bound from inside transferred addresses because numerous transactions may happen without the RIRs being notified of it.
The authors expect that their work would aid registries and other parties in doing better. They feel that those insights can have the following effects.
Inform the conversations and creation of policies about IPv4 market regulation
Aid brokers and operators in conducting due diligence in a better-informed way to avoid the transferred IP address space’s misuse or unintentionally supporting malicious players.