abuse of the ipv4 transfer markets
play

Abuse of the IPv4 Transfer Markets Vasileios Giotsas, Ioana Livadariu - PowerPoint PPT Presentation

Dec 12, 2022 •380 likes •490 views

Abuse of the IPv4 Transfer Markets Vasileios Giotsas, Ioana Livadariu , Petros Gigis AIMS 2020 IPv4 Transfers IPv4 address transactions that occur between organisations RIPE NCC Intra-RIR Tranfers ARIN APNIC LACNIC Dec Jun Oct Feb Jan Oct

  1. Abuse of the IPv4 Transfer Markets Vasileios Giotsas, Ioana Livadariu , Petros Gigis AIMS 2020

  2. IPv4 Transfers IPv4 address transactions that occur between organisations RIPE NCC Intra-RIR Tranfers ARIN APNIC LACNIC Dec Jun Oct Feb Jan Oct Mar Sep APNIC RIPE ‘08 ‘09 ‘09 ‘10 ‘11 ‘12 ‘16 ‘16 APNIC RIPE Inter-RIR Tranfers ARIN RIPE ARIN APNIC Dec Dec Jul Sep Feb Oct ‘08 ‘15 ‘12 ‘15 ‘16 ‘12 Transfer Policy First Transfer 2 AIMS2020

  3. Transfer markets: viable source of IPv4 space Transfer market size is increasing (number of transactions and IP addresses) APNIC ARIN 10 8 RIPE LACNIC ARIN -> APNIC Number of IP addresses APNIC -> ARIN 10 6 APNIC -> RIPE RIPE -> APNIC RIPE -> ARIN ARIN -> RIPE 10 4 10 2 10 0 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 3 AIMS2020

  4. Overview Do IPv4 transfer markets pose an opportunity for malicious actors? 1. Compile and process the IPv4 transferred addresses • Usage of the IP address space • Participants on the IPv4 transfer market 2. Analyze the IP addresses against a dataset of malicious activities • Blacklisted IP addresses • Blacklisting timing 4 AIMS2020

  5. Datasets IPv4 Reported Transfers [1] IP Blacklists [5,6] WHOIS DB Org-to-ASNs Transferred date Honeypots [7] BGP data [2] Deployed IP Non-legimitate IP/Port space ASes [8] Scans [3,4] Correlation of malicious activity for transferred addresses [1] RIRs, IPv4 reported transfers [2] Routeviews and RIPE RIS [3] USC/ISC LANDER project, https://www.isi.edu/~johnh/PAPERS/Heidemann09b.html [4] RAPID7’s project Sonar, TCP and UDP scans, https://opendata.rapid7.com/ [5] Zhao et al. , A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists, AsiaCCS 2019 [6] UCEPROTECT: Network Project, http://www.uceprotect.net/en/ [7] Badpackets (https://badpackets.net/botnet-c2-detections/), BinaryEdge (https://www.binaryedge.io/data.html) [8] Testart et al. ,Profiling BGP Serial Hijackers: Capturing Persistent Misbehavior in the Global Routing Table, IMC 2019 5 AIMS2020

  6. Significant percentage of the transferred prefixes appears blacklisted Blacklisted transferred IPs are distributed across 40% of the routed prefixes. 6 AIMS2020

  7. Significant percentage of the transferred prefixes appears blacklisted Transferred prefixes are disproportionally represented in the blacklist for every type of malicious activity except spamming Transferred Unwanted Programs Non-Transferred Exploits Malware Phishing Fraudulent Services Spammers 0 7,5 15 22,5 30 Routed prefixes with blacklisted IPs (%)* *Zhao et al. , A Decade of Mal-Activity Reporting: A Retrospective Analysis of Internet Malicious Activity Blacklists, AsiaCCS 2019 7 AIMS2020

  8. When do the transferred IPs get blacklisted? • Compare the transfer date with the blacklisting timing • Buyers are more prone to abuse of the IP space 8 AIMS2020

  9. Future Work • Develop predictive techniques for blacklisting based on monitoring the reported IPv4 transfers • Augment our malicious datasets (IBR, DDoS, Spoofing, Honeypots) • Investigate non-canonical patterns in the reported transfer (e.g networks are both seller and buyer) 9 AIMS2020

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life

IPv4 Pricing and Transfer Update Sandra Brown IPv4 Market Group January 19, 2016 IPv4 Life Cycle Events ARIN Runout RIPE Inter-RIR Transfers /8s come to market IPv6 Adoption 2 Factors Affecting Pricing # OF IP TRANSFERS

223 views • 8 slides
UK IPv4 Transfer Market January 22, 2015 Sandra

UK IPv4 Transfer Market January 22, 2015 Sandra

UK IPv4 Transfer Market January 22, 2015 Sandra Brown sandrabrown@ipv4marketgroup.com 716 348 6768 1 Agenda 1. IntroducLon 2. IPv4 Purchase

342 views • 12 slides
A Policy Story - IPv4 Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services

A Policy Story - IPv4 Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services

A Policy Story - IPv4 Transfer TWNIC OPM 26, Taipei 14 December 2016 George Kuo, Services Director 1 About APNIC Membership-based, not-for-profit, R egional I nternet R egistry (RIR) Delegates and registers IP addresses and AS numbers

450 views • 29 slides
IP IPV4 TRAN V4 TRANSFER SFER IN IN VIET VIETNAM NAM Presented by: Nguyen Thi Thu Thuy

IP IPV4 TRAN V4 TRANSFER SFER IN IN VIET VIETNAM NAM Presented by: Nguyen Thi Thu Thuy

IP IPV4 TRAN V4 TRANSFER SFER IN IN VIET VIETNAM NAM Presented by: Nguyen Thi Thu Thuy Vietnam Internet Network Information Center (VNNIC) TWNIC C Membe ber r Meeting| eting| December mber, , 2016 Contents Internet Resources

550 views • 16 slides
IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool

IPv6 Avanzado Introduccin Toms Lynch LACNOG WHERE ARE WE? IPv4 Yes, the IPv4 pool IPv4 with NAT/Tunnels But we can use IPv4 and NAT or Tunnels!!! Yeah, right IPv6 IPv6 Readiness Laptops, pads, mobile phones, dongles,

477 views • 19 slides
IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4

IPv6 Presentation Template (Make this title your own!) Whats happening with IPv4? IPv4 exhaustion (link to RIRs and highlight relevant trends for your region) Regional Internet Authorities are in various phases of IPv4 exhaustion

486 views • 13 slides
Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4

Is there available IPv4 space in the LAC region? Sergio Rojas sergio@lacnic.net IPv4 IPv4 space 4.294.967.296 IP addresses (not all of them are usable) It seems a lot of space, right? But the world population is almost 7 billion

201 views • 16 slides
Towards a Sustainable Internet The Opportunity of IPv6 Marco Hogewoning | September 217 |

Towards a Sustainable Internet The Opportunity of IPv6 Marco Hogewoning | September 217 |

Towards a Sustainable Internet The Opportunity of IPv6 Marco Hogewoning | September 217 | Bahrain Steady Decline of Available IPv4 No immediate shortage of IPv4 addresses Transfer market appears to fulfil industry demands Still some

282 views • 12 slides
IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There

IPv4 Exhaus,on And IPv6 Deployment Carlos Mar)nez @Sint-Maarten Internet Week IPv4 There are 4,294,967,296 IPv4 addresses (32 bits long) but not all of them can be used Looks like a lot, right? But... World popula)on currently stands

501 views • 27 slides
CLRS panel on Capital Markets Convergence Continuing Innovation in Reinsurance Risk Transfer

CLRS panel on Capital Markets Convergence Continuing Innovation in Reinsurance Risk Transfer

CLRS panel on Capital Markets Convergence Continuing Innovation in Reinsurance Risk Transfer James Doona Managing Director, Munich Re Capital Markets jdoona@munichre.com Marriott Copley Place, Boston, September 17, 2013 What is Alternative

199 views • 9 slides
IPV4 TO IPV6 MIGRATION Rick Wylie CEO KeyOptions MacSysAdmin 2011 IP - A BIT OF HISTORY Bob

IPV4 TO IPV6 MIGRATION Rick Wylie CEO KeyOptions MacSysAdmin 2011 IP - A BIT OF HISTORY Bob

IPV4 TO IPV6 MIGRATION Rick Wylie CEO KeyOptions MacSysAdmin 2011 IP - A BIT OF HISTORY Bob Metcalfe's Harvard Ph.D. thesis outlines the idea for Ethernet. File transfer Steve Crocker makes specification (RFC 454) is the first Request for

1.13k views • 91 slides
Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4

Labcourse Routerlab Internet Protocol Version 6 (IPv6) IPv4 Shortcomings IPv4 addresses have 32 bits only not enough for 1 IP address per person dynamic IPs, NAT, Manual configuration time consuming (in larger

655 views • 16 slides
IPv6 @ Navneet Nagori Network Engineering Why IPv6 IPv4 exhaustion Cost - Buying

IPv6 @ Navneet Nagori Network Engineering Why IPv6 IPv4 exhaustion Cost - Buying

IPv6 @ Navneet Nagori Network Engineering Why IPv6 IPv4 exhaustion Cost - Buying address costly , Provider supported NAT, Abuse Identification, Port exhaustion, User share address New Devices IPTV, Mobile Network, home

528 views • 21 slides
SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36,

SIIT-DC: IPv4 Service Contjnuity for IPv6 Data Centres Tore Anderson Redpill Linpro AS UKNOF36, London, January 2017 Incremental IPv6 deployment in DC IPv4-only IPv4-only + IPv6 via NAT/proxy/etc Dual-stacked public frontend, IPv4 BE Full

550 views • 15 slides
Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr.

802.16 IP Telephony Lab Exhaustion of IPv4 Address in 2010 Exhaustion of IPv4 Address in 2010 Associate Professor Dr. Quincy Wu solomon@ipv6.club.tw Graduate Institute of Communication Engineering National Chi Nan University 1 1

943 views • 77 slides
Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible

Post IPv4 completion Making IPv6 deployable incrementally by making it backward compatible with IPv4. Alain Durand The Internet must support continued, un-interrupted growth regardless of IPv4 address availability DISCLAIMER:

614 views • 17 slides
The Design of T EX and METAFONT : A Retrospective Nelson H. F . Beebe Department of Mathematics

The Design of T EX and METAFONT : A Retrospective Nelson H. F . Beebe Department of Mathematics

The Design of T EX and METAFONT : A Retrospective Nelson H. F . Beebe Department of Mathematics University of Utah Salt Lake City, UT 84112-0090 USA T EX Users Group Conference 2005 talk... p.1/47 Where I came from METAFONT EX and T

747 views • 47 slides
The Automated Exploitation Grand Challenge A Five-Year Retrospective Julien Vanegue IEEE

The Automated Exploitation Grand Challenge A Five-Year Retrospective Julien Vanegue IEEE

The Automated Exploitation Grand Challenge A Five-Year Retrospective Julien Vanegue IEEE Security & Privacy Langsec Workshop May 25th 2018 AEGC 2013/2018 vs DARPA Cyber Grand Challenge Was Automated Exploit Generation solved with DARPA

370 views • 21 slides
A Retrospective on Datalog 1.0 Phokion G. Kolaitis UC Santa Cruz and IBM Research - Almaden

A Retrospective on Datalog 1.0 Phokion G. Kolaitis UC Santa Cruz and IBM Research - Almaden

A Retrospective on Datalog 1.0 Phokion G. Kolaitis UC Santa Cruz and IBM Research - Almaden Datalog 2.0 Vienna, September 2012 A Brief History of Datalog In the beginning of time, there was E.F. Codd, who gave us relational algebra and

942 views • 77 slides
Problem? What Problem? Learn how to deal effectively with impediments Agile Management Congress

Problem? What Problem? Learn how to deal effectively with impediments Agile Management Congress

Ben Linders Consulting Problem? What Problem? Learn how to deal effectively with impediments Agile Management Congress Prague November 25 2019 Ben Linders Consulting benlinders.com - @BenLinders 1 Ben Linders Consulting Ben Linders -

275 views • 14 slides
MPI-IO: A Retrospective Rajeev Thakur 25 th Anniversary of MPI Workshop Argonne, IL, Sept 25,

MPI-IO: A Retrospective Rajeev Thakur 25 th Anniversary of MPI Workshop Argonne, IL, Sept 25,

MPI-IO: A Retrospective Rajeev Thakur 25 th Anniversary of MPI Workshop Argonne, IL, Sept 25, 2017 Outline Origins of MPI-IO How it became part of MPI-2 What is in MPI-IO Which features of MPI-IO turned out to be useful, and which

629 views • 16 slides
Improving Software Quality with Retrospectives TestCon Moscow, April 2-3 Ben Linders

Improving Software Quality with Retrospectives TestCon Moscow, April 2-3 Ben Linders

Ben Linders Consulting Improving Software Quality with Retrospectives TestCon Moscow, April 2-3 Ben Linders benlinders.com - @BenLinders 1 BenLinders.com Ben Linders Consulting Trainer / Coach / Adviser / Author / Speaker Agile, Lean,

562 views • 23 slides
D0 Computing Retrospective Amber Boehnlein SLAC June 10, 2014 This talk

D0 Computing Retrospective Amber Boehnlein SLAC June 10, 2014 This talk

D0 Computing Retrospective Amber Boehnlein SLAC June 10, 2014 This talk represents 30 years of outstanding technical accomplishments from contributions from more than 100 individuals. Run I Computing

243 views • 21 slides
What are modules? & what is their role in development? s.butterfill@warwick.ac.uk Outline

What are modules? & what is their role in development? s.butterfill@warwick.ac.uk Outline

Joint Action & the Emergence of Mindreading What are modules? & what is their role in development? s.butterfill@warwick.ac.uk Outline Why we need a notion of modularity (0) There is a problemcurrent accounts of modularity are

951 views • 81 slides

More recommend