Home > Research > Publications & Outputs > A first look at the misuse and abuse of the IPv...

Electronic data

  • VGiotsas_PAM2020_IPv4_Transfers_abuse

    Accepted author manuscript, 441 KB, PDF document

    Available under license: CC BY-NC: Creative Commons Attribution-NonCommercial 4.0 International License

Links

Text available via DOI:

View graph of relations

A first look at the misuse and abuse of the IPv4 Transfer Market

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Published

Standard

A first look at the misuse and abuse of the IPv4 Transfer Market. / Giotsas, Vasileios; Livadariu, Ioana; Gigis, Petros.

Passive and Active Measurement Conference (PAM) 2020. ed. / Anna Sperotto; Alberto Dainotti; Burkhard Stiller. Springer, 2020. p. 88-103.

Research output: Contribution in Book/Report/Proceedings - With ISBN/ISSNConference contribution/Paperpeer-review

Harvard

Giotsas, V, Livadariu, I & Gigis, P 2020, A first look at the misuse and abuse of the IPv4 Transfer Market. in A Sperotto, A Dainotti & B Stiller (eds), Passive and Active Measurement Conference (PAM) 2020. Springer, pp. 88-103, Passive and Active Measurement Conference 2020, Eugene, United States, 30/03/20. https://doi.org/10.1007/978-3-030-44081-7

APA

Giotsas, V., Livadariu, I., & Gigis, P. (2020). A first look at the misuse and abuse of the IPv4 Transfer Market. In A. Sperotto, A. Dainotti, & B. Stiller (Eds.), Passive and Active Measurement Conference (PAM) 2020 (pp. 88-103). Springer. https://doi.org/10.1007/978-3-030-44081-7

Vancouver

Giotsas V, Livadariu I, Gigis P. A first look at the misuse and abuse of the IPv4 Transfer Market. In Sperotto A, Dainotti A, Stiller B, editors, Passive and Active Measurement Conference (PAM) 2020. Springer. 2020. p. 88-103 https://doi.org/10.1007/978-3-030-44081-7

Author

Giotsas, Vasileios ; Livadariu, Ioana ; Gigis, Petros. / A first look at the misuse and abuse of the IPv4 Transfer Market. Passive and Active Measurement Conference (PAM) 2020. editor / Anna Sperotto ; Alberto Dainotti ; Burkhard Stiller. Springer, 2020. pp. 88-103

Bibtex

@inproceedings{545c2f7fb2dc43d489e5223f55fe659b,
title = "A first look at the misuse and abuse of the IPv4 Transfer Market",
abstract = "The depletion of the unallocated address space in combination with the slow pace of IPv6 deployment have given rise to the IPv4 transfer market, namely the trading of allocated IPv4 prefixes between ASes. While RIRs have established detailed policies in an effort to regulate the IPv4 transfer market for malicious networks such as spammers and bulletproof ASes, IPv4 transfers pose an opportunity to bypass reputational penalties of abusive behaviour since they can obtain {"}clean{"} address space or offload blacklisted address space. Additionally, IP transfers create a window of uncertainty about legitimate ownership of prefixes, which adversaries to hijack parts of the transferred address space. In this paper, we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild by synthesizing an array of longitudinal IP blacklists and lists of prefix hijacking incidents. Our findings yield evidence that the transferred network blocks are used by malicious networks to address botnets and fraudulent sites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicates efforts to evade filtering mechanisms.",
author = "Vasileios Giotsas and Ioana Livadariu and Petros Gigis",
year = "2020",
month = mar,
day = "18",
doi = "10.1007/978-3-030-44081-7",
language = "English",
isbn = "9783030440800",
pages = "88--103",
editor = "Sperotto, {Anna } and Dainotti, {Alberto } and Stiller, {Burkhard }",
booktitle = "Passive and Active Measurement Conference (PAM) 2020",
publisher = "Springer",
note = "Passive and Active Measurement Conference 2020, PAM ; Conference date: 30-03-2020 Through 31-03-2020",
url = "https://pam2020.cs.uoregon.edu",

}

RIS

TY - GEN

T1 - A first look at the misuse and abuse of the IPv4 Transfer Market

AU - Giotsas, Vasileios

AU - Livadariu, Ioana

AU - Gigis, Petros

PY - 2020/3/18

Y1 - 2020/3/18

N2 - The depletion of the unallocated address space in combination with the slow pace of IPv6 deployment have given rise to the IPv4 transfer market, namely the trading of allocated IPv4 prefixes between ASes. While RIRs have established detailed policies in an effort to regulate the IPv4 transfer market for malicious networks such as spammers and bulletproof ASes, IPv4 transfers pose an opportunity to bypass reputational penalties of abusive behaviour since they can obtain "clean" address space or offload blacklisted address space. Additionally, IP transfers create a window of uncertainty about legitimate ownership of prefixes, which adversaries to hijack parts of the transferred address space. In this paper, we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild by synthesizing an array of longitudinal IP blacklists and lists of prefix hijacking incidents. Our findings yield evidence that the transferred network blocks are used by malicious networks to address botnets and fraudulent sites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicates efforts to evade filtering mechanisms.

AB - The depletion of the unallocated address space in combination with the slow pace of IPv6 deployment have given rise to the IPv4 transfer market, namely the trading of allocated IPv4 prefixes between ASes. While RIRs have established detailed policies in an effort to regulate the IPv4 transfer market for malicious networks such as spammers and bulletproof ASes, IPv4 transfers pose an opportunity to bypass reputational penalties of abusive behaviour since they can obtain "clean" address space or offload blacklisted address space. Additionally, IP transfers create a window of uncertainty about legitimate ownership of prefixes, which adversaries to hijack parts of the transferred address space. In this paper, we provide the first detailed study of how transferred IPv4 prefixes are misused in the wild by synthesizing an array of longitudinal IP blacklists and lists of prefix hijacking incidents. Our findings yield evidence that the transferred network blocks are used by malicious networks to address botnets and fraudulent sites in much higher rates compared to non-transferred addresses, while the timing of the attacks indicates efforts to evade filtering mechanisms.

U2 - 10.1007/978-3-030-44081-7

DO - 10.1007/978-3-030-44081-7

M3 - Conference contribution/Paper

SN - 9783030440800

SP - 88

EP - 103

BT - Passive and Active Measurement Conference (PAM) 2020

A2 - Sperotto, Anna

A2 - Dainotti, Alberto

A2 - Stiller, Burkhard

PB - Springer

T2 - Passive and Active Measurement Conference 2020

Y2 - 30 March 2020 through 31 March 2020

ER -