Networking boffins detect wide abuse of IPv4 addresses bought on secondary market Malicious actors are abusing the secondary market for IPv4 addresses, according to Lancaster University lecturer Vasileios Giotsas, University College London research and teaching assistant Petros Gigis and postdoctoral fellow Ioana Livadariu from Norway's Simula Metropolitan Center for Digital Engineering. In a recent paper …
Spammers etc probably buy a lot of addresses as the old ones get blocked.
They will then be seen as "good" customers by companies supplying the commodities they buy as a large and frequent single customer. They are therefore economically encouraged to turn a blind eye to any "alleged" misconduct by their customers. No company willingly blacklists their biggest customers from buying from them unless not doing so has bigger consequences than keeping them as a customer.
Criminals aren't big on buying things. They can exploit mismanagement to steal IP addresses.
https://www.spamhaus.org/news/article/778/network-hijacking-the-low-down
Several registrars claim to be powerless to stop stolen networks, and that's pretty much why there's a problem. ARIN and RIPE will only flag records as invalid as a minor help to assist blacklists. TWNIC, APNIC, KRNIC, and AFRINIC seem to not care if their data is of any use or not.
What do you mean by "slackening of governance"? There's never been anything resembling governance of IP address space; there's only been allocation and registration.
And what do the authors of the study mean by "policies regarding the regulation of IPv4 markets"? There is no regulation of IP address space and never has been. So no policy, either. Again, it's just a matter of allocation and registration. They're only numbers, and unlike telephone numbers, they have no historical connection with geography.
Anyone who relies on IP address bits for any kind of intrinsic validation is asking for trouble.
Not really, the blocks just work slightly differently.
But this isn't really about IPv6 versus IPv4, it's about the historically unjust allocation of addresses and the lack of a reliable international organisation able to reallocate them and adjudicate. Unfortunately, this is a difficult nut to crack: when it was all run by the international post union, national governments nearly always asserted national security as the reason for doing nothing and now we have ICANN prepared to do anything to make money.
And we have the same problem with all of our other finite resources. :-(
What are you on about? The International Postal Union has never had anything to do with IP addresses, or even telephone numbers if that's what you meant. The ITU (previously CCITT) defined international telephone prefixes like +1 and +44, but the rest of telephone numbering is arranged nationally. IP addresses are completely different because they are non-geographical, so are allocated by a handful of Regional Internet Registries. And of course, with IPv6 they are no longer a finite resource, in any realistic way.
I can picture all sorts of interesting market effects happening to IPv4 addresses.
A pricing difference between "clean" and "dirty" addresses. Addresses that are on blocklists for spam or botnets should trade at a lower value than ones that are clean. The question is, how can a buyer assess the "quality" of an address? Without transparency that market effect can't work. Are there already consultancies or services that can help you buy a "clean" block of IPv4 addresses?
Some companies might be more relaxed about buying dirty addresses, depending on their use case. Would it matter if Netflix would buy a block of addresses for its streaming servers that happens to feature on spam blocklists? I would think not. Meanwhile, if you're planning to set up a new email service provider you'd want to buy the cleanest blocks available.
On overall view, not tomorrow but perhaps next decade, that due to the lack of regulation, legacy ownership issues, legacy transparency issues, rampant abuse etc. that IPv4 traffic is dodgier than IPv6 traffic. It may lead to a situation in let's say 2030 that people reaching your server from IPv4 addresses will need to go through a CAPTCHA (or other Turing test) whereas standard IPv6 traffic doesn't. At the moment Google is a bit stricter about email traffic coming from servers over IPv6 than over IPv4 as blocklists for IPv4 are easier (and more established) than for IPv6. Will that stance reverse at some point?
A steady rise in value in IPv4 addresses up to a certain point until it hits a peak and then a fairly sharp drop. At the moment about 33% of all traffic is IPv6, once that reaches a certain level the value of IPv4 will suddenly decrease and it tips from a seller's market into a buyer's market. As a seller of an IPv4 block it makes sense to hold out for a bit longer, but not too long because it will suddenly drop quite rapidly as every holdout will sell their block while it still has value. Like most markets, it doesn't matter when the real tipping point is, it matters when people think we have reached that tipping point. The perception is enough to create the tipping point.
At some point the majority of home and office users will have a Dual Stack (IPv4+IPv6) or DS-Lite (IPv6+IPv4 behind NAT) connection. At that point the only people still interested in IPv4 blocks will be owners of servers who need to make sure that IPv4-only users can still reach them. This might mean a release of IPv4 blocks by ISPs who sell it to server owners (from massive cloud companies to smaller hosters). If you're an ISP that always had a good abuse department your blocks might be worth more than those of ISPs that are infamous for their lax approach to botnets, spammers, open relays etc.
You can normally get ip addresses removed from blacklists pretty quickly, once you can demonstrate that you control it and this is easy for ISPs. Most lists are temporary anyway.
The price differences are now between regions: cheap in the US because they are still plentiful, expensive elsewhee as they run out and you see the same thing as networks switch to IPv6: where the demand is still there, the prices will remain high.
But more and more people are being moved to IPv6 for WAN and dualstack locally – once a network supports IPv6 it makes a lot of sense to push IPv4 to the edge.
once a network supports IPv6 it makes a lot of sense to push IPv4 to the edge
So is that how you see small business and domestic networks in the future? IPv6 to the outside world but IPv4 internally? I ask because migrating all my kit to v6 internally looks like being a right royal pain in the backside for no particular benefit.
How does NAT work in that scenario? Does each internal v4 address get a unique external v6 address?
For my servers, instead of 'port forwarding' do I now set up permanent address translation tables?
More to the point, will I need new kit? My Draytek modem is supposedly v6 capable, but as my ISP is not I haven't had a chance to test it...
M.
I think there is a lot of value in taking IPv6 details away from the consumer at least and letting the router handle all the 6to4 stuff. This "just works" in many situations and allows older equipment to be used without any hassle. 6to4 should mean that NAT isn't required (it's similar but it isn't NAT), you should have enough addresses to provide everything that needs the internet to have their own set so mapping can be permanent.
Obviously little sense if your ISP doesn't do IPv6 yet. You could run your own 4to6 setup, but that could get fiddly and involve you doing exactly the kind of configuration you, understandably, want to avoid!
I think you may have misunderstood. It appears to me that he is saying that a dual stack network is more of a pain to support than a v6 with 4-to-6 translation at the edge(s). Therefore, _once_ a network decides to go v6, he expects it to go v6 instead of dual stack.
I could be wildly wrong, but I expect most SMBs to stay v4 for a long time. I can see no reason for hw to drop v4--so what is the need to change over? The sw tools are all in place to support v4 with 6to4 at the edge, and they too are not going to go away.
When setup of fresh v6 networks is as simple as v4 networks, expect new networks to start being v6. Especially as the new kids come in without v4 experience.
Setup of new v6 networks is already easier than v4, you don't need to worry about nat, or address conflicts, or conservation of limited address space etc.
Companies like microsoft and facebook are entirely ipv6 internally, with border devices that can proxy traffic to legacy ip for when they have to communicate with outdated third parties.
I thought you were joking at first, but now I see that it actually is. Looking at the larger version, it's more clearly female. But the code on the screen looks a bit 'shopped. Or maybe that's just the JPEG compression artefacts.
This article reads like it’s for managers and senior leaders, full of waffle and scare mongering leading a thought process of maybe ipv6 would solve this mess.
Expect many many more of these uninformative buzzword bingo articles everywhere as a concerted effort to promote ipv6 as a good way to mitigate these issues..
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
