Abstract
A small part of the IPv4 address space has still not been assigned for use to any organization. However, some of this IP space is announced through BGP, and is, therefore, globally reachable. These prefixes which are a subset of the bogon prefixes, constitute what we call the blackspace.It is generally admitted that the blackspace stands to be abused by anybody who wishes to carry out borderline and/or illegal activities without being traced.
The contribution of this paper is twofold. First, we propose a novel methodology to accurately identify the IP blackspace. Based on data collected over a period of seven months, we study the routing-level characteristics of these networks and identify some benign reasons why these networks are announced on the Internet. Second, we focus on the security threat associated with these networks by looking at their application-level footprint. We identify live IP addresses and leverage them to fingerprint services running in these networks. Using this data we uncover a large amount of spam and scam activities. Finally, we present a case study of confirmed fraudulent routing of IP blackspace.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
VirusTotal includes more than 60 different website and domain scanning engines.
References
APNIC: Understanding address management hierarchy. http://www.apnic.net/services/manage-resources/address-management-objectives/management-hierarchy
APNIC: Using Whois: Quick Beginners Guide. http://www.apnic.net/apnic-info/whois_search/using-whois/guide
ARIN: Extended Allocation and Assignment Report for RIRs. https://www.arin.net/knowledge/statistics/nro_extended_stats_format.pdf
Bush, R., Hiebert, J., Maennel, O., Roughan, M., Uhlig, S.: Testing the reachability of (new) address space. In: Proceedings of the 2007 SIGCOMM Workshop on Internet Network Management, INM 2007, pp. 236–241 (2007)
Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proceedings of the World Wide Web Conference (WWW) (2010)
Madory, D.: The Vast World of Fraudulent Routing, January 2015. http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/. Accessed 5 June 2015
Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the 22nd USENIX Security Symposium, August 2013
Feamster, N., Jung, J., Balakrishnan, H.: An empirical study of “bogon” route advertisements. Comput. Commun. Rev. 35(1), 63–70 (2004)
Huston, G.: AS names. http://bgp.potaroo.net/cidr/autnums.html
Huston, G.: RIR Resource Allocation Data Inconsistencies. http://www.cidr-report.org/bogons/rir-data.html
Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. SIGCOMM Comput. Commun. Rev. 32(4), 3–16 (2002)
Mitchell, J.: Autonomous System (AS) Reservation for Private Use. RFC 6996, July 2013
Passive Spam Block List. http://psbl.org/
RIPE NCC: FAQ: Becoming a member. https://www.ripe.net/lir-services/member-support/info/faqs/faq-joining
RIPE NCC: Routing Information Service. http://www.ripe.net/ris/
Shi, X., Xiang, Y., Wang, Z., Yin, X., Wu, J.: Detecting prefix hijackings in the internet with argus. In: Proceedings of the 12th ACM SIGCOMM Internet Measurement Conference, IMC 2012, pp. 15–28 (2012)
Spamhaus. http://www.spamhaus.org/
Team Cymru: The Bogon Reference. http://www.team-cymru.org/bogon-reference.html
Thomas, R.: 60 Days of Basic Naughtiness: Probes and Attacks Endured by an Active Web Site. http://www.team-cymru.org/documents/60Days.ppt, March 2001
Toonk, A.: Recent BGP routing incidents - malicious or not. Presentation at NANOG 63, February 2015
Uceprotect. http://www.uceprotect.net/
Vervier, P.A., Thonnard, O., Dacier, M.: Mind your blocks: on the stealthiness of malicious BGP hijacks. In: NDSS 2015, Network and Distributed System Security Symposium, February 2015
VirusTotal. https://www.virustotal.com/
Weighted Private Block List. http://www.wpbl.info/
Wepawet. http://wepawet.cs.ucsb.edu
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Jacquemart, Q., Vervier, PA., Urvoy-Keller, G., Biersack, E. (2015). Demystifying the IP Blackspace. In: Bos, H., Monrose, F., Blanc, G. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2015. Lecture Notes in Computer Science(), vol 9404. Springer, Cham. https://doi.org/10.1007/978-3-319-26362-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-319-26362-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-26361-8
Online ISBN: 978-3-319-26362-5
eBook Packages: Computer ScienceComputer Science (R0)