Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Demystifying the IP Blackspace

  • Conference paper
  • First Online:
Research in Attacks, Intrusions, and Defenses (RAID 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9404))

Included in the following conference series:

  • 2899 Accesses

Abstract

A small part of the IPv4 address space has still not been assigned for use to any organization. However, some of this IP space is announced through BGP, and is, therefore, globally reachable. These prefixes which are a subset of the bogon prefixes, constitute what we call the blackspace.It is generally admitted that the blackspace stands to be abused by anybody who wishes to carry out borderline and/or illegal activities without being traced.

The contribution of this paper is twofold. First, we propose a novel methodology to accurately identify the IP blackspace. Based on data collected over a period of seven months, we study the routing-level characteristics of these networks and identify some benign reasons why these networks are announced on the Internet. Second, we focus on the security threat associated with these networks by looking at their application-level footprint. We identify live IP addresses and leverage them to fingerprint services running in these networks. Using this data we uncover a large amount of spam and scam activities. Finally, we present a case study of confirmed fraudulent routing of IP blackspace.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    VirusTotal includes more than 60 different website and domain scanning engines.

References

  1. APNIC: Understanding address management hierarchy. http://www.apnic.net/services/manage-resources/address-management-objectives/management-hierarchy

  2. APNIC: Using Whois: Quick Beginners Guide. http://www.apnic.net/apnic-info/whois_search/using-whois/guide

  3. ARIN: Extended Allocation and Assignment Report for RIRs. https://www.arin.net/knowledge/statistics/nro_extended_stats_format.pdf

  4. Bush, R., Hiebert, J., Maennel, O., Roughan, M., Uhlig, S.: Testing the reachability of (new) address space. In: Proceedings of the 2007 SIGCOMM Workshop on Internet Network Management, INM 2007, pp. 236–241 (2007)

    Google Scholar 

  5. Cova, M., Kruegel, C., Vigna, G.: Detection and analysis of drive-by-download attacks and malicious JavaScript code. In: Proceedings of the World Wide Web Conference (WWW) (2010)

    Google Scholar 

  6. Madory, D.: The Vast World of Fraudulent Routing, January 2015. http://research.dyn.com/2015/01/vast-world-of-fraudulent-routing/. Accessed 5 June 2015

  7. Durumeric, Z., Wustrow, E., Halderman, J.A.: ZMap: fast internet-wide scanning and its security applications. In: Proceedings of the 22nd USENIX Security Symposium, August 2013

    Google Scholar 

  8. Feamster, N., Jung, J., Balakrishnan, H.: An empirical study of “bogon” route advertisements. Comput. Commun. Rev. 35(1), 63–70 (2004)

    Article  Google Scholar 

  9. Huston, G.: AS names. http://bgp.potaroo.net/cidr/autnums.html

  10. Huston, G.: RIR Resource Allocation Data Inconsistencies. http://www.cidr-report.org/bogons/rir-data.html

  11. Mahajan, R., Wetherall, D., Anderson, T.: Understanding BGP misconfiguration. SIGCOMM Comput. Commun. Rev. 32(4), 3–16 (2002)

    Article  Google Scholar 

  12. Mitchell, J.: Autonomous System (AS) Reservation for Private Use. RFC 6996, July 2013

    Google Scholar 

  13. Passive Spam Block List. http://psbl.org/

  14. RIPE NCC: FAQ: Becoming a member. https://www.ripe.net/lir-services/member-support/info/faqs/faq-joining

  15. RIPE NCC: Routing Information Service. http://www.ripe.net/ris/

  16. Shi, X., Xiang, Y., Wang, Z., Yin, X., Wu, J.: Detecting prefix hijackings in the internet with argus. In: Proceedings of the 12th ACM SIGCOMM Internet Measurement Conference, IMC 2012, pp. 15–28 (2012)

    Google Scholar 

  17. Spamhaus. http://www.spamhaus.org/

  18. Team Cymru: The Bogon Reference. http://www.team-cymru.org/bogon-reference.html

  19. Thomas, R.: 60 Days of Basic Naughtiness: Probes and Attacks Endured by an Active Web Site. http://www.team-cymru.org/documents/60Days.ppt, March 2001

  20. Toonk, A.: Recent BGP routing incidents - malicious or not. Presentation at NANOG 63, February 2015

    Google Scholar 

  21. Uceprotect. http://www.uceprotect.net/

  22. Vervier, P.A., Thonnard, O., Dacier, M.: Mind your blocks: on the stealthiness of malicious BGP hijacks. In: NDSS 2015, Network and Distributed System Security Symposium, February 2015

    Google Scholar 

  23. VirusTotal. https://www.virustotal.com/

  24. Weighted Private Block List. http://www.wpbl.info/

  25. Wepawet. http://wepawet.cs.ucsb.edu

Download references

Author information

Authors and Affiliations

  1. Eurecom, Sophia Antipolis, France

    Quentin Jacquemart & Ernst Biersack

  2. Symantec Research Labs, Sophia Antipolis, France

    Pierre-Antoine Vervier

  3. University of Nice Sophia Antipolis, CNRS, I3S, UMR 7271, 06900, Sophia Antipolis, France

    Guillaume Urvoy-Keller

Authors
  1. Quentin Jacquemart
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Pierre-Antoine Vervier
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Guillaume Urvoy-Keller
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ernst Biersack
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Quentin Jacquemart .

Editor information

Editors and Affiliations

  1. Vrije Universiteit Amsterdam, Amsterdam, Noord-Holland, The Netherlands

    Herbert Bos

  2. University of North Carolina at Chapel H, Chapel-Hill, USA

    Fabian Monrose

  3. Université Paris-Saclay, Evry, France

    Gregory Blanc

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Jacquemart, Q., Vervier, PA., Urvoy-Keller, G., Biersack, E. (2015). Demystifying the IP Blackspace. In: Bos, H., Monrose, F., Blanc, G. (eds) Research in Attacks, Intrusions, and Defenses. RAID 2015. Lecture Notes in Computer Science(), vol 9404. Springer, Cham. https://doi.org/10.1007/978-3-319-26362-5_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-26362-5_6

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-26361-8

  • Online ISBN: 978-3-319-26362-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation