Slashdot Mirror
Confronting Address Space Hijackers
Tawn writes "There's a great story on SecurityFocus about hijackers taking over large allocations of IPv4 space with forged documents and false business fronts. Los Angeles County and some big multinationals have had /16's pulled out from under them in the last few months, and used to inject spam. ARIN and network operators are trying to get a handle on the problem. The owner of a webhosting company that wound up with L.A. County's /16 called it 'borrowed space,' and said he paid $500 for it to a guy he met online."
Judging by the article, LA county was using that /16 for internal routing only. I understand that they probably got it when it was easy to get, but do they really still need it? On that note, how much IP space that is allocated is actually in use? I heard something like 25%..
I'd never heard of Enron before they started running TV ads about how they sub-rented "unused bandwidth" from multi-nationals during their off-hours.
It wouldn't surprise me that this is one scam that they would have tried to pull.
I don't know about the rest of the world, and IANAL, but I rather suspect that any member in good standing of the Communications Bar would be able to make a very strong case about willful interference with a communications system.
Next thing you know, they'll be lighting OPDF. (Other People's Dark Fibre)
With the still-ongoing cases over domain theft and fraud, is it at all surprising that it's also active in areas like IP block assignments?
I get SPAM with faked reply-to, sent-by, and domain names. Most hacks against my systems are from IP addresses that don't resolve back to a valid domain.
The only shock here is that someone was dumb enough to think they could get a /16 for only $500.
I do not fail; I succeed at finding out what does not work.
This problem will grow with more address space. Though the value of individual addresses will diminish in the future with IPv6, it is important to keep virtual property lines clear. This needs to be handled now. Exceptions made are only going to lead to problems in the future.
Sitting on that quantity of Unused IP adresses is just as criminal.
;)
I do agree with you here, but... ever heard about natural selection ?
IPv4 addresses have been designed in a time when there were at most a dozen people expecting IP to be used by more than a million users in the future. Just like the w2k bug (failed to) prove, old things should eventually die so that new ones can take the free slot. Yup, just like spammers should die so that other people may use those IP slots, but I digress.
IPv6 is here and would resolve the problem. This requires a huge switch however, and people won't be ready for it unless natural selection proves IPv4 hopelessly doomed.
So let spammers accumulate IPv4 addresses just a little more
Karma cannot be described by words alone.
It's really a symptom of a monoploy economy for IP address blocks. No one is keeping the distributor honest, so market inequities do not get resolved. Hoarding can then exist.
But honestly, is a large enough fraction of the user community going to be upset enough to change this? Probably not. Right now, businesses seem more than willing to shell out for a small CIDR address space, and NAT the internal addresses. Until there's a customer revolt, there's no reason for a monopoly to be overthrown.
This is going to keep happening until Arin starts pushing Ipv6. The real problem is that currently getting Ipv6 costs money and doesn't get you very far. Look at it this way... currently a Ptla /32 costs $2500 a year. But people that have been sitting on Ipv4 blocks for years don't pay anything. I know of two Isp's that would like to offer Ipv6 the their customers but because they don't have their own Ipv4 netblocks they don't want to pay $2500 a year just so few of their customers have Ipv6. So instead of getting Ipv6 and moving away from Ipv4 they are forced to stay with Ipv4. I think that the situation is currently backwards to the way it should be. Arin ( and other Ipv4 providers ) should be charging next to nothing for Ipv6 netbocks ($100 or so) and slowly start charging for Ipv4 blocks each year. So for the first year charge $100 for each Ipv4 block (on top of any other fees). The second year the would charge 500 and the year after that 1000 and then 3000 and so on... Until we start charging more for Ipv4 address's than Ipv6 we will have people trying to hijack current Ipv4 netblocks... The more people that can get switched over to Ipv6 the sooner the better. If everyone was using Ipv6 this will no longer be a problem...
So, you're basically taking an anarchist view on this -- let the current system be destroyed, and the new one will arise to take its place.
But have you considered that the first step is rather painful?
>> So let spammers accumulate IPv4 addresses just a little more
... switchover, the social inertia is tooooo high.
> So, you're basically taking an anarchist view on this -- let the current system be destroyed, and the new one will arise to take its place.
But have you considered that the first step is rather painful?
I don't think he prefers this route, I think he's acknowledging (humorously) that the only way to get a large-scale change to IPv6 will be a large-scale failure of v4; nothing less inconvenient will make people and companies and
- There weren't firewalls or NATs to prevent local machines' addresses from being reachable by the Whole Internet, and
- there wasn't RFC1918 private address space until after the ARPANET was shut down, and
- Networks were always Class A, B, or C, and even if they were subnetted, it was still on class boundaries, and
- supernetting and CIDR didn't exist.
The Class A allocations are basically a pile of dinosaur bones, and most of the dinosaurs were either native to North America or else ate other dinosaurs that were.But yes, the early-adopter bias is a US bias, because before the work of people like CIX, the Commercial Internet Exchange, the ARPANET was a thing run by the US government, and you could only get on it if you were a US defense contractor doing appropriate kinds of work or a University that had some appropriate government-funded research, and there was an Acceptable Use Policy that said you couldn't do commercial activities that weren't related to the Government Work you were doing (though much of the interestingness of the Internet culture evolved because there was deliberately slack enforcement, especially on universities and non-commercial-related discussions.) The rest of us had UUCP, and Usenet, and X.25, and it wasn't until ~1990 that you could reliably use email for outside-your-company business without having to worry about whether you were violating the AUP.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Japan and especially Korea are more interesting cases, because they don't have the censorship problem, they've got a much much higher fraction of their population wired, and their telecom infrastructure is much more liberalized. And besides, you don't have to sell spammers Korean address space to M4K3 M0N3Y Fa$$T!! - you can sell them lists of broken relays and proxies :-)
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
I agree. In addition, all rapists and burglars should be given their own little part of town in each city to operate in, because as any fool knows, efforts to eradicate them haven't worked and never will; as police techniques have advanced to try to catch them, they've just simply become more sophisticated in their criminal methods.
Great post!