nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Botnets buying up IPv4 address space

From: William Herrin <bill () herrin us>
Date: Fri, 7 Oct 2011 15:32:43 -0400
On Fri, Oct 7, 2011 at 2:11 PM, Joly MacFie <joly () punkcast com> wrote:

Botnets buying up IPv4 address space

http://j.mp/nMJ5Lr  (Threat Post)


I'd welcome comments as to solutions to this. Or is it just scaremongering?


Joly,

The author has drawn a relationship between a lot of unrelated things.

Hackers and spammers "rent" IP addresses all the time, and have done
so for two decades. It's called, "Here's my money for colo hosting
service and I need some IP addresses to go along with it." Nothing has
changed as a result of IPv4 depletion.

Botnets are hacked machines. They come with their own IP addresses
scattered about the globe and don't require any particular source. No
relation to IPv4 depletion and only tangentially related to the
"bulletproof hosting" that supplies IP addresses for the C&C servers.

As for auctioning IP blocks, my experience is that hackers don't
bother. If they want IP addresses beyond what the colo provider
offers, they steal them: find a block of addresses not routed on the
public Internet and forge LoAs they present to their ISP. They're
going to lose them anyway, so why bother paying money?

Regards,
Bill Herrin


-- 
William D. Herrin ................ herrin () dirtside comĀ  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
Previous By Date Next
Previous By Thread Next

Current thread: