Used IPv4 addresses need a ‘vehicle history check’

Like used cars, there are risks involved in acquiring used IPv4 addresses

It's a case of 'buyer beware' with used IPv4 addresses

It's a case of 'buyer beware' with used IPv4 addresses

Before buying a used car, prospective buyers can review vehicle histories in most states of Australia through a service such as the NSW Roads & Traffic Authority’s Vehicle History Check. The histories include information about how many owners the vehicle has had, whether it has been written off or stolen and other information that helps consumers understand the risks of purchasing the car.

Now that new IPv4 addresses are history, there is a developing market for acquiring ‘used’ IPv4 addresses. And like used cars, there are risks involved in acquiring these used addresses. So, where is the Vehicle History Check for IPv4 addresses?

Reputation follows used IPv4 addresses

When companies buy used IPv4 addresses, they are also buying the reputation of that address. If an address was either knowingly or unknowingly part of a malware network, it probably has a negative rating that would be blocked by a typical acceptable use policy. Without maintenance cycles, that previous history may reside in web filtering and reputation ratings systems long after the malware attack is over sometimes for years. These old ratings can result in blocked pages when deployed by the new owner. Requests that are blocked will ultimately drive new ratings in static databases, but the frustration of being blocked for multiple days or longer has a high cost.

Often web filtering and reputation ratings solutions use human raters to continuously add new ratings but neglect to review existing ratings on a regular basis for quality control. The de facto practice is to wait for a complaint and then react with updated ratings.

Not long ago, Cisco expanded its website only to find that a leading web filtering solution blocked the new pages. The root cause was used IPv4 addresses that were used in a web attack a few years ago.

Read more about IT security in CIO Australia’s Security category.

As long as new IPv4 addresses were available, this practice had minimal impact. As we now enter an era in which only used IPv4 addresses are available, the impact becomes more visible. The option of having human raters work late nights or a few weekends a month to review millions of ratings is futile. The web is expanding too quickly with two-way publishing and new web services and applications for humans to keep pace with manual ratings. What’s more, the expansion of the web is creating large legacy ratings databases that are too large to review periodically for quality. IPv4 address reuse brings the issue to the forefront and puts new owners at risk of being blocked.

Real-time ratings improve ratings relevancy

Real-time rating technologies change the game. They not only rate new web content on the fly to protect users, but during off peak hours, they can re-rate existing ratings for quality control and greater relevancy. If an IPv4 address was used as part of a web threat and that threat no longer exists, the negative rating should be removed. Or, if an IPv4 address was related to objectionable content (for example, pornography) or unproductive content (such as games) but no longer is, these ratings should be removed as they are frequently blocked by acceptable use policies.

This need for real-time ratings takes on a new dimension in the face of dynamically generated web threats that poison search engine results to drive users to phishing attacks, fake anti-malware offers or fake software updates. Real-time ratings become paramount to quickly detect these machine-generated attacks and immediately protect users.

In the absence of a Vehicle History Check for IPv4 addresses, buyers should beware. Knowing where an address came from and how it has been used will save a lot of headaches and costs down the road.

Qing Li is Chief Scientist at Blue Coat Systems and is responsible for the design and implementation of the IPv6 Secure Web Gateway Appliance at Blue Coat. He has published several reference titles, including ‘IPv6 Core Protocols Implementation’ and ‘IPv6 Advanced Protocols Implementation’. Qing is an active FreeBSD developer and committer.

Join the CSO newsletter!

Error: Please check your email address.

Tags IPv4 black marketQing Liblue coatTelecommunications

More about Blue Coat SystemsCiscoetworkGatewayGateway

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Qing Li

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts