Abstract
A small part of the IPv4 address space has still not been assigned for use to any organization. However, some of this IP space is announced through BGP, and is, therefore, globally reachable. These prefixes which are a subset of the bogon prefixes, constitute what we call the blackspace.It is generally admitted that the blackspace stands to be abused by anybody who wishes to carry out borderline and/or illegal activities without being traced. The contribution of this paper is twofold. First, we propose a novel methodology to accurately identify the IP blackspace. Based on data collected over a period of seven months, we study the routing-level characteristics of these networks and identify some benign reasons why these networks are announced on the Internet. Second, we focus on the security threat associated with these networks by looking at their application-level footprint. We identify live IP addresses and leverage them to fingerprint services running in these networks. Using this data we uncover a large amount of spam and scam activities. Finally, we present a case study of confirmed fraudulent routing of IP blackspace.
Cite
CITATION STYLE
Jacquemart, Q., Vervier, P. A., Urvoy-Keller, G., & Biersack, E. (2015). Demystifying the IP blackspace. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 9404, pp. 111–132). Springer Verlag. https://doi.org/10.1007/978-3-319-26362-5_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
