[145407] in North American Network Operators' Group
Re: Botnets buying up IPv4 address space
daemon@ATHENA.MIT.EDU (William Herrin)
Fri Oct 7 15:34:08 2011
In-Reply-To: <CAM9VJk1q9j8wKy666Vr6gTYzWd2kyW_MgUO+HaYHiHtHMp6SiA@mail.gmail.com>
From: William Herrin <bill@herrin.us>
Date: Fri, 7 Oct 2011 15:32:43 -0400
To: Joly MacFie <joly@punkcast.com>
Cc: North American Network Operators Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Fri, Oct 7, 2011 at 2:11 PM, Joly MacFie <joly@punkcast.com> wrote:
>> Botnets buying up IPv4 address space
>>
>> http://j.mp/nMJ5Lr (Threat Post)
>
> I'd welcome comments as to solutions to this. Or is it just scaremongerin=
g?
Joly,
The author has drawn a relationship between a lot of unrelated things.
Hackers and spammers "rent" IP addresses all the time, and have done
so for two decades. It's called, "Here's my money for colo hosting
service and I need some IP addresses to go along with it." Nothing has
changed as a result of IPv4 depletion.
Botnets are hacked machines. They come with their own IP addresses
scattered about the globe and don't require any particular source. No
relation to IPv4 depletion and only tangentially related to the
"bulletproof hosting" that supplies IP addresses for the C&C servers.
As for auctioning IP blocks, my experience is that hackers don't
bother. If they want IP addresses beyond what the colo provider
offers, they steal them: find a block of addresses not routed on the
public Internet and forge LoAs they present to their ISP. They're
going to lose them anyway, so why bother paying money?
Regards,
Bill Herrin
--=20
William D. Herrin ................ herrin@dirtside.com=A0 bill@herrin.us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004
