Ecole d'ingénieur et centre de recherche en Sciences du numérique

Demystifying the IP blackspace

Jacquemart, Quentin; Vervier, Pierre-Antoine; Urvoy-Keller, Guillaume; Biersack, Ernst

RAID 2015, 18th International Symposium on Research in Attacks, Intrusions and Defenses, November 2-4, 2015, Kyoto, Japan / Also published in LNCS 9404, Book Chapter of "Research in Attacks, Intrusions, and Defenses"

A small part of the IPv4 address space has still not been assigned for use to any organization. However, some of this IP space is announced through BGP, and is, therefore, globally reachable. These prefixes which are a subset of the bogon prefixes, constitute what we call the blackspace.It is generally admitted that the blackspace stands to be abused by anybody who wishes to carry out borderline and/or illegal activities without being traced. The contribution of this paper is twofold. First, we propose a novel methodology to accurately identify the IP blackspace. Based on data collected over a period of seven months, we study the routing-level characteristics of these networks and identify some benign reasons why these networks are announced on the Internet. Second, we focus on the security threat associated with these networks by looking at their applicationlevel footprint. We identify live IP addresses and leverage them to fingerprint services running in these networks. Using this data we uncover a large amount of spam and scam activities. Finally, we present a case study of confirmed fraudulent routing of IP blackspace.

Document Doi Hal Bibtex

Titre:Demystifying the IP blackspace
Type:Conférence
Langue:English
Ville:Kyoto
Pays:JAPON
Date:
Département:Sécurité numérique
Eurecom ref:4705
Copyright: © Springer. Personal use of this material is permitted. The definitive version of this paper was published in RAID 2015, 18th International Symposium on Research in Attacks, Intrusions and Defenses, November 2-4, 2015, Kyoto, Japan / Also published in LNCS 9404, Book Chapter of "Research in Attacks, Intrusions, and Defenses" and is available at : http://dx.doi.org/10.1007/978-3-319-26362-5_6
Bibtex: @inproceedings{EURECOM+4705, doi = {http://dx.doi.org/10.1007/978-3-319-26362-5_6}, year = {2015}, title = {{D}emystifying the {IP} blackspace}, author = {{J}acquemart, {Q}uentin and {V}ervier, {P}ierre-{A}ntoine and {U}rvoy-{K}eller, {G}uillaume and {B}iersack, {E}rnst}, booktitle = {{RAID} 2015, 18th {I}nternational {S}ymposium on {R}esearch in {A}ttacks, {I}ntrusions and {D}efenses, {N}ovember 2-4, 2015, {K}yoto, {J}apan / {A}lso published in {LNCS} 9404, {B}ook {C}hapter of "{R}esearch in {A}ttacks, {I}ntrusions, and {D}efenses"}, address = {{K}yoto, {JAPON}}, month = {11}, url = {http://www.eurecom.fr/publication/4705} }
Voir aussi: