Used IPv4 addresses need a ‘vehicle history check’

Like used cars, there are risks involved in acquiring used IPv4 addresses

Qing Li (CIO)
10 June, 2011 10:08
Comments

It's a case of 'buyer beware' with used IPv4 addresses

Before buying a used car, prospective buyers can review vehicle histories in most states of Australia through a service such as the NSW Roads & Traffic Authority’s Vehicle History Check. The histories include information about how many owners the vehicle has had, whether it has been written off or stolen and other information that helps consumers understand the risks of purchasing the car.

Now that new IPv4 addresses are history, there is a developing market for acquiring ‘used’ IPv4 addresses. And like used cars, there are risks involved in acquiring these used addresses. So, where is the Vehicle History Check for IPv4 addresses?

Reputation follows used IPv4 addresses

When companies buy used IPv4 addresses, they are also buying the reputation of that address. If an address was either knowingly or unknowingly part of a malware network, it probably has a negative rating that would be blocked by a typical acceptable use policy. Without maintenance cycles, that previous history may reside in web filtering and reputation ratings systems long after the malware attack is over sometimes for years. These old ratings can result in blocked pages when deployed by the new owner. Requests that are blocked will ultimately drive new ratings in static databases, but the frustration of being blocked for multiple days or longer has a high cost.

Often web filtering and reputation ratings solutions use human raters to continuously add new ratings but neglect to review existing ratings on a regular basis for quality control. The de facto practice is to wait for a complaint and then react with updated ratings.

Not long ago, Cisco expanded its website only to find that a leading web filtering solution blocked the new pages. The root cause was used IPv4 addresses that were used in a web attack a few years ago.

Read more about IT security in CIO Australia’s Security category.

As long as new IPv4 addresses were available, this practice had minimal impact. As we now enter an era in which only used IPv4 addresses are available, the impact becomes more visible. The option of having human raters work late nights or a few weekends a month to review millions of ratings is futile. The web is expanding too quickly with two-way publishing and new web services and applications for humans to keep pace with manual ratings. What’s more, the expansion of the web is creating large legacy ratings databases that are too large to review periodically for quality. IPv4 address reuse brings the issue to the forefront and puts new owners at risk of being blocked.

Real-time ratings improve ratings relevancy

Real-time rating technologies change the game. They not only rate new web content on the fly to protect users, but during off peak hours, they can re-rate existing ratings for quality control and greater relevancy. If an IPv4 address was used as part of a web threat and that threat no longer exists, the negative rating should be removed. Or, if an IPv4 address was related to objectionable content (for example, pornography) or unproductive content (such as games) but no longer is, these ratings should be removed as they are frequently blocked by acceptable use policies.

This need for real-time ratings takes on a new dimension in the face of dynamically generated web threats that poison search engine results to drive users to phishing attacks, fake anti-malware offers or fake software updates. Real-time ratings become paramount to quickly detect these machine-generated attacks and immediately protect users.

In the absence of a Vehicle History Check for IPv4 addresses, buyers should beware. Knowing where an address came from and how it has been used will save a lot of headaches and costs down the road.

Qing Li is Chief Scientist at Blue Coat Systems and is responsible for the design and implementation of the IPv6 Secure Web Gateway Appliance at Blue Coat. He has published several reference titles, including ‘IPv6 Core Protocols Implementation’ and ‘IPv6 Advanced Protocols Implementation’. Qing is an active FreeBSD developer and committer.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Blue Coat, Cisco, etwork, Gateway, Gateway

References show all

CIO Security

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"I was able to find good information from your content."

Google Jumps Into Social Bookmarks Game
"Wow! Great progress! Go NBNCo! Ummm... How many of those 7300 satellite ..."

NBN build gaining momentum daily: Quigley
"Very first time commenter on Face Time - Interview with John Brennan ..."

Face Time - Interview with John Brennan and Robert DiStefano
"When someone writes an piece of writing he/she keeps the idea of ..."

Monday Grok: Will Siri crack the walls of GOOG?
"Truly no matter if someone doesn't be aware of after that its ..."

Face Time - Interview with John Brennan and Robert DiStefano

Tags: blue coat, IPv4 black market, Qing Li, telecommunications

Latest Blog Posts

Whitepapers

Oracle Business Intelligence and Data Warehousing From Storage to Scorecard
Getting actionable data in the hands of the right decision makers translates to positive business outcomes – whether that means competing more effectively, reducing operational costs, meeting compliance requirements, or anticipating changing market conditions. To get the right data to the right people at the right time, you need an integrated business intelligence and data warehousing solution that can provide fast access to reliable information and the tools to translate that insight into actions.

Learn more »
Networking Strategy Guide
Articles include: IPv6 guide; How to get more out of Ethernet switches; High-speed Ethernet planning guide; Next-generation firewalls: In depth; How to lock down your wireless network. Read this Computerworld Networking Strategy Guide.

Learn more »
Sun Blade 6000 Modular System: Power and Cooling Efficiency
Most IT organizations are struggling with the need to deploy ever more applications in the fixed space, power, and cooling envelope of their data centers, the ability to save even a hundred watts per system quickly turns into more breathing room for future applications and the servers to run them. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

Transforming Your Business by Transforming Your Processes

In this white paper, we build on the “Intelligent Guide to Enterprise BPM: V olume One” in which we described the three entry points where you can begin to build ...

Used IPv4 addresses need a ‘vehicle history check’

Reputation follows used IPv4 addresses

Real-time ratings improve ratings relevancy

Comments

Post new comment

Building trusted relationships

Planning your IT career

Taking the risk out of diversity

5 open source help desk apps to watch

How to create a clear project plan

5 open source billing systems to watch

NBN Co focuses on continuous delivery to meet its deadlines

CIO challenge with BYOD: Don't fall down the rabbit hole

Face Time - Interview with John Brennan and Robert DiStefano

All Systems Down

IT service management going social

10 Tips for Dealing with a Bully Boss

The social business network

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

Transforming Your Business by Transforming Your Processes

The Pathways ICT Leadership Development Program Brochure and Curriculum 2012