Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Botnet Networking Security IT

Hackers Buying IPv4 Blocks To Evade Detection 89

Posted by Soulskill from the wasting-good-corners-on-bad-hot-dog-stands dept.
Trailrunner7 writes "The number of IP addresses required for large scale botnets to operate effectively can be considerable, and finding large IP blocks to use for them can be difficult. If the botnet operators do find them, the IP addresses often are blacklisted quickly by reputation systems and are then useless for the attackers. Now, in one effort to get around these systems, some attackers are taking advantage of the lack of IPv4 space by either purchasing or renting blocks of IP space with good reputations that have been built up over the course of several years. A number of legitimate trading and auction sites appeared as the IPv4 space became scarcer, and the attackers have gotten involved as well, getting their hands on known good IP blocks and using them for C&C or hosting malware."
This discussion has been archived. No new comments can be posted.

Hackers Buying IPv4 Blocks To Evade Detection More

Hackers Buying IPv4 Blocks To Evade Detection

Comments Filter:

  • Bull Pucky (Score:5, Insightful)

    by Spazmania ( 174582 ) on Friday October 07, 2011 @01:27PM (#37641142) Homepage

    I call BS. Hackers don't rent or buy IP addresses for botnets. The bots run on machines each of which has an IP address already. And when they do need IP addresses, they steal them: find an address assignment not currently routed on the Internet and forge papers they present to the ISP claiming to be the actual registrant.

    There are a number of protections in place at ARIN and the other Internet Registries which do a reasonably good job preventing hackers from taking actual "ownership" of blocks of IP addresses.

    While there is such a thing as a "legitimate trading and auction sites," there are also a lot of snake oil salesman out there right now claiming legitimacy. Here's a hint: the legitimate ones don't cater to the hacker crowd because they know perfectly well they can't effect a registry transfer without meeting the registry's criteria for "legitimate need."

  • Shoot the Spammers (Score:2, Insightful)

    by ebunga ( 95613 ) on Friday October 07, 2011 @01:34PM (#37641262)

    It should be justifiable homicide to shoot and kill spammers, phishers, malware authors, and those asshats attempting dictionary attacks against a bunch of pop3 accounts looking for a new spam vector. Any nation that does not enact such a law should be labeled a rogue threat to humanity and be nuked until there is nothing left to nuke.

  • Not sure "hacker" is the right word (Score:4, Insightful)

    by 93 Escort Wagon ( 326346 ) on Friday October 07, 2011 @01:42PM (#37641338)

    Shouldn't we instead be referring to "botnet operators" or some such? I'm not making the "hacker" versus "cracker" argument, since language and words are dynamic - but even if we just use hackers in the pejorative sense, we're talking about a much larger group than just the subset who run botnets.

Slashdot Top Deals

Always try to do things in chronological order; it's less confusing that way.

Close