Botnets buying up IPv4 address space

William Herrin bill at
Fri Oct 7 19:32:43 UTC 2011

On Fri, Oct 7, 2011 at 2:11 PM, Joly MacFie <joly at> wrote:
>> Botnets buying up IPv4 address space
>>  (Threat Post)
> I'd welcome comments as to solutions to this. Or is it just scaremongering?


The author has drawn a relationship between a lot of unrelated things.

Hackers and spammers "rent" IP addresses all the time, and have done
so for two decades. It's called, "Here's my money for colo hosting
service and I need some IP addresses to go along with it." Nothing has
changed as a result of IPv4 depletion.

Botnets are hacked machines. They come with their own IP addresses
scattered about the globe and don't require any particular source. No
relation to IPv4 depletion and only tangentially related to the
"bulletproof hosting" that supplies IP addresses for the C&C servers.

As for auctioning IP blocks, my experience is that hackers don't
bother. If they want IP addresses beyond what the colo provider
offers, they steal them: find a block of addresses not routed on the
public Internet and forge LoAs they present to their ISP. They're
going to lose them anyway, so why bother paying money?

Bill Herrin

William D. Herrin ................ herrin at  bill at
3005 Crane Dr. ...................... Web: <>
Falls Church, VA 22042-3004

More information about the NANOG mailing list