Botnets buying up IPv4 address space

Jimmy Hess mysidia at
Fri Oct 7 23:57:45 UTC 2011

On Fri, Oct 7, 2011 at 6:47 PM, Benson Schliesser <bensons at> wrote:
> Granted, a seller that doesn't update Whois should be more worried about the reputation of the buyer. But regardless, it is incorrect to assume that "needs justification" will prevent bad actors from acquiring address blocks. Even bad actors can justify their need, and some of them might even (*gasp*) lie about it in order to get what they want. The result would look like a normal transfer (with justified need, a Whois update, etc) and yet would result in a bad actor becoming an address holder.
Yes....   I am completely conceded to the fact that some bad actors
will get all the addresses they want and more, in massive numbers.
And continue to manage to get new addresses to play with,
conveniently, as soon as their existing ones are blacklisted.

I believe they already get all the addresses they want inexpensively,
through lying to others or through illicit routing advertisements, and
IPv4 exhaustion will make it harder/more expensive for the bad actors
to "legitimately" get addresses that "look ok";   from the point of
view of  actually receiving the assignment, or the bad actor
announcing address space "nobody will notice".

Address exhaustion simply ultimately means there are a lot fewer
addresses for bad actors to play; and they will be competing for
scarce IP addresses against legitimate businesses,  resulting in
higher costs for bad actors attempting to utilize legitimate channels.

My suggestion is that the right solution is not to try to prevent bad
actors from getting addresses, but that the solution is for the bad
actors to get de-peered.

> Cheers,
> -Benson

More information about the NANOG mailing list