An IPv4 subnets owner, especially IP-provider that doesn’t use IPv4 addresses for it’s own IT-infrastructure, but willing to monetize it’s IPv4 address space by leasing it out, is often forced to confront abuses of IPv4 ranges use such as spam, botting, illegal announcements, phishing and other illegal activities. As a result of the inaction of IPv4 providers, a subnet can be blacklisted, or hijacked by unauthorized third parties. This also can become a nightmare for IPv4 owners who are willing to sell their IPv4 addresses, but can’t do it because nobody wants to buy IPv4 addresses at the average IP market rates. If a subnet is blacklisted or announced by hijacker, you can neither use subnet by yourself, nor lease it out, nor sell at a good price.
Given the above, we decided to write this short tutorial in 3 parts about IPv4 minimal security requirements, subnets monitoring and cleaning procedures.
In this part we will share the minimal security requirement to prevent spamming, hijacking and other illegal activities.
In the second part we will share the most important tools to monitor your internet number resources and autonomous systems on listings.
In the third part we will share the cleaning process tips for those who found his subnets blacklisted and describe the delististing procedure for 3 well-know blacklistings (Spamhaus, Hotmail, Yahoo).
IPv4 security – Challenges and Solutions
Challenge – Illegal IPv4 announcement. IPv4 Hijacking
If you don’t use IPv4 addresses, some persons can start to announce it for illegal activities. The risk to find your IPv4 subnet hijacked rises, if you publish your ranges on different marketplaces or web sources as unused: hijackers monitor such websites and can start to announce subnets marked as unused.
Set the RPKI to your ASN on all your IPv4 addresses, used and unused. The ROA will help to block announcements from all the invalid ASNs. In most cases this is enough to force the hijacker to drop the announcement, because 90% of data transmission will be lost.
To minimize the risk of IPv4 hijacking, we also recommend you, if possible, to announce all your subnets with your ASN. This will help you to prevent the hijack, because the hijacker is interested to find a subnet without announcements.
Challenge – prevention of Spamming, fishing and other illegal activities
You’re the IPv4 owner and would like to lease out your subnet, but afraid to become blacklisted? Please find below the useful tips to prevent it.
- Set the abuse-c to you or your IPv4 broker in the inetnum while creating the assignment to the end user.
- Register an account at Spamhaus.org and add your subnets. In this case you will always receive direct abuses from spamhaus.org
- Always check ASN of the end-user before the assignment with special tools (we will describe such tools in part 2)
- Periodically monitor your subnets with main listings
- Always set the RPKI to your customer’s ASN
- Legal documents: we recommend you to have in the contract between you and end user/broker the terms describing abuse policies.
Subscribe us in social media to keep in touch.