Where is the “vehicle history” check for IPv4 addresses?

Before buying a used car, prospective buyers can review vehicle histories through services such as the AA car data check.

The histories include information about the car’s condition, emissions results, the vehicle’s ownership and other information that helps consumers understand the risks and potential future costs of purchasing the car.

Now that new IPv4 addresses are history, there is a developing market for acquiring “used” IPv4 addresses. And like used cars, there are risks involved in acquiring these used addresses. So, where is the ‘vehicle history’ check for IPv4 addresses?

Reputation Follows Used IPv4 Addresses

When companies can buy used IPv4 addresses, they are also buying the reputation of that address. If an address was either knowingly or unknowingly part of a malware network, it likely has a negative rating that would be blocked by a typical acceptable use policy.

Without maintenance cycles, that previous history may reside in web filtering and reputation ratings systems long after the malware attack is over – sometimes for years. These old ratings can result in blocked pages when deployed by the new owner. Requests that are blocked will ultimately drive new ratings in static databases, but the frustration of being blocked for multiple days or longer has a high cost.

Often web filtering and reputation ratings solutions use human raters to continuously add new ratings but neglect to review existing ratings on a regular basis for quality control. The de facto practice is to wait for a complaint and then react with updated ratings.

Recently, the San Jose Public Library launched a new website only to find multiple web filtering solutions blocked it. The root cause was IPv4 addresses that were used in a web attack a few years ago. Cisco expanded its website with used IPv4 addresses and experienced the same issue – a leading web filtering solution blocked the new pages.

As long as new IPv4 addresses were available, this practice had minimal impact. As we now enter an era in which only used IPv4 addresses are available, the impact becomes more visible. The option of having human raters work late nights or a few weekends a month to review millions of ratings is futile.

The web is expanding too quickly with two-way publishing and new web services and applications for humans to keep pace with manual ratings. What’s more, the expansion of the web is creating large legacy ratings databases that are too large to review periodically for quality. IPv4 address reuse brings the issue to the forefront and puts new owners at risk of being blocked.

Real-time Ratings Improve Ratings Relevancy

Real-time rating technologies change the game. They not only rate new web content on the fly to protect users, but during off peak hours, they can re-rate existing ratings for quality control and greater relevancy.

If an IPv4 address was used as part of a web threat and that threat no longer exists, the negative rating should be removed. Or, if an IPv4 address was related to objectionable content (e.g. pornography) or unproductive content (e.g. games) but no longer is, these ratings should be removed as they are frequently blocked by acceptable use policies.

This need for real-time ratings takes on a new dimension in the face of dynamically generated web threats that poison search engine results to drive users to phishing attacks, fake anti-malware offers or fake software updates. Real-time ratings become paramount to quickly detect these machine-generated attacks and immediately protect users.

In the absence of vehicle history check for IPv4 addresses, buyers should beware. Knowing where an address came from and how it has been used will save a lot of headaches and costs down the road.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Nigel Hawthorn started working in the computing industry in 1980 and helped to introduce Omninet, a 1Mbps Local Area Network in 1982. He has since co-written a number of books and articles on high-speed networking, network security and Internet performance and presents regularly at industry forums. Nigel's experience includes product marketing, business development, consultancy and technical support. He spent two years working in California for 3Com, spearheading the introduction of the stackable hubs and switches, now the most common type of networking building blocks. He has also worked for other network manufacturers including 3Com and distributors in pan-European roles. Based in the UK, Nigel is in charge of the marketing and channel elements of Blue Coat’s activities in Europe, the Middle East and Africa, as well as Central and Latin America.