On Thu, Sep 30, 2010 at 11:34:16PM -0700, George Bonser wrote:
"Hijacking" of defunct resources is probably a widespread activity.
It is. A number of individuals and entities have been involved in tracking these over the years, and I've seen enough to figure out that it's common because it's relatively easy, it's likely to be undetected, it's likely to be ignored if detected, there are no significant penalties, and even if it all goes south: it's easy to start over and do it again.
How much address space is being wasted in this way?
A lot. Moreover, large chunks of address space are being wasted in this way: 1. Spammer sets up dummy front web-hosting/ISP company. 1a. (optional) Spammer sets up second-level dummy front. 2. Spammer gets ARIN et.al. to allocate a /20 or a /17 or whatever. 3. Spammer uses spammer-friendly registrar to purchase throwaway domains in bulk. (Sometimes the registrar IS the spammer. Cost-effective.) 4. Spammer populates the allocation with throwaway domains and commences snowshoe spamming. 4a. (optional) Spamming facilitates drive-by downloads, malware injection, browser exploits, phishing, and other attacks. 5. Anti-spam resources notice this and blacklist the allocation. So do large numbers of individual network/system/mail admins. 6. Return to step 1. It's instructive to consider who profits from each of these steps. A quick check of my (local, incomplete, barely scratch-the-surface) list of such things includes (and I've left out smaller and larger blocks, thus this is a pretty much a snapshot of the middle of the curve): /16's: 25 /17's: 20 /18's: 47 /19's: 73 /20's: 99 /21's: 88 /22's: 105 /23's: 198 /24's: 3245 for a total of about 6.6 million IP addresses. My guess is that this is likely a few percent, at best, of the real total: it just happens to be the set that brought itself to my attention by being sufficiently annoying to local resources. So I wouldn't be at all surprised to find that real total is in the 100M ballpark. So I've concluded that there really isn't an IPv4 address space shortage. Spammers have absolutely no problem getting allocation after allocation after allocation, turning each one into scorched earth and moving on. ARIN et.al. certainly have no interest in stopping them, and ICANN only cares about registrar profits, so there's no help coming from either of those. ---rsk