Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does IP address hijacking work and how can it be stopped?

IP address hijacking incidents are on the rise because IPs can be easily targeted. Expert Judith Myerson explains how these attacks work and how they can be prevented.

There appears to be a rise in network hijacking lately, specifically with IP addresses. How does IP address hijacking...

work? How can it be prevented?

The rise in IP address hijacking can partially be attributed to hackers who find the WHOIS database, for example, an easy target.

After making unauthorized changes to registration records, hackers hijack existing IP address ranges -- IPv4 and IPv6 -- from under the noses of the legitimate owners and the American Registry for Internet Numbers (ARIN). Legitimate IP address ranges issued prior to ARIN's inception in 1997 are easily hacked because they could not be revoked for lack of payment or for other reasons.

The data collected from IP address hijacking can be used for spamming and other illegal activities. Fake companies have been set up to sell billions of hijacked IP addresses. Fraud, forgery and identity theft are involved with these hijackings.

For example, in 2012, the Spamhaus Project became aware of spam being sent by one of the legal IP address ranges (147.50.0.0/16). It found that the original owner's contact information on WHOIS was updated to the hackers' information. Spamhaus was told that the real internet service provider (ISP) already closed the account due to nonpayment. The credit card was declined.

The ISP provided Spamhaus with emails from the fake owner. The emails showed this fake owner didn't know the real owner had passed away long before the hacker got to the real owner's records. The ISP recorded the IP address the fake owner used to log in to their customer portal, which belonged to a fake ISP. This fake ISP has been on the Spamhaus register of the top ten worst spammers.

To protect your networks from IP address hijacking, consider the Spamhaus DROP lists. In addition, ARIN has reported WHOIS hacking incidents to law enforcement agencies in an effort to reduce threats related to IP address hijacking.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Find out how to detect and prevent Border Gateway Patrol hijacking

Learn how the risk of domain name system attacks goes beyond websites

Discover more about the benefits of IPv6 connectivity progress

This was last published in April 2017

Dig Deeper on IPv6 security and network protocols security

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How does your organization defend itself against IP address hijacking?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close