Dynamics of abusive IPv6 networks

Abstract

The exhaustion of available public IPv4 addresses has had a significant impact in an expanding, networked world and has led to increased adoption of IPv6. As IPv6 becomes more commonplace, it permits abusive and malicious parties to exploit both new and existing vulnerabilities. Among such vulnerabilities is abusive electronic messaging, or spam. To better understand the impact of spam utilizing IPv6 as its delivery protocol, this study focused on both real-world IPv6 spam collected from large production domain and IPv6 spam laboratory measurements. This study used various network traffic analysis tools to detect, classify, and associate IPv6 spamming behavior, both at the victim mail exchanger and among IPv6 wide-area routes. Furthermore, popular mail transfer agents were tested in an effort to profile their IPv6 behavior and correlate with spam obtained from the real world production domain. Results show that while IPv6 spamming behavior is growing, it is still in its infancy and no outstanding characteristics emerged that allow for definitive classification as a dominant IPv6 spamming behavior.