B-3-P4FD9

An IP Address by any other name is just a bad actor...

Blog Post created by B-3-P4FD9 Employee on Apr 2, 2015

When you buy a used car, there are a number of services available to boost your confidence level that:

 

  1.   It is not stolen or bank owned
  2.   It is not going to break down a block away from the sales lot
  3.   It is what it is purported to be

 

But when you are assigned an IP address, or hop on to the Internet through a NAT’d WiFi access point, or from behind a cloud provisioned web proxy, Network owners and Site operators don’t have any such services…or do they?

 

  Associating an IP address with a bad actor permanently has been a mainstay of knee-jerk response, that despite being a wholly outdated paradigm for dealing with the problem, is still actively used today.  Many IP addresses which once exhibited suspicious behavior are blacklisted.  All too frequently, that blacklist is never culled again and suddenly there is a static list of a thousand or more IP addresses that are not so eloquently disallowed from accessing a web site.  This is a similar administrative behavior to whitelisting that described in a prior blog post: https://community.akamai.com/community/cloud-security/blog/2014/11/06/the-ugly-truth-behind-the-practice-of-ip-whitelisting

 

  Although being overly ambitious about blacklisting is a safer practice than forgetting about whitelists, from an end user perspective, this can be hugely frustrating if you have been assigned an IP address that was used for nefarious purposes in the past.  Worse, if you were the victim of malware that turned your machine in to a zombie that attacked a number of various websites, your own IP address may be tainted…forever on all of those sites.  Why is this?  Because it is an incredibly easy, low cost way for web sites to deal with the problem tactically and stop the bleeding.  Also, not everyone uses a Web Application Firewall like Kona Site Defender that allows them more flexibility than a sledgehammer going after a pesky gnat.  Blacklisting IPs however is just kicking the can down the road and continuing to operate in a firefighting mode with very few tools being utilized to properly address the problem.

 

  Akamai has introduced a number of technologies to help in this regard.  IP reputation for instance offers policy based filtering for IP addresses.  The sheer volume of Internet Traffic over the Akamai Intelligent Platform,  composition of Akamai’s customer base, and lens in to web security attacks, make for a very rich information source to tap in to w/o having to wait for a bad actor to come along and throw a brick through your virtual store window. 

 

  Similar to end users, companies can get caught up in the bad actor dragnet as well.  Shared IPs being used to deliver objectionable or illegal content say to the People’s Republic of China is a huge risk to Service Providers — both ISPs and CDNs, because the reaction is the same—blackhole the IP address or poison DNS responses of DNS CNAME lookups.  Now suddenly all of the good traffic is thrown in to the same bucket with the offending traffic, causing a ripple effect.  This is a huge issue for companies that offer content delivery services to end users and businesses that live or operate in the PRC.  But underlying enforcement approach  is the same—trust is only granted at a very granular IP address level, and restoration of trust if that IP has been associated with misuse or abuse is an uphill battle.  Sometimes an IP address has to just be laid to rest, which is ironic given the rapidly shrinking number of free IPV4 addresses.

 

  User anonymization services and cloud provisioned anonymous proxies face a similar dilema— users that truly want to remain anonymous because they don’t like sites knowing more about their shopping patterns or preferences than their closest friends and family get bucketed in to the bad actor pile that use such services to cloak their malevolence and malintent. 

When this happened recently to a company that suddenly found themselves blocked from accessing many of their own clients, the first thing that came to mind was:

 

“Be careful who you share your cloud with”

 

Akamai is THE original cloud, and we protect our customers through strict enforcement of our acceptable use policy, including what customers we are willing to do business with, and what kinds of traffic we are willing to take on to the platform.  As a global company we adhere to all local laws and restrictions including the oft-elusive regulatory directive of the Ministry of Information Industry.  Content delivered through the Akamai Intelligent Platform is what makes the Business Internet function reliably.  Trust in the Akamai brand, IP space, as well as products and services to deliver web content fast, reliably, and securely is what keeps us from being lumped together with bad actors. What can we deliver for you today?

Outcomes