Consumer Electronics Daily was a Warren News publication.
IPv6 'Flourishing'

Cybercrime Seen Feeding Off IPv4; Solution Unclear

November 22, 2021 by Dugie Standeford|Top News

As demand and prices for IP version 4 addresses rise, cybersecurity threats are also increasing, IPv4 marketplace IPXO said. The price surge likely leads to increased cybercrime as crooks hijack and sell unused addresses in underground markets, said CEO Vincentas Grinius. The answer isn't to adopt IPv6 but to look to a more sustainable form of internet governance such as leasing IPv4 addresses, he said. IPv4 addresses are a problem if they're made available via carrier-grade network address translation (NAT), which uses a single address for multiple subscribers and can hide cybercriminals, said IPv6 Forum President Latif Ladid. Key industries use IPv6, he said.

The pool of unallocated IPv4 addresses was depleted in 2019, and devices needing IP addresses are growing, said IPXO. Transition to IPv6 "has been slow and inefficient, leading companies to pursue quick ways of expanding IP assets." The gap between supply and demand is causing businesses to engage in IPv4 black-market transactions. The addresses are sold at unregulated prices and may be more expensive than legal markets, an "incentive" that lures cybercriminals. Hijacking is exacerbated by companies hoarding unused IPv4 addresses, most of which aren't kept securely

One way to mitigate the cybercrime risk is to lease IP addresses, said IPXO: That allows them to re-enter the market, alleviating scarcity, and to be vetted, protecting against abuse and hijackings. But creating sustainable internet governance "is not just about IP leasing" but about engaging IP address holders to convert their legacy IPv4 space to fully functioning addresses, Grinius emailed. Europol recommended in 2017 that companies stop using carrier-grade NAT.

IPv6 adoption isn't the answer, Grinius said. A company that adopts the technology doesn't directly benefit because it has to use NAT to route IPv6 on top of IPv4. That requires "a large number of hardware resources" such as routers and switches to allow access to the entire internet, as IPv6 can currently access only 30% of it. Many telcos have "scrapped the idea of acquiring IPv6 entirely due to the amount of complex and time-consuming work needed to integrate it fully."

Leasing addresses "makes sense as long as the [top-level domain name] registries are involved and the IP addresses are registered" with a regional internet registry that can ensure the addresses are proper, Ladid said. He dismissed IPXO's claim that IPv6 isn't doing well as a "conspiracy theory:" It's "flourishing" and has reached 45% penetration. China, with its 523 million IPv6 users, and India, with 430 million, are "leading the IPv6 explosion." Moreover, Ladid told us, the U.S. government decided in June to move to the technology by 2025, with China and India following suit.