Many malicious activities require a large number of IP addresses for altering user identities. It is well known that a large number of IP addresses could be obtained through compromising numerous machines and building botnets. However, we recently found that a special type of off-The-shelf virtual private server (VPS), which we refer to as dynamic VPSs, can retrieve a huge number of IP addresses using just a single virtual machine. Although dynamic VPSs are intended for legitimate purposes, whether they are actually misused in malicious activities has never been investigated. In this article, we take the first step to study dynamic VPSs, with an emphasis on their security implications. We reveal that dynamic VPSs are surprisingly and extensively involved in malicious activities, explore their internal working mechanisms, and suggest that the linkage of dynamic VPSs to the security domain deserves adequate attention.
Bibliographical noteFunding Information:
Acknowledgement This work was supported in part by the National Natural Science Foundation (61972313), Postdoctoral Science Foundation (2019M663725), CCF-NSFOCUS KunPeng Research Fund, and the Fundamental Research Funds for the Central Universities, of China.
© 1979-2012 IEEE.