John Kristoff reached out to IAB:
I was wondering if the IAB could be interested to hold a workshop on the
challenges involving residential proxies (or proxies more generally)
that really have become one of the leading problems for ISP operations
and network abuse. I think I was last involved in the CARIS workshop,
and it would be similar to that sort of thing. Operators and
researchers could come together to discuss problems and proposals to
help deal with this phenomenon.
Residential proxy
Context
A growing issue around residential proxy, often built on compromised user devices. These are increasingly used for abuse and even nation-state activity, while the end user is typically unaware.
Examples discussed include large-scale botnet-backed proxy networks (e.g., Kimwolf).
Why
- For operators / ISPs
- Abuse appears to originate from legitimate subscriber IPs
- Leads to law enforcement requests, reputation damage, mitigation overhead
- For the ecosystem
- Industrial-scale abuse enabled (credential stuffing, click fraud, etc.)
- Blurs line between “legitimate” proxy use (CDN/crawling) and malicious use
- Trend
- Rapid growth (anecdotally very high, data pending)
- Increasing use of encrypted and decentralized infra (harder to disrupt)
Two main patterns:
- Exposed infrastructure
- Routers / IoT with open interfaces
- Compromised endpoints
- Malware turns devices into proxy nodes (often via embedded SDKs)
Next Step
- A technical IAB discussion to understand and decide possible next steps
References
John Kristoff reached out to IAB:
Residential proxy
Context
A growing issue around residential proxy, often built on compromised user devices. These are increasingly used for abuse and even nation-state activity, while the end user is typically unaware.
Examples discussed include large-scale botnet-backed proxy networks (e.g., Kimwolf).
Why
Two main patterns:
Next Step
References