Residential Proxies Successfully Evade IP Reputation Checks in 78% of 4 Billion Sessions
Residential Proxies Evade IP Reputation Checks in 78% of 4 Billion Sessions
According to a recent study conducted by GreyNoise, a cybersecurity intelligence platform, residential proxies pose a significant challenge to IP reputation systems.
Transient Nature of Residential Proxies
These proxies are nearly impossible to distinguish from legitimate users due to their transient nature and widespread use. They are used once or twice before disappearing, making it difficult for reputation systems to flag them.
Study Findings
- 39% of malicious sessions targeting the edge originated from residential networks.
- 78% of these sessions were undetectable to reputation feeds.
- The study analyzed a massive dataset of 4 billion malicious sessions over a three-month period.
- Approximately 89.7% of residential IPs were active in malicious operations for less than a month.
- Only 8.7% lasted two months, and 1.6% persisted for three months.
“The diversity of sources makes it challenging for reputation systems to flag and block malicious traffic.” – GreyNoise
Geographical Distribution of Residential Proxies
The source of the residential proxies was found to be distributed across:
- China
- India
- Brazil
Traffic from these countries follows human sleep patterns, dropping by a third at night.
GreyNoise’s Recommendations
In response to the findings, GreyNoise suggested that detection and mitigation strategies should focus on behavioral analysis rather than relying solely on IP reputation. The researchers proposed:
- Detecting sequential probing from rotating residential IPs.
- Tracking device fingerprints that survive IP rotation.
About Author
English