How to wish you hadn't forced ipv6 adoption (was "How to force rapid ipv6 adoption")

Mark Andrews marka at isc.org
Fri Oct 2 04:18:58 UTC 2015


In message <560E00D4.7090400 at invaluement.com>, Rob McEwen writes:
> On 10/1/2015 11:44 PM, Mark Andrews wrote:
> > IPv6 really isn't much different to IPv4.  You use sites /48's
> > rather than addresses /32's (which are effectively sites).  ISP's
> > still need to justify their address space allocations to RIR's so
> > their isn't infinite numbers of sites that a spammer can get.
> 
> A /48 can be subdivided into 65K subnets. That is 65 *THOUSAND*... not 
> the 256 IPs that one gets with an IPv4 /24 block. So if a somewhat legit 
> hoster assigns various /64s to DIFFERENT customers of theirs... that is 
> a lot of collateral damage that would be caused by listing at the /48 
> level, should just one customer be a bad-apple spammer, or just one 
> legit customer have a compromised system one day.

A hoster can get /48's for each customer.  Each customer is technically
a seperate site.  It's this stupid desire to over conserve IPv6
addresses that causes this not IPv6.

> Conversely, if a more blackhat ESP did this, but it was unclear that 
> this was a blackhat sender until much later.. then LOTS of spam would 
> get a "free pass" as individual /64s were blacklisted AFTER-THE-FACT, 
> with the spammy ESP still having LOTS of /64s to spare.. remember, they 
> started with 65 THOUSAND /64 blocks for that one /48 allocation (Sure, 
> it would eventually become clear that the whole /48 should be blacklisted).
> 
> other gray-hat situations between these two extremes can be even more 
> frustrating because you then have the same "free passes" that the 
> blackhat ESP gets... but you can't list the whole /48 without too much 
> collateral damage.
> 
> SUMMARY: So even if you moved into blocking at the /64 level, the 
> spammers have STILL gained an order of magnitudes advantage over the 
> IPv4 world.... any way you slice it. And blocking at the /48 level WOULD 
> cause too much collateral damage if don't indiscriminately.
> 
> And this is assuming that individual IPs are NEVER assigned individually 
> (or in smaller-than-/64-allocations) . (maybe that is a safe assumption? 
> I don't know? regardless, even if that were a safe assumption, the 
> spammers STILL have gained a massive advantage)
> 
> -- 
> Rob McEwen
> +1 478-475-9032
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the NANOG mailing list